my relay server has got multiple relay domains and i want only exempt mails
to one particular domain from checking spamhaus; given below
smtpd_recipient_restrictions =
reject_non_fqdn_recipient
reject_non_fqdn_sender
reject_unknown_sender_domain
reject_unknown_recipient_domain
permit_mynetworks
reject_unauth_destination
check_recipient_access hash:/etc/postfix/roleaccount_exceptions
reject_non_fqdn_hostname
reject_invalid_hostname
check_client_access cidr:/etc/postfix/spam_cidr
check_helo_access pcre:/etc/postfix/helo_checks
reject_rbl_client zen.spamhaus.org
reject_rhsbl_sender dsn.rfc-ignorant.org
permit
where in this order i can put permit_auth_destination; if i put this all the
listed domains will get whitelisted? which i dont want
i'm learning postfix...
On Wed, Mar 18, 2009 at 7:32 PM, Victor Duchovni <
victor.ducho...@morganstanley.com> wrote:
> On Wed, Mar 18, 2009 at 12:56:48PM -0400, Wietse Venema wrote:
>
> > /dev/rob0:
> > > On Wed March 18 2009 03:06:40 Pascal Volk wrote:
> > > > > can i whitelist one domain from checking spamhaus ?
> > > > > thanks
> > > >
> > > > smtpd_recipient_restrictions =
> > > > ...
> > > > reject_unauth_destination
> > > > ...
> > > > check_client_access hash:/etc/postfix/whitelist_clients
> > > > check_sender_access hash:/etc/postfix/whitelist_senders
> > > > reject_rbl_client zen.spamhaus.org
> > > > ...
> > > >
> > > > /etc/postfix/whitelist_clients:
> > > > mailout.trusteddoma.in OK
> > > > # or ip address of trusted hosts
> > > >
> > > > /etc/postfix/whitelist_senders:
> > > > u...@trusteddoma.in OK
> > >
> > > Some comments I would add:
> > >
> > > 1. I consider it best practice to use "permit_auth_destination" rather
> > > than "OK" for whitelisting. That's an extra safety check in case you
> > > accidentally put smtpd_recipient_restrictions in the wrong order.
> >
> > That is a good point. I wonder how much would break with
> >
> > /etc/postfix/main.cf
> > restriction_classes = ok [... other names ...]
> > ok = permit_auth_destination
>
> Well, "check_client_access" and "check_recipient_access" may not work
> correctly at sites where these are used to permit access for additional
> clients or to additional recipients. Should be safe in most cases.
>
> --
> Viktor.
>
> Disclaimer: off-list followups get on-list replies or get ignored.
> Please do not ignore the "Reply-To" header.
>
> To unsubscribe from the postfix-users list, visit
> http://www.postfix.org/lists.html or click the link below:
> <mailto:majord...@postfix.org?body=unsubscribe%20postfix-users>
>
> If my response solves your problem, the best way to thank me is to not
> send an "it worked, thanks" follow-up. If you must respond, please put
> "It worked, thanks" in the "Subject" so I can delete these quickly.
>
