为什么不能用postfix黑名单禁止ip?

scr*_*apy 2 postfix blacklist

vim /etc/postfix/main.cf
smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/access
Run Code Online (Sandbox Code Playgroud)

在 /etc/postfix/access 中添加一些 ips

vim  /etc/postfix/access
86.111.171.141  REJECT 
191.96.249.63   REJECT
Run Code Online (Sandbox Code Playgroud)

重新启动后缀。

postmap hash:/etc/postfix/access
systemctl restart  postfix       
Run Code Online (Sandbox Code Playgroud)

几次之后。

tail  /var/log/maillog
Oct 30 10:18:45 localhost postfix/smtpd[3491]: connect from unknown[86.111.171.141]
Oct 30 10:18:45 localhost postfix/smtpd[3491]: warning: unknown[86.111.171.141]: SASL LOGIN authentication failed: authentication failure
Oct 30 10:18:46 localhost postfix/smtpd[3491]: disconnect from unknown[86.111.171.141]      
Oct 30 10:18:45 localhost postfix/smtpd[3491]: connect from unknown[191.96.249.63]
Oct 30 10:18:45 localhost postfix/smtpd[3491]: warning: unknown[191.96.249.63]: SASL LOGIN authentication failed: authentication failure
Oct 30 10:18:46 localhost postfix/smtpd[3491]: disconnect from unknown[191.96.249.63]
Run Code Online (Sandbox Code Playgroud)

为什么不能用postfix黑名单禁止ip?

Esa*_*nen 5

因为check_sender_access是一个smtpd_sender_restriction,因此,执行

MAIL FROM地址、域、父域或localpart@,并执行相应的操作。

如果您不想使用 Postfix 阻止 IP 地址,请查看smtpd_helo_restrictions, 。有可能check_helo_a_accessHELO/EHLO主机名的 IP 地址。记住 add smtpd_helo_required = yes,也可能是reject_unknown_helo_hostname