Hello,
Another solution is to use reject_rbl_client. Dnsbl.bit.nl maintains a
RBL by country code that is updated weekly. GeoIP data is sometimes
unreliable and can become stale.
See also:
https://noc.bit.nl/dnsbl/ascc/
"This zone contains data regarding the ISO3166 countrycode and BGP
Autonomous System for any given IPv4 or IPv6 address. Every wednesday,
RIR allocation statistics are downloaded for the RIPE, ARIN, APNIC,
LACNIC and AFRINIC regions and this data is combined with a route-dump
of the default free zone, as seen from AS12859."
IE:
reject_rbl_client cn.ascc.dnsbl.bit.nl
Jan 5 16:52:42 c3p0 postfix/smtpd[54656]: NOQUEUE: reject: RCPT from
unknown[223.72.236.134]: 554 5.7.1 Service unavailable; Client host
[223.72.236.134] blocked using cn.ascc.dnsbl.bit.nl; AS=56048 CC=CN
URL=http://noc.bit.nl/dnsbl/ / AS=9808 CC=CN
URL=http://noc.bit.nl/dnsbl/; from=<reta...@cmbc.com.cn>
to=<supp...@reverse.net> proto=ESMTP helo=<cmbc.com.cn>
Matthew
On 1/5/2019 4:15 PM, Matt Anton wrote:
Hello,
A simpler solution would be using a cidr access map from
<http://ipdeny.com/ipblocks/data/countries/> that match netblocks you allow in
master.cf for submission (or smtps if using the legacy SMTPS service on port 465)
service with smtpd_client_restrictions, eg.:
