How to "drop" mails instead of "reject" in MTA mode

What is your general issue? 
Because, rejecting is something, the MTA can do while SMTP Transmission. 

If you want to "drop" this: 
Try to build a ACL Rule from this sender IP and reject it. 

ah yes, that's the idea!

The reason I want to do this is: As far as I know with a "reject" the firewall sends an answer to the sender whereas a "drop" is silent. I think this is a security benefit because the potential attacker doesn't even know if their mail reached it's target. Or am I mistaken?

Mhm, I just tried to create an ACL rule. But it seems I can't add an email address, only a network. Am I looking at the wrong place?

EDIT

Ah sorry, I didn't read that you already wrote "add IP address of sender". Mhm, so It's not possible to add a mail address?

ah yes, that's the idea!

The reason I want to do this is: As far as I know with a "reject" the firewall sends an answer to the sender whereas a "drop" is silent. I think this is a security benefit because the potential attacker doesn't even know if their mail reached it's target. Or am I mistaken?

Mhm, I just tried to create an ACL rule. But it seems I can't add an email address, only a network. Am I looking at the wrong place?

EDIT

Ah sorry, I didn't read that you already wrote "add IP address of sender". Mhm, so It's not possible to add a mail address?

Try to add the DNS Record. Could be working. 

OK, I've created the ACL rule with a FQDN Host name (I suppose that's what you meant). I will report back how this worked.

Thanks!

Unfortunately, that didn't work.

The mails come from spameri@tiscali.it, so I added *.tiscali.it to an ACL drop-list. But the mails are still showing up as rejected in the SMTP logs...

But, whilst looking at the SMTP logs, I saw that MTA is capable of dropping mails - when they are found to be containing malware.

Can that not be enforced to any sender address I want?

Check the Source IP of this sender. 

Go to the SMTPd_main.log, filter for the sender and find the IP. 

Then create a ACL Rule for them and drop it on this level.

If this does not work, create a DNAT Blackhole Rule for this: https://docs.sophos.com/nsg/sophos-firewall/19.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/RulesAndPolicies/FirewallRules/FirewallRulesBlackHoleDNATRuleCreate/index.html 

By the way, CEMA would do this for you, by using the centralized approach. 

well, I checked, and it's a different IP from the one it was yesterday... And I don't want to block single IPs because I'm afraid that could also block legitimate mails...

So, I cannot simply drop sender addresses?

Sorry, I thought this was easier. ^^

The only way, supported by the MTA, is under General Settings. 

The rest are options on TCP level, which can cause other emails for being dropped.

OK, thank you. In that case I will keep it as is and "just" reject the mails via the MTA settings.

Thank you for all the help, tips and info!