I have a postfix/dovecot server running inside a docker container, and I would like to block some IP addresses from connecting to my SMTP server. I have the following in /etc/postfix/main.cf:
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks,
reject_unauth_destination, reject_unauth_pipelining,
reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname,
reject_unknown_recipient_domain, reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net
smtpd_client_restrictions = check_client_access hash:/etc/postfix/client_checks,
permit_mynetworks, permit_sasl_authenticated,
reject_unauth_destination, reject_unauth_pipelining
smtpd_sender_restrictions = reject_non_fqdn_sender,
reject_unknown_sender_domain, reject_authenticated_sender_login_mismatch
And in /etc/postfix/client_checks:
# Restrict which clients this system accepts SMTP connection from.
example.com REJECT No spammers
.example.com REJECT No spammers, from your subdomain
aaa.bbb.ccc.ddd REJECT Your IP is spammer
I also did:
$ postmap /etc/postfix/client_checks
And reloaded postfix.
But I still get in my logs:
Jan 30 10:42:39 mail postfix/smtpd[1443]: connect from unknown[aaa.bbb.ccc.ddd]
Jan 30 10:42:41 mail dovecot: auth: ldap(contact@mydomain.com,::1,<mc2QeU1HQAAAAAAAAAAAAAAAAAAAAAAB>): unknown user (SHA1 of given password: 20eabe)
Jan 30 10:42:44 mail postfix/smtpd[1443]: warning: unknown[aaa.bbb.ccc.ddd]: SASL LOGIN authentication failed: authentication failure
Jan 30 10:42:44 mail dovecot: imap-login: Aborted login (auth failed, 1 attempts in 3 secs): user=<contact@mydomain.com>, method=PLAIN, rip=::1, lip=::1, secured, session=<mc2QeU1HQAAAAAAAAAAAAAAAAAAAAAAB>
Jan 30 10:42:44 mail postfix/smtpd[1443]: disconnect from unknown[aaa.bbb.ccc.ddd]
As you can see, the server still goes through the login process, while I would like it to completely block the IP.
What did I do wrong?
