How to create private blocklist

How to create private blocklist

This will create a blocklist that will apply to sender from for all email received by the server:

Create the rules list file:

$ sudo nano /etc/postfix/sender_access

Add to the file the desired action or actions:

username@example.com	DISCARD
example.net				DISCARD

Note that the DISCARD option will recieve the mail to the server and silently delete it without delivering to any inboxes. This is generally preferable to the REJECT option which will send a message to the sending server that the message was blocked, which the server commonly will generate a response message back to the user sending the message.

For more details and options on the sender_access file, see access(5).

Create a database file:

$ sudo postmap /etc/postfix/sender_access

Edit main.cf:

$ sudo nano /etc/postfix/main.cf

Add the check_sender_access table to smtpd_relay_restrictions:

smtpd_relay_restrictions=permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,check_sender_access hash:/etc/postfix/sender_access

restart postfix:

$ sudo service postfix restart

Emails sent to the server with username@example.com or example.net in the from field will now be silently discarded.

Note to check that MiaB has not commented out the edited line after MiaB updates or when running any mailinabox or related scripts, but system updates (e.g., unattended-upgrades, apt or apt-get) should not alter the file.

While this should work generally well with MiaB, the configuration may conflict with other configurations due to the nature of how postfix evaluates smtpd_relay_restrictions and smtpd_recipient_restrictions. If you experience unexpected problems after following this guide and determine they are related to this configuration, please post a new topic in the Unsupported Modifications category.

1 Like

I am curious why DISCARD would be preferable to REJECT? I personally see this as lowering oneself to the level of Micro$oft which routinely silently discards emails … wouldn’t it be preferable for a sender to know that their emails are being rejected?

Now, in the case of spam - sure, use DISCARD as that makes sense, but the way this is written leaves no room to differentiate between a user who is simply wanted to be ‘banned’ and one who is a spammer and is generally unwelcome.

This is a hand-curated list, whereas Microsoft, et al, use global configurations.

If you don’t want a specific username or domain emailing the server, best not alert them to switch to a different username or domain.

1 Like

Aye, makes sense. Might I suggest that you make the distinction a bit more clear? :slight_smile:

Or better yet, fully explain both options so that the end user can decide which is the most appropriate use for their situation.