diff --git a/docker/postfix/Dockerfile b/docker/postfix/Dockerfile
index 91ed027e4276772939c9374d201545b756fdfcbc..c5831bfdb0979585158bafc8c3e463b85f443c3f 100644
--- a/docker/postfix/Dockerfile
+++ b/docker/postfix/Dockerfile
@@ -4,11 +4,15 @@ FROM tozd/postfix:ubuntu-focal
 VOLUME /etc/sympa/shared
 
 RUN apt-get update -q -q && \
- apt-get install adduser dnsutils openssh-client opendkim opendkim-tools --yes --force-yes && \
+ apt-get install adduser curl dnsutils openssh-client opendkim opendkim-tools --yes --force-yes && \
  adduser --system --group mailpipe --no-create-home --home /nonexistent && \
  cp /etc/postfix/main.cf /etc/postfix/main.cf.orig && \
  cp /etc/postfix/master.cf /etc/postfix/master.cf.orig
 
  RUN echo '$IncludeConfig /etc/rsyslog.d1/*.conf' >> /etc/rsyslog.conf1
 
+RUN curl https://okean.com/sinokoreacidr.txt \
+	| sed -e 's/\(China\|Korea\)/REJECT Source IP blocked \1/g' \
+	> /etc/postfix/sinokorea.cidr
+
 COPY ./etc /etc
diff --git a/docker/postfix/etc/postfix/main.cf.append b/docker/postfix/etc/postfix/main.cf.append
index 792b7c41e3cf2819df879dd54e7f4a98418d388c..fd7c4fefa1848e0fc75559acf87b196a86f355b7 100644
--- a/docker/postfix/etc/postfix/main.cf.append
+++ b/docker/postfix/etc/postfix/main.cf.append
@@ -26,3 +26,4 @@ milter_default_action = accept
 milter_protocol = 6
 smtpd_milters = inet:localhost:8892
 non_smtpd_milters = inet:localhost:8892
+smtpd_client_restrictions = check_client_access cidr:/etc/postfix/sinokorea.cidr