Postfix 'access' File Format

l008com

Member

Reaction score: 2
Messages: 35

Theres this one goddamn ISP in Europe that is responsible for 95% of my spam. Some might say to block them in my firewall, but for many reasons, i'd rather REJECT them at the mailserver level and have them receive the failure notice from the server.

That's easy enough to do and I have blocked a few other hosts. But my PROBLEM is that it's not clear to me how you block specific ranges of IPs. You can do something like "24 REJECT" to block all of 24.x.x.x or "24.12 REJECT" to block all of 24.12.x.x. (to clarify, i'm talking about in the POSTFIX access file "/etc/postfix/access")

But I want to do things a little more complicated. Like blocking 24.150.0.0 through 24.150.128.0. But I can't figure out what format to use to do this, or even if it's possible.

This is what my file looks like now:
elekworld.com REJECT Knock-off Asian electronics suppliers are auto-rejected
elekworld.ltd REJECT Knock-off Asian electronics suppliers are auto-rejected
elekworld.cn REJECT Knock-off Asian electronics suppliers are auto-rejected
bizbee.com REJECT Knock-off Asian electronics suppliers are auto-rejected
bmsend.com REJECT SPAM Rejected
benchmarkemail.com REJECT SPAM Rejected
51.158 REJECT Scaleway blocked due to excessive SPAM
51.159 REJECT Scaleway blocked due to excessive SPAM
 

VladiBG

Daemon

Reaction score: 681
Messages: 1,399

You need to report them to the ISP at they abuse e-mail contact including the header of the spam e-mail. The ISP will take action and block the mail server that is sending the spam. If you don't receive response on the abuse e-mail, report the IP block owner to IANA.
 

hardworkingnewbie

Well-Known Member

Reaction score: 353
Messages: 354

I think the manual leaves not much room for interpretation:

NOTE: use the cidr lookup table type to specify network/netmask
patterns. See cidr_table(5) for details.
 

Jose

Daemon

Reaction score: 1,312
Messages: 1,533

I'm getting confused by the terminology maybe. When they refer to "cidr tables", does that just mean cidr format? So for example 24.0.0.1/16 is a "cidr table"?
Let's back up a little bit. I'm guessing your current filtering is configured like this:
Code:
smtpd_sender_restrictions = check_sender_access hash:/etc/mail/badsenders.db
And that you build the /etc/mail/badsenders.db using something like this postmap badsenders.in && mv badsenders.in.db badsenders.db.

You're going to need an additional table for CIDR matches:
Code:
smtpd_sender_restrictions = check_sender_access hash:/etc/mail/badsenders.db, check_sender_access cidr:/etc/mail/badcidrs.db
That is built with a new source file that looks something like this:
Code:
24.150.0.0/17 REJECT Infamous SPAM host
And that you build like this postmap cidr:badcidrs.in && mv badcidrs.in.db badcidrs.db.
 
Top