This is very simple plugin for Postfix SMTP server to block access to service from IPs that are propagated by listed ASN (Autonomous system) numbers.
This script use ipinfo.io API with free account. If you run busy SMTP server, you may be required to buy paid plan.
I'm running small smtp server to host my personal emails. Since two months, my server is daily bombarded by connection from Spam Servers hosted by LayerHost and company doesn't reacted to any abuse notification. I know, that blocking entire network block belongs to hosting company may be drastic, but it works for me and may works for you.
Currently we have two versions of this plugin:
- asnblocker.sh - use data from ipinfo.io API. Thanks to @JaroslavHerber for version without
jq - asnblocker-0.2.sh - use
digas source of data. Updated by Juppers in 2024 (Many THANKS !!!)
- Clone repository to
/optdirectory. - Instal curl application on your system:
Debian/Ubuntu
sudo apt install -y curlor
sudo apt install -y curl dnsutilsRed Hat/CentOs/Rocky Linux/AlmaLinux 8,9
sudo dnf install -y curlor
sudo dnf install -y curl bind-utils- Create account in ipinfo.io and copy API token.
- Modify TOKEN variable in
asnblocker.shscript. - Add list of ASN numbers (one number per line) to
asn_list.txtfile. - Add below lines to the end of Postfix master.cf file:
asnblocker unix - n n - 0 spawn
user=asnblocker argv=/opt/asnblocker/asnblocker.sh
- Add below line to Postfix main.cf file under
smtpd_client_restrictions:
smtpd_client_restrictions =
...
check_policy_service unix:private/asnblocker
- Crete system user & group:
sudo adduser --quiet --system --group --no-create-home --home /nonexistent asnblocker- Restart postfix service by running command
systemctl restart postfix - Check your Postfix logs
The easiest way to get AS number of network which you want to block is by using whois service:
whois ip_address |grep "^OriginAS:"
OriginAS: ASxxxxxor you can use websites like https://who.is