Postfix Monitor Sent Mails and Block Domains

Check how many mails has been sent via postfix.

If the number is to big, it must be hacked by someone on some services.

sudo grep "status=sent" /var/log/mail.log | egrep -ve 'postfix/(cleanup|pickup|master|qmgr|smtpd|local|pipe)' | wc -l

Block email from domain

  • Create access control file /etc/postfix/sender_access DISCARD DISCARD REJECT
  • Update configure file /etc/postfix/
    smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access
  • Run postmap
    postmap /etc/postfix/sender_access
  • Restart postfix
    service postfix restart
  • Check the log /var/log/mail.log
    May 29 14:46:30 mail-gateway postfix/smtpd[1435]: NOQUEUE: discard: RCPT from mail-cisdd[]: <[email protected]>: Sender address triggers DISCARD action; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<>


Written on May 29, 2018