You can blacklist domains, IPs, IP blocks and hosts through regexp.
/etc/postfix/main.cf:
Code:
smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
etc....
check_client_access regexp:/etc/postfix/blacklist_clients
etc..
permit
/etc/postfix/blacklist_clients:
Code:
# IP
/^10\.10\.1\.2$/ REJECT UCE black-listed
# IP block
/^10\.10\.1/ REJECT UCE black-listed
# exact domain
/^example\.com$/ REJECT UCE black-listed
# everything in a domain
/example\.com$/ REJECT UCE black-listed
# specific hosts
/^uce-relay\.example\.com$/ REJECT UCE black-listed
Then reload postfix.
The best you can do is integrate postgrey, amavisd-new, spamassassin and clamav to make things easier for you and automatic. Postgrey would delay temporarily incoming mails to prevent zombies send their spam and while amavisd-new, spamassassin and clamav would check the messages and bring to quarantine junk ones.
Then from your quarantine, which I'm doing, I'm getting the lists of spam relay MTA/hosts to be listed in my regexp.
Also by adding the following simple parameters in your main.cf could reject several spam senders:
Code:
smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_invalid_hostname
reject_non_fqdn_hostname
-------------