Score:0

Postfix smtpd_client_restrictions with check_client_access not working

cd flag

I suddenly receive many spam mails per day and I’m trying to filter the source by IP.

In my main.cf file I have this:

smtpd_client_restrictions = 
        check_client_access cidr:/etc/postfix/blacklist,
        permit

and in this blacklist file I have IP addresses and networks defined in the following way according to https://linux.die.net/man/5/access. I don’t filter by domain name since every spam has a different domain name.

1.2.3.4  REJECT Blacklisted
5.6.7    REJECT Blacklisted

I used cdbpreviously and it was working perfectly, except for networks (5.6.7). I switched to cidr which is apparently recommended, but I still get spam although the network is in my blacklist file.

I did the sudo postmap /etc/postfix/blacklist && sudo postfix reload after adding the network to the blacklist file, but it didn’t filter the spam mail.

Score:1
fr flag
anx

Specify explicit network mask.

The syntax for the cidr table is different from simpler indexed files (such as DB or DBM), it expects an explicit mask - and uses it to allow for much nicer representation of blocks smaller or bigger than /8 /16 /24.

# network_address/network_mask result
192.0.2.0/24     REJECT Blacklisted
203.0.113.128/28 REJECT Blacklisted

Test your file using postmap -q:

# postmap -q 203.0.113.144 cidr:/path/to/example.cidr
# postmap -q 203.0.113.143 cidr:/path/to/example.cidr
REJECT Blacklisted

A warning will be emitted for syntax problems, no result will be printed for IPs not matching any listed network.

cd flag
Apparently my version of postfix doesn't support CIDR table. I tried that. The only thing that works (finally) is with CDB and with IP address defined as in access manual, 1.2.3.4 or 1.2.3 for subnets.
cd flag
Sorry, just checked again with `postconf -m` and cidr is supported. I had an error when I tried to use it. Cidr is definitely better. To generate the database, do you also call `postconf cidr:ip_to_blacklist` ?
anx avatar
fr flag
anx
@chmike The manual does not mention anything about `cidr` type tables making use of the `postmap`-generated indexed databases. Unsurprisingly, as the prefixes are checked in the order as specified in the table anyway.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.