From eaae65c0242783b96373b8de43b31e147c46bf17 Mon Sep 17 00:00:00 2001
From: David Beniamine <david.beniamine@tetras-libre.fr>
Date: Mon, 20 Dec 2021 15:54:02 +0100
Subject: [PATCH] Add SPAM IPs restrictions

---
 docker/postfix/Dockerfile                 | 6 +++++-
 docker/postfix/etc/postfix/main.cf.append | 1 +
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/docker/postfix/Dockerfile b/docker/postfix/Dockerfile
index 91ed027..c5831bf 100644
--- a/docker/postfix/Dockerfile
+++ b/docker/postfix/Dockerfile
@@ -4,11 +4,15 @@ FROM tozd/postfix:ubuntu-focal
 VOLUME /etc/sympa/shared
 
 RUN apt-get update -q -q && \
- apt-get install adduser dnsutils openssh-client opendkim opendkim-tools --yes --force-yes && \
+ apt-get install adduser curl dnsutils openssh-client opendkim opendkim-tools --yes --force-yes && \
  adduser --system --group mailpipe --no-create-home --home /nonexistent && \
  cp /etc/postfix/main.cf /etc/postfix/main.cf.orig && \
  cp /etc/postfix/master.cf /etc/postfix/master.cf.orig
 
  RUN echo '$IncludeConfig /etc/rsyslog.d1/*.conf' >> /etc/rsyslog.conf1
 
+RUN curl https://okean.com/sinokoreacidr.txt \
+	| sed -e 's/\(China\|Korea\)/REJECT Source IP blocked \1/g' \
+	> /etc/postfix/sinokorea.cidr
+
 COPY ./etc /etc
diff --git a/docker/postfix/etc/postfix/main.cf.append b/docker/postfix/etc/postfix/main.cf.append
index 792b7c4..fd7c4fe 100644
--- a/docker/postfix/etc/postfix/main.cf.append
+++ b/docker/postfix/etc/postfix/main.cf.append
@@ -26,3 +26,4 @@ milter_default_action = accept
 milter_protocol = 6
 smtpd_milters = inet:localhost:8892
 non_smtpd_milters = inet:localhost:8892
+smtpd_client_restrictions = check_client_access cidr:/etc/postfix/sinokorea.cidr
-- 
GitLab