CIDR Reject with reason(s)

DarkMatter

Hello community!

I am trying to:
a) reject messages based on CIDR rules, like for example 62.173.128.0/19
b) give a reason for the rejection, like for example “Your network has been blocked for spamming”
c) provide different reason for each CIDR reject

I prefer to reject messages with reason(s) than to block with firewall. Initially I started using the custom_postscreen_whitelist.cidr file, but this does not support giving any custom reason for the reject, other than the default “521 5.3.2 Service currently unavailable”

Method A (extra.cf)

I have seen the issue #5396, but I am not sure how to proceed. Is it enough to add to extra.cf one line like check_client_access cidr:/[path-to]/cidr_reject and create/populate the cidr_reject file with CIDR Ranges and reject reasons like:

# DEMO FILE
# Format: CIDR    action
62.173.128.0/19    REJECT Your subnet is blocked

Then do I need to restart anything?

Method B (global_smtp_from_blacklist.map)

Create/populate the file global_smtp_from_blacklist.map with CIDRs (like in DEMO FILE above) and then run on host docker compose exec postfix-mailcow postmap /opt/mailcow-dockerized/data/conf/postfix/global_smtp_from_blacklist.map
a) Would that work?
b) Is it advisable to do it like that?
c) Will it persist across host reboot and/or containers restarting?
d) Will it persist across Mailcow updates?

Method C (mailcow rspamd settings)

Maybe it can be done through System > Configuration > Options > Rspamd settings map by creating a new rule like

{
  "CIDR_BLOCKLIST": {
    "priority": "high",
    "apply": {
      "rules": ["CIDR_REJECT"]
    }
  },
  "CIDR_REJECT": {
    "action": "reject",
    "message": "You have been blocked for spamming",
    "expression": "from:cidr('/opt/mailcow-dockerized/data/conf/rspamd/custom/cidr_blocklist.map')"
  }
}

a) Would that work?
b) Is it advisable to do it like that?
c) Will it persist across host reboot and/or containers restarting?
d) Will it persist across mailcow updates?
e) How do I remove the rule when I no longer need it? Will there be a remove button? (currently I don’t have any rules so I don’t know what the UI will look like with rules)

Any other comments or suggestions, are welcome as always :-)