Before implementing an access filter, please read the RHSBL Guide. A DNS-based RHSBL can provide your mail servers with the same anti-spam features as some access filters, while benefiting from immediate updates when entries are added or updated. RHSBLs will not completely replace access filter functionality, so please read the the RHSBL Guide for more information.
In order to enable access lists, you will have to enable one or more of the following in your main.cf configuration file:
smtpd_client_restrictions = check_client_access hash:/etc/postfix/maps/access_client
This file will contain a list of clients from which you do not want to receive any email.
smtpd_helo_restrictions = check_helo_access hash:/etc/postfix/maps/access_helo
This file will contain a list of hosts from which you do not want to accept helo information.
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/maps/access_sender
This file will contain a list of senders (email addresses or domains) from which you do not want to receive any email.
smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/maps/access_recipient
This file will contain a list of recipients (email addresses or domains) from which you do not want to receive any email.
Note that the proper way to implement these restrictions is listed in the SYSTEM CONFIGURATION (main.cf) section below. The above are simply a listing of some of the possible options for your smtpd restrictions. Many people also choose to merge all of the access files into one master file. This can save time in system administration, but there are many circumstances where you want to limit one item from one type of check but permit it in others. Please see the examples below for an understanding of how one entry in different applicable files can cause different results.
Note that the domain checks for the entries in check_client_access, check_sender_access, and check_recipient_access can be replaced by the use of an RHSBL(as described in the the RHSBL Guide ).
Some examples of entries in an access type file are as follows. Note that some entries have multiple functions dependant upon which restriction setting it applies to.
spamdomain.com 550 Your domain sends out too much spam.
If applied in access_client: This will reject any email that is sent using an IP address that maps to a .spamdomain.com address.
If applied in access_helo: This will reject any email from a server that identifies itself as a .spamdomain.com server.
If applied in access_sender: This will reject any email whose source address is @spamdomain.com.
If applied in access_recipient: This will reject any email whose destination is an address @spamdomain.com.
spamaddress@ 550 Your address sends out too much spam.
If applied in access_sender: This will reject any email whose source address starts with spamaddress@.
If applied in access_recipient: This will reject any email whose destination address starts with spamaddress@.