On 19 Nov 2018, at 5:24, Poliman - Serwis wrote:
Hello. I saw in logs that some non existent mailbox from client domain
hosted on google tries send some mail to existing mailbox in this same
domain. Non existent mailbox is used from IP's:
94.102.49.198
149.56.173.68
and both are blacklisted.
I need to block these IP addresses in Postfix and also I would like to
add
more blacklists to Postfix.
The most absolute and direct way to block specific IP addresses in
Postfix is (if you are using postscreen) via postscreen_access_list:
main.cf:
postscreen_access_list = cidr:/etc/postfix/postscreen-access
postscreen_blacklist_action = enforce
postscreen-access:
94.102.49.198/32 REJECT
149.56.173.68/32 REJECT
(Although I'd personally reject all of 94.102.48.0/20, as I've seen no
evidence of that network operator generating anything but malicious
traffic.)
If you're using an antique version of Postfix or don't have postscreen
enabled, you can instead do this:
main.cf:
smtpd_client_restrictions = [...],
check_client_access=cidr/etc/postfix/ip-access, [...]
/etc/postfix/ip-access:
94.102.49.198/32 REJECT
149.56.173.68/32 REJECT
Note that the "smtpd_client_restrictions" restriction list probably will
include other directives and that the order of directives in a
restriction list determines which ones actually act: a "PERMIT" or
"REJECT" from any directive causes Postfix to skip the rest of that list
and "REJECT" causes it to skip the logically subsequent restriction
lists.
