On Wed March 18 2009 03:06:40 Pascal Volk wrote:
> > can i whitelist one domain from checking spamhaus ?
> > thanks
>
> smtpd_recipient_restrictions =
> ...
> reject_unauth_destination
> ...
> check_client_access hash:/etc/postfix/whitelist_clients
> check_sender_access hash:/etc/postfix/whitelist_senders
> reject_rbl_client zen.spamhaus.org
> ...
>
> /etc/postfix/whitelist_clients:
> mailout.trusteddoma.in OK
> # or ip address of trusted hosts
>
> /etc/postfix/whitelist_senders:
> u...@trusteddoma.in OK
Some comments I would add:
1. I consider it best practice to use "permit_auth_destination" rather
than "OK" for whitelisting. That's an extra safety check in case you
accidentally put smtpd_recipient_restrictions in the wrong order.
2. check_sender_access is never really safe for whitelisting. Consider
the common scenario of a virus on a Windows machine, sending mail
purporting to be "from" the person who set up Outlook Express (or
whatever they call it now) on that machine. If that spam goes
direct-to-MX, it would likely be blocked by Zen.
3. If mailout.trusteddoma.in is listed in Zen, they have issues that
really do need to be addressed. Are you sure you want them
whitelisted? Whitelisting is a slippery slope, seldom the right
answer to the real problem.
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
