smtppostfix-mtasmtpclientsmtp-auth

postfix: check_client_access not working


I want to block specific IP's, that try to login to my postfix server by smtpd. Therefore in the /etc/postfix/main.cf I added the following:

smtpd_client_restrictions =
    reject_rbl_client sbl.spamhaus.org,
    ...
    check_client_access hash:/etc/postfix/blacklist

My /etc/postfix/blacklist looks like that:

185.40.4.32     REJECT dont want spammers
80.82.78.96     REJECT dont want spammers
74.208.72.135   REJECT dont want spammers

Of course I created a /etc/postfix/blacklist.db by the command

sudo postmap /etc/postfix/blacklist

and restartet postfix.

But in /var/log/mail.log still the following appears:

Aug 28 13:32:08 server postfix/smtpd[5035]: warning: hostname hosted-by.hostgrad.ru does not resolve to address 185.40.4.32
Aug 28 13:32:08 server postfix/smtpd[5035]: connect from unknown[185.40.4.32]
Aug 28 13:32:13 server postfix/smtpd[5035]: warning: unknown[185.40.4.32]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Aug 28 13:32:13 server postfix/smtpd[5035]: lost connection after AUTH from unknown[185.40.4.32]
Aug 28 13:32:13 server postfix/smtpd[5035]: disconnect from unknown[185.40.4.32]

So obviously the client with the IP 185.40.4.32 still is not blocked. Does anybody have an idea, why?


Solution

  • With...

    smtpd_delay_reject = no
    

    it works. But think about this:

    SMTP command specific restrictions that are described under the smtpd_helo_restrictions, smtpd_sender_restrictions or smtpd_recipient_restrictions parameters. When helo, sender or recipient restrictions are listed under smtpd_client_restrictions, they have effect only with "smtpd_delay_reject = yes", so that $smtpd_client_restrictions is evaluated at the time of the RCPT TO command.