MBF Knowledge Base

How to block specific TLDs (Top-Level Domains) in Postfix

In main.cf, the smtpd_recipient_restrictions parameter can be used to specify restrictions specific to the sender address received with the "MAIL FROM" command.

From the postfix documentation, check_sender_access can be used to: "Search the specified access(5) database for the MAIL FROM address, domain, parent domains, or localpart@, and execute the corresponding action."

So we can create a PCRE (Perl Compatible Regular Expressions) table and specify which domains we'd like blocked there. Below is an example.

/etc/postfix/sender_access.pcre:
    /\.date$/ REJECT Mail from the TLD .date is not accepted
    /\.top$/  REJECT Mail from the TLD .top is not accepted
    /\.gq$/   REJECT Mail from the TLD .gq is not accepted

You would then point to this file in main.cf as follows,

/etc/postfix/main.cf:
    smtpd_recipient_restrictions =
        ...
        check_sender_access pcre:/etc/postfix/sender_access.pcre
        ...

Finally run the "postfix reload" command to update the config.