Michael Christopher Robinson
2018-11-15 20:54:40 UTC
Nov 15 12:33:58 goose postfix/smtpd[7613]: NOQUEUE: reject: RCPT from
unknown[60.178.154.107]: 450 4.1.1 <
helo=<lnwomen.org>
Looking at the above log excerpt you can see that there was an attemptunknown[60.178.154.107]: 450 4.1.1 <
helo=<lnwomen.org>
to send me an email to a bogus user name. Is there a slick way to
dynamically catch 60.178.154.107 and block for say an hour? Maybe
I should wait till three similar messages from the same IP are logged.
Another problem, I don't want to accept email to
<someone>@goose.robinson-west.com, only to <someone>@robinson-west.com.
If I don't add $myhostname to $mydestination, I will get mail loops
back to myself messages in the future.
Do I need to write a perl script to catch the above in the maillog and
dynamically update a text file of ip addresses that should be blocked?
temp_blacklist:
60.178.154.107 REJECT
...
Did I get the syntax right for the text file I need to generate?
Should smtpd_sender_restrictions in main.cf be defined as follows:
smtpd_sender_restrictions=
permit_mynetworks,
check_sender_access hash:/etc/postfix/temp_blacklist,
check_sender_access hash:/etc/postfix/sender_access,
reject_unknown_sender_domain,
warn_if_reject reject_unverified_sender