NB: this post comes as a follow up to previous postfix guides, How to simply create a catchall e-mail and forward all e-mails to another address in Postfix and How to forward an e-mail address or a whole domain to /dev/null in Postfix. It should, this time, be self-sufficient, but maybe reading the previous guides can still be helpful.
I’ve been a victim of some rogue website who seemed to refuse to let me unsubscribe from their spammy newsletter (to which I’m fairly sure I never even subscribed in the first place), and rather than letting them fill my spam folder I thought I’d bounce them for a change (yes, sorry but the method I present will reject e-mails, not discard them silently like the /dev/null forwarding – I haven’t found a way to do that based on sender’s e-mail yet).
First, you need to create a database of senders and actions. We’ll keep it simple here:
nano /etc/postfix/sender_access (NB: I think the file name doesn’t matter)
Then in this file, put your reject rules like this:
email@example.com REJECT firstname.lastname@example.org REJECT
Then save it, and to turn it into a database for postfix to use, run:
Now open postfix’s configuration:
and configure this setting (check around to be sure, but probably you don’t already have it so you need to create it, for instance at the end of the file):
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access
Save it, then reload or restart postfix (
postfix reload or
postfix stop then
That’s all. You should maybe test it with one of your own e-mail addresses, and when an e-mail is properly rejected, you’ll receive an e-mail like:
This is the Postfix program at host karen.lavabit.com.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to If you do so, please include this problem report. You can The Postfix program <me @example.com>: host mail.example.com[184.108.40.206] said:
delete your own text from the attached returned message.
554 5.7.1 <patheticcockroach @example.com>: Sender address rejected:
Access denied (in reply to RCPT TO command)
If you do so, please include this problem report. You can
The Postfix program
<me @example.com>: host mail.example.com[220.127.116.11] said:
Bonus: to view the current postfix configuration:
- nixCraft – Postfix blacklist or reject an email address
- Postfix Configuration Parameters – smtpd_sender_restrictions
- LinuxQuestions – Postfix: how to reject incoming mail as in Sendmail’s “error:nouser”?
Update (2013-10-20): wildcards
Sometimes it can be useful to block a whole domain at once. However, it turned out that wildcarding doesn’t seem to work here as well as for the virtual_alias_maps. Never mind, it can be done using… regular expressions, of course. Since regular expressions are slower than a db query, I suppose the best setup is to mix both as needed, keeping the regular expression only for cases where they are needed, and keeping the “hash” database for the other cases. So, that’s 2 list files instead of one. smtpd_sender_restrictions becomes like:
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access,check_sender_access regexp:/etc/postfix/sender_access_regexp
Note that you don’t need to run postmap on the regexp file (because it’s read from plain file instead of from a database file).
Example line from
Some more info there: https://www.linuxquestions.org/questions/linux-server-73/block-emails-on-postfix-650144/
A more generic, brief postfix guide: http://wiki.centos.org/HowTos/postfix_restrictions
Interesting commands to test your config:
postconf -n: display current configuration (I assume this is the one loaded, in case you missed a
postmap -q "email@example.com" regexp:/etc/postfix/sender_access_regexp: test the given email against the rules in file
/etc/postfix/sender_access_regexp. Interesting because first you’ll see if it rejects what it should, plus it will display any error it may encounter in the file (like a malformed regular expression)