Use the postfix config files to block domains:-)
Postfix generally accepts all sender addresses. It might be needed in some rare cases to reject one sender addresses for some reason.
With postfix, there is the possibility to use the “check_sender_access” to set individual actions per sender address. For the list of recipients and their action, a mapping needs to be created in the form of a hash database file. First you need to create a text file. The name here is chosen based on the name of the setting but can also be named differently.
$ vi $FWDIR/conf/sender_access
Inside the file, the senders and actions are configured. The mapping table will match the “address pattern” to an “action”. The address pattern can be a full email address like firstname.lastname@example.org, a domain like “example.com” or even just the user part like “user@”. The second column in the file is the action.
# ADDRESS PATTERNS # ACTION
email@example.com 550 Blacklisted
The action can simply be REJECT or an SMTP error code followed by the text delivered back with the error code. More details about the possible actions can be found in the postfix man page under the section “REJECT ACTIONS”.
$ postmap $FWDIR/conf/sender_access
To create the database file from the text file, the postmap command is used. The command above creates a database file with the same name and a .db extension from the text file with the given name .
$ ls -1 $FWDIR/conf/sender_access*
With the access table in place, the sender check needs to be enabled in the smtpd part of postfix. This is done in the
smtpd_recipient_restrictions = check_sender_access hash:$FWDIR/conf/sender_access,..
The configuration item “smtpd_recipient_restrictions” defines the incoming restrictions for smtpd, which is the daemon listening for incoming connections. The “check_sender_access” option should be defined followed by the filename chosen for the database (without the .db extension). The above configuration example show only the config required for blocking of sender addresses. In the real “smtpd_recipient_restrictions” configuration line there are very likely a lot of other options as well.
Create the $FWDIR/conf/mta_postfix_options.cf file:
# touch $FWDIR/conf/mta_postfix_options.cf
Edit the $FWDIR/conf/mta_postfix_options.cf file:
# vi $FWDIR/conf/mta_postfix_options.cf
Add the desired parameters and read refer to official Postfix Configuration Parameters page.
smtpd_recipient_restrictions = check_sender_access hash:$FWDIR/conf/sender_access
In Smart Console install the Threat Prevention policy.
➜ CCSM Elite, CCME, CCTE