Rule to block domain
- Thread starter thiagotgc
- Start date
In that Context the regex is already anchored - try dropping the extra '^' and '$'
I hope this helps!
I hope this helps!
Very good!!
But how could I block when she is between points (.)
abc@top.xyz
or
avc@xyz.top.zyx
I left it that way.
Is correct?
Last edited:
Even with this rule, continuous receipt or regex error does not match.
(.*)\@.*top
It seems to me that this way, it catches correctly.
Do you think I may have problems?
Last edited:
Nowadays there are over 1,500 TLDs, I would be lucky if 50 of them were the source of legetimate emails we receive, so how do I block 1,500 TLDs I don't wish receive spam from?
In sendmail I just add a single line for each TLD or domain into /etc/mail/access and make a hash db from it.
eg.
live REJECT
top REJECT
com OK
I just want to be able to do that exact same thing in PMG
I know postfix can support an /etc/postfix/access file like that.
Can I do it in PMG or is it disabled?
In sendmail I just add a single line for each TLD or domain into /etc/mail/access and make a hash db from it.
eg.
live REJECT
top REJECT
com OK
I just want to be able to do that exact same thing in PMG
I know postfix can support an /etc/postfix/access file like that.
Can I do it in PMG or is it disabled?
In PMG the matching for domains is limted to that domain (and not to it's subdomains) - to match everything that ends in e.g. '.top' use a regex:
'.*\.top'
(they get anchored while matching in the system so this will match everything that matches '^.*\.top' )
You can do everything in PMG that you can do with plain postfix - you just need to use the templateing system to adapt the postfix configuration:
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_template_engine
I hope this helps!
Thanks, that seemed to work.
A recap of the steps involved for anyone interested.
I created the /etc/pmg/templates directory as the docs said to.
Copied /var/lib/pmg/templates/main.cf.in to it
Edited main.cf.in as follows
Code:
smtpd_sender_restrictions =
permit_mynetworks
reject_non_fqdn_sender
check_client_access cidr:/etc/postfix/clientaccess
check_sender_access hash:/etc/postfix/access
# check_sender_access regexp:/etc/postfix/senderaccessI disabled /etc/postfix/senderaccess which only had one line in it anyway and replaced it with my /etc/postfix/access table which has 1,363 lines in it.
Then I did postmap hash /etc/postfix/access to build the access.db database, (which you have to after each time you alter the access file).
Finally ran pmgconfig sync --restart 1 to make the new main.cf.in template take effect.
So now in /etc/postfix/access I have a bunch of REJECT lines for most of these newer TLDs the spam is coming from.
eg.
Code:
aaa REJECT
aarp REJECT
abarth REJECT
abb REJECT
abbott REJECT
abbvie REJECT
etc.In /var/log/mail.log I see entries that contain Sender address rejected: Access denied instead of Recipient address rejected: Service is unavailable (try later) which was what it was saying previously with just the blacklist regexp working, that suggests it's hitting the access.db first which is good.
If you read the Postfix access(5) man page, it's got a lot of features! http://www.postfix.org/access.5.html
Last edited: