- ac3
- Tuesday, June 12th, 2007 at 6:28:19pm UTC
- I want to whitelist certain domains for the reject_unknown_reverse_client_hostname restriction, but still checking the following restrictions in this restriction class (check_policy_service, reject_rbl_client,...)
- I suppose the first one is incorrect, but the 2nd would work. Can someone verify this, or is there a better way to do it?
- smtpd_recipient_restrictions =
- reject_invalid_helo_hostname,
- reject_non_fqdn_sender,
- reject_non_fqdn_recipient,
- reject_unknown_sender_domain,
- reject_unknown_recipient_domain,
- reject_multi_recipient_bounce,
- permit_mynetworks,
- permit_sasl_authenticated,
- reject_unauth_destination,
- check_client_access hash:/etc/postfix/checks/whitelist
- reject_unknown_reverse_client_hostname,
- check_policy_service inet:127.0.0.1:10031,
- check_client_access pcre:/etc/postfix/checks/client_restrictions.pcre,
- reject_rbl_client rbldnsd-virbl.dnsbl.bit.nl.dnsbl,
- reject_rbl_client sbl.spamhaus.org.dnsbl,
- reject_rbl_client xbl.spamhaus.org.dnsbl,
- reject_rbl_client list.dsbl.org.dnsbl,
- reject_rbl_client multihop.dsbl.org.dnsbl,
- permit
- cat /etc/postfix/checks/whitelist
- xxx.xxx.xxx.xxx DUNNO # whitelisted ip 1
- xxx.xxx.xxx.xxy DUNNO # whitelisted ip 2
- smtpd_recipient_restrictions =
- reject_invalid_helo_hostname,
- reject_non_fqdn_sender,
- reject_non_fqdn_recipient,
- reject_unknown_sender_domain,
- reject_unknown_recipient_domain,
- reject_multi_recipient_bounce,
- permit_mynetworks,
- permit_sasl_authenticated,
- reject_unauth_destination,
- check_client_access pcre:/etc/postfix/checks/reject_unknown_reverse_client_hostname,
- check_policy_service inet:127.0.0.1:10031,
- check_client_access pcre:/etc/postfix/checks/client_restrictions.pcre,
- reject_rbl_client rbldnsd-virbl.dnsbl.bit.nl.dnsbl,
- reject_rbl_client sbl.spamhaus.org.dnsbl,
- reject_rbl_client xbl.spamhaus.org.dnsbl,
- reject_rbl_client list.dsbl.org.dnsbl,
- reject_rbl_client multihop.dsbl.org.dnsbl,
- permit
- cat /etc/postfix/checks/reject_unknown_reverse_client_hostname
- /xxx\.xxx\.xxx\.xxx/ DUNNO # whitelisted ip 1
- /xxx\.xxx\.xxx\.xxy/ DUNNO # whitelisted ip 2
- /.*/ reject_unknown_reverse_client_hostname
Update the Post
Either update this post and resubmit it with changes, or make a new post.
You may also comment on this post.
Please note that information posted here will expire by default in one month. If you do not want it to expire, please set the expiry time above. If it is set to expire, web search engines will not be allowed to index it prior to it expiring. Items that are not marked to expire will be indexable by search engines. Be careful with your passwords. All illegal activities will be reported and any information will be handed over to the authorities, so be good.