How to create private blocklist

How to create private blocklist

This will create a blocklist that will apply to sender from for all email received by the server:

Create the rules list file:

$ sudo nano /etc/postfix/sender_access

Add to the file the desired action or actions:

username@example.com	DISCARD
example.net				DISCARD

Note that the DISCARD option will recieve the mail to the server and silently delete it without delivering to any inboxes. This is generally preferable to the REJECT option which will send a message to the sending server that the message was blocked, which the server commonly will generate a response message back to the user sending the message.

For more details and options on the sender_access file, see access(5).

Create a database file:

$ sudo postmap /etc/postfix/sender_access

Edit main.cf:

$ sudo nano /etc/postfix/main.cf

Add the check_sender_access table to smtpd_relay_restrictions:

smtpd_relay_restrictions=permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,check_sender_access hash:/etc/postfix/sender_access

restart postfix:

$ sudo service postfix restart

Emails sent to the server with username@example.com or example.net in the from field will now be silently discarded.

Note to check that MiaB has not commented out the edited line after MiaB updates or when running any mailinabox or related scripts, but system updates (e.g., unattended-upgrades, apt or apt-get) should not alter the file.

While this should work generally well with MiaB, the configuration may conflict with other configurations due to the nature of how postfix evaluates smtpd_relay_restrictions and smtpd_recipient_restrictions. If you experience unexpected problems after following this guide and determine they are related to this configuration, please post a new topic in the Unsupported Modifications category.

I am curious why DISCARD would be preferable to REJECT? I personally see this as lowering oneself to the level of Micro$oft which routinely silently discards emails … wouldn’t it be preferable for a sender to know that their emails are being rejected?

Now, in the case of spam - sure, use DISCARD as that makes sense, but the way this is written leaves no room to differentiate between a user who is simply wanted to be ‘banned’ and one who is a spammer and is generally unwelcome.

This is a hand-curated list, whereas Microsoft, et al, use global configurations.

If you don’t want a specific username or domain emailing the server, best not alert them to switch to a different username or domain.

Aye, makes sense. Might I suggest that you make the distinction a bit more clear?

Or better yet, fully explain both options so that the end user can decide which is the most appropriate use for their situation.

Just as kinda ‘legal’ annotation:

An email is kinda unilateral declaration of intent.
If you REJECT a mail at SMTP level it’s never received, so its content is deemed irrelevant to you.
If you DISCARD a mail but send the “250 2.0.0 Ok: queued as…” its declaration will be seen as ‘received’ by you in some (many?) legislations*.
So one should be pretty sure no legit mail ever is a false positive when using DISCARD, which is the reason I usually prefer REJECT way over DISCARD.

* Compare it to a letter:
If it never reached you it’s to you as if the letter did not exist. Once you got it to your mailbox it’s irrelevant if you shred it unread or not - the judge will treat you as if you had read and understood the letters content (also see conduct implying an intent). IMHO rightfully.

I’ve implemented the above configs, rebooted several times, double-checked everything, and I still receive email from a user that I’ve blacklisted almost every day. Has some update rendered this function unusable?

As bdmacl said, I implemented the above configs, and it worked fine, but now for some reason I still receive emails from the blacklisted email address. Any other effective solution?

Worked for me, just took a little while to have effect (a few minutes).

It’s not a good idea to manually modify main.cf

You will experience git merge conflicts next time they release an update modifying this file.