==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.5-1
- Linux/BSD distribution name and version: Ubuntu AWS EC2
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? No
- Related log if you're reporting an issue: Logwatch
====

Hello,

Below is a section from my recent Logwatch that I am curious about:

--------------------- Postfix Begin ------------------------

        9   *Warning: Map lookup problem

    1.511M  Bytes accepted                           1,584,524
    1.074M  Bytes sent via SMTP                      1,125,875
  668.854K  Bytes delivered                            684,906
   51.481K  Bytes forwarded                             52,717
========   ==================================================

       43   Accepted                                   100.00%
--------   --------------------------------------------------
       43   Total                                      100.00%
========   ==================================================

       41   Connections             
       41   Disconnections         
       48   Removed from queue     
       20   Delivered               
       26   Sent via SMTP           
        2   Forwarded               
    26243   Postscreen             

        2   Connection failures (outbound)
       11   TLS connections (server)
        3   TLS connections (client)

**Unmatched Entries**
        1   Oct  9 20:20:26 mail postfix/dnsblog[31520]: message repeated 17 times: [ addr 93.189.95.71 listed by domain zen.spamhaus.org as 127.0.0.4]
        1   Oct  9 08:26:51 mail postfix/dnsblog[2137]: message repeated 7 times: [ addr 93.189.95.71 listed by domain zen.spamhaus.org as 127.0.0.4]
        1   Oct  9 10:09:28 mail postfix/dnsblog[2136]: message repeated 9 times: [ addr 93.189.95.71 listed by domain zen.spamhaus.org as 127.0.0.4]
        1   Oct  9 13:51:45 mail postfix/dnsblog[4949]: message repeated 57 times: [ addr 93.189.95.71 listed by domain zen.spamhaus.org as 127.0.0.4]
        1   Oct  9 03:14:39 mail postfix/dnsblog[4949]: message repeated 29 times: [ addr 93.189.95.71 listed by domain zen.spamhaus.org as 127.0.0.4]
        1   Oct  9 05:30:12 mail postfix/dnsblog[2137]: message repeated 10 times: [ addr 93.189.95.71 listed by domain zen.spamhaus.org as 127.0.0.4]
        1   Oct  9 08:59:42 mail postfix/dnsblog[2136]: message repeated 17 times: [ addr 93.189.95.71 listed by domain zen.spamhaus.org as 127.0.0.4]
        1   Oct  9 15:34:05 mail postfix/dnsblog[2137]: message repeated 33 times: [ addr 93.189.95.71 listed by domain zen.spamhaus.org as 127.0.0.4]
        1   Oct  9 16:56:32 mail postfix/dnsblog[31520]: message repeated 16 times: [ addr 93.189.95.71 listed by domain zen.spamhaus.org as 127.0.0.4]
        1   Oct  9 08:58:59 mail postfix/dnsblog[2137]: message repeated 8 times: [ addr 93.189.95.71 listed by domain zen.spamhaus.org as 127.0.0.4]
        1   Oct  9 09:04:34 mail postfix/dnsblog[2137]: message repeated 6 times: [ addr 61.219.240.68 listed by domain zen.spamhaus.org as 127.0.0.4]
        1   Oct  9 10:56:27 mail postfix/dnsblog[2136]: message repeated 62 times: [ addr 93.189.95.71 listed by domain zen.spamhaus.org as 127.0.0.4]
        1   Oct  9 09:11:48 mail postfix/dnsblog[2137]: message repeated 6 times: [ addr 61.219.240.68 listed by domain zen.spamhaus.org as 127.0.0.4]
        1   Oct  9 14:37:49 mail postfix/dnsblog[4949]: message repeated 19 times: [ addr 93.189.95.71 listed by domain zen.spamhaus.org as 127.0.0.4]
        1   Oct  9 03:49:07 mail postfix/dnsblog[4949]: message repeated 24 times: [ addr 93.189.95.71 listed by domain zen.spamhaus.org as 127.0.0.4]
        1   Oct  9 01:41:40 mail postfix/dnsblog[2136]: message repeated 23 times: [ addr 93.189.95.71 listed by domain zen.spamhaus.org as 127.0.0.4]
        1   Oct  9 13:42:33 mail postfix/dnsblog[2136]: message repeated 9 times: [ addr 93.189.95.71 listed by domain zen.spamhaus.org as 127.0.0.4]
        1   Oct  9 21:45:24 mail postfix/dnsblog[31519]: message repeated 17 times: [ addr 93.189.95.71 listed by domain zen.spamhaus.org as 127.0.0.4]
        1   Oct  9 11:51:25 mail postfix/dnsblog[2137]: message repeated 9 times: [ addr 93.189.95.71 listed by domain zen.spamhaus.org as 127.0.0.4]
        1   Oct  9 04:55:55 mail postfix/dnsblog[2137]: message repeated 40 times: [ addr 93.189.95.71 listed by domain zen.spamhaus.org as 127.0.0.4]
        1   Oct  9 22:48:05 mail postfix/dnsblog[31520]: message repeated 10 times: [ addr 93.189.95.71 listed by domain zen.spamhaus.org as 127.0.0.4]
        1   Oct  9 04:10:54 mail postfix/dnsblog[2137]: message repeated 60 times: [ addr 93.189.95.71 listed by domain zen.spamhaus.org as 127.0.0.4]
        1   Oct  9 02:38:04 mail postfix/dnsblog[2137]: message repeated 8 times: [ addr 93.189.95.71 listed by domain zen.spamhaus.org as 127.0.0.4]
        1   Oct  9 09:12:18 mail postfix/dnsblog[2137]: message repeated 9 times: [ addr 61.219.240.68 listed by domain zen.spamhaus.org as 127.0.0.4]

...

If I understand correctly (please correct me if I am wrong) a spammer is attempting to connect to postfix from 2 IPs (93.189.95.71 & 61.219.240.68).

I want to blacklist these domains from being able to connect to my server at all so these unmatched entry errors do not even show up. What is the best way to ban these IPs?

I tried this but the errors keep showing up:

sudo vi /etc/postfix/sender_access.pcre

93.189.95.71     REJECT
61.219.240.68     REJECT