postfix: check_client_access not working

Question

I want to block specific IP's, that try to login to my postfix server by smtpd. Therefore in the /etc/postfix/main.cf I added the following:

smtpd_client_restrictions =
    reject_rbl_client sbl.spamhaus.org,
    ...
    check_client_access hash:/etc/postfix/blacklist

My /etc/postfix/blacklist looks like that:

185.40.4.32     REJECT dont want spammers
80.82.78.96     REJECT dont want spammers
74.208.72.135   REJECT dont want spammers

Of course I created a /etc/postfix/blacklist.db by the command

sudo postmap /etc/postfix/blacklist

and restartet postfix.

But in /var/log/mail.log still the following appears:

Aug 28 13:32:08 server postfix/smtpd[5035]: warning: hostname hosted-by.hostgrad.ru does not resolve to address 185.40.4.32
Aug 28 13:32:08 server postfix/smtpd[5035]: connect from unknown[185.40.4.32]
Aug 28 13:32:13 server postfix/smtpd[5035]: warning: unknown[185.40.4.32]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Aug 28 13:32:13 server postfix/smtpd[5035]: lost connection after AUTH from unknown[185.40.4.32]
Aug 28 13:32:13 server postfix/smtpd[5035]: disconnect from unknown[185.40.4.32]

So obviously the client with the IP 185.40.4.32 still is not blocked. Does anybody have an idea, why?

score 5 · Accepted Answer · answered Sep 09 '15 at 05:18

With...

smtpd_delay_reject = no

it works. But think about this:

SMTP command specific restrictions that are described under the smtpd_helo_restrictions, smtpd_sender_restrictions or smtpd_recipient_restrictions parameters. When helo, sender or recipient restrictions are listed under smtpd_client_restrictions, they have effect only with "smtpd_delay_reject = yes", so that $smtpd_client_restrictions is evaluated at the time of the RCPT TO command.

score 1 · Answer 2 · edited Oct 26 '22 at 12:30

1

I had the same problem when I tried to use the .db format. I got successful REJECT when I used .cidr format. Like this:

check_client_access cidr:/etc/postfix/spammer_ip.cidr

Use this format for your .cidr records:

185.40.4.32     REJECT dont want spammers

edited Oct 26 '22 at 12:30

Valerio Bozz

1,176
16
32

answered Nov 13 '15 at 19:56

Don

21
1

I tried that already - only successful if "smtpd_delay_reject = no" is set. – Andre Nov 16 '15 at 12:38

score -1 · Answer 3 · edited Nov 18 '15 at 16:00

-1

I had this issue before and solved by adding at the end of main.cnf the following line

smtpd_sender_restrictions = hash:/etc/postfix/access

Dont forget to

postmap /etc/postifx/access

edited Nov 18 '15 at 16:00

rasso

2,131
3
21
24

answered Nov 18 '15 at 15:17

Marc

1

postfix: check_client_access not working

3 Answers3