I have a zimbra 8.7.11 community edition server running on Ubuntu 14.04.5 LTS.
This particular mail server is getting attacked by @qq.com domain. The messages are randomized so that the from address and the server IP address that the messages are coming from are randomized.
Every 3rd or 4th message, the sender is and the IP address of the sending server also changes, so it's pointless to try and block the server's IP address.
I was trying to reject the messages at the postfix level using this file:
/opt/zimbra/conf/postfix_blacklist
format:
qq.com REJECT
@qq.com REJECT
*@qq.com REJECT
I ran postmap /opt/zimbra/conf/postfix_blacklist afterwards.
This does not seem to block or accept email addresses. This file seems to look at the host that the mesages are coming from.
So I tried editing this file:
/opt/zibmra/conf/postfix_reject_sender
adding
qq.com REJECT
@qq.com REJECT
*@qq.com REJECT
Then postmap /opt/zimbra/conf/postfix_reject_sender
Several thousand messages are still getting through.
What is the best way to block an entire domain?
EDIT: Here is a pastebin link to the results of $ postconf. There were more characters in the postfix configuration than are allowed here in this serverfault post.
Best Answer
I was able to fix this by adding the following to the zimbra configuration, which in turns updates postfix configuration.
Afterwards, the relevant postfix section looks like:
Since I have already created the /opt/zibmra/conf/postfix_reject_sender file, and postmapped it, the changes take effect after about a minute.
Then I started seeing these in /var/log/zimbra.log
The last thing to note is that the format for /opt/zimbra/conf/postfix_reject_sender is as follows:
Having just "qq.com REJECT" in postfix_reject_sender blocked any address that came from @qq.com.