Hi, Since the smtpd_recipient_restrictions are "first match wins", you'll need to put the part that rejects the IP address before you permit_mynetworks.
Richard -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Keith Woodworth Sent: Saturday, November 29, 2003 11:36 PM To: [EMAIL PROTECTED] Subject: [IMGate] Blocking by IP in Postfix. I would like to know if there is a quick way to block a local IP address that is listed in mynetworks from sending mail. This is the currnt config: smtpd_recipient_restrictions = reject_unauth_pipelining, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_mynetworks, reject_unauth_destination, check_client_access hash:/etc/postfix/access, check_sender_access hash:/etc/postfix/access, check_helo_access hash:/etc/postfix/helo_hostnames.map, reject_non_fqdn_hostname, check_sender_access hash:/etc/postfix/spamlist_extended.map, check_sender_access hash:/etc/postfix/from_senders_bogus.map, check_sender_access hash:/etc/postfix/from_senders_mybogus.map, reject_maps_rbl, permit which weve used for quite a while now. Would I be able to put say bad_ip.map before permit_mynetworks like this: 192.168.1.1 REJECT so as to stop postfix from even starting a connection? Weve been having problems with customer machines being hijacked and then in turn they send out thousands of email via our SMTP machine to primarily AOL.com address space. But just tonite someone hit a few thousand yahoo.com address's and got us blocked. A royal pain as now I have to beg yahoo.com to white list our MX. I hope this would be a quick and dirty way so to speak just stop it long enough to track the customer down and stop the flow. Thanks for any ideas. Keith
