Firewall: Blocking a spammer's domain rather than the IP address?

Question

Level 1

0 points

Firewall: Blocking a spammer's domain rather than the IP address?

I'm getting regular attempts to send spam from my server, Always from the same domain (yahoo.com.tw) but always from different ip addresses.

postfix/smtpd[29936]: NOQUEUE: reject: RCPT from unknown[27.41.146.243]: 554 5.7.1 <mvtwtqqj57745@yahoo.com.tw>: Relay access denied;

The server is successfully denying relay attempts but I'd really like to block connections altogether from this domain. I had just been using the router firewall but have now also turned on the server firewall, as the advanced rules allow denying access to IP address groups However, endlessly adding new IP address to that denied group seems futile.

Is there any way to create a Firewall rule that simply blocks access from the 'yahoo.com.tw' domain?

OS X Server

Posted on Nov 18, 2012 12:18 AM

Reply

Answer 1

Linc Davis

Level 10

209,547 points

Nov 18, 2012 8:38 AM in response to moonlightbay

That connection attempt didn't come from yahoo.com.tw. The email address means nothing. This is not a job for the firewall, unless you want to use a whitelist.

Reply