# Postfix 'access' File Format



## l008com (May 14, 2022)

Theres this one goddamn ISP in Europe that is responsible for 95% of my spam. Some might say to block them in my firewall, but for many reasons, i'd rather REJECT them at the mailserver level and have them receive the failure notice from the server. 

That's easy enough to do and I have blocked a few other hosts. But my PROBLEM is that it's not clear to me how you block specific ranges of IPs. You can do something like "24 REJECT" to block all of 24.x.x.x or "24.12 REJECT" to block all of 24.12.x.x.  (to clarify, i'm talking about in the POSTFIX access file "/etc/postfix/access")

But I want to do things a little more complicated. Like blocking 24.150.0.0 through 24.150.128.0. But I can't figure out what format to use to do this, or even if it's possible. 

This is what my file looks like now:


> elekworld.com REJECT Knock-off Asian electronics suppliers are auto-rejected
> elekworld.ltd REJECT Knock-off Asian electronics suppliers are auto-rejected
> elekworld.cn REJECT Knock-off Asian electronics suppliers are auto-rejected
> bizbee.com REJECT Knock-off Asian electronics suppliers are auto-rejected
> ...


----------



## VladiBG (May 14, 2022)

You need to report them to the ISP at they abuse e-mail contact including the header of the spam e-mail. The ISP will take action and block the mail server that is sending the spam. If you don't receive response on the abuse e-mail, report the IP block owner to IANA.


----------



## hardworkingnewbie (May 14, 2022)

https://www.postfix.org/access.5.html section "HOST NAME/ADDRESS PATTERNS". 

You've got to enable the cidr_lookup in Postfix for network patterns to work.


----------



## l008com (May 14, 2022)

hardworkingnewbie said:


> https://www.postfix.org/access.5.html section "HOST NAME/ADDRESS PATTERNS".
> 
> You've got to enable the cidr_lookup in Postfix for network patterns to work.



I'm getting confused by the terminology maybe. When they refer to "cidr tables", does that just mean cidr format? So for example 24.0.0.1/16 is a "cidr table"?


----------



## hardworkingnewbie (May 14, 2022)

I think the manual leaves not much room for interpretation: 

 NOTE: use the *cidr* lookup table type to specify  network/netmask
              patterns. See *cidr_table*(5) for details.


----------



## Jose (May 14, 2022)

l008com said:


> I'm getting confused by the terminology maybe. When they refer to "cidr tables", does that just mean cidr format? So for example 24.0.0.1/16 is a "cidr table"?


Let's back up a little bit. I'm guessing your current filtering is configured like this:

```
smtpd_sender_restrictions = check_sender_access hash:/etc/mail/badsenders.db
```
And that you build the `/etc/mail/badsenders.db` using something like this `postmap badsenders.in && mv badsenders.in.db badsenders.db`.

You're going to need an additional table for CIDR matches:

```
smtpd_sender_restrictions = check_sender_access hash:/etc/mail/badsenders.db, check_sender_access cidr:/etc/mail/badcidrs.db
```
That is built with a new source file that looks something like this:

```
24.150.0.0/17 REJECT Infamous SPAM host
```
And that you build like this `postmap cidr:badcidrs.in && mv badcidrs.in.db badcidrs.db`.


----------

