On Wed, Mar 18, 2009 at 12:56:48PM -0400, Wietse Venema wrote:
> /dev/rob0:
> > On Wed March 18 2009 03:06:40 Pascal Volk wrote:
> > > > can i whitelist one domain from checking spamhaus ?
> > > > thanks
> > >
> > > smtpd_recipient_restrictions =
> > > ...
> > > reject_unauth_destination
> > > ...
> > > check_client_access hash:/etc/postfix/whitelist_clients
> > > check_sender_access hash:/etc/postfix/whitelist_senders
> > > reject_rbl_client zen.spamhaus.org
> > > ...
> > >
> > > /etc/postfix/whitelist_clients:
> > > mailout.trusteddoma.in OK
> > > # or ip address of trusted hosts
> > >
> > > /etc/postfix/whitelist_senders:
> > > u...@trusteddoma.in OK
> >
> > Some comments I would add:
> >
> > 1. I consider it best practice to use "permit_auth_destination" rather
> > than "OK" for whitelisting. That's an extra safety check in case you
> > accidentally put smtpd_recipient_restrictions in the wrong order.
>
> That is a good point. I wonder how much would break with
>
> /etc/postfix/main.cf
> restriction_classes = ok [... other names ...]
> ok = permit_auth_destination
Well, "check_client_access" and "check_recipient_access" may not work
correctly at sites where these are used to permit access for additional
clients or to additional recipients. Should be safe in most cases.
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majord...@postfix.org?body=unsubscribe%20postfix-users>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
