Wietse Venema a écrit : > /dev/rob0: >> On Wed March 18 2009 03:06:40 Pascal Volk wrote: >>>> can i whitelist one domain from checking spamhaus ? >>>> thanks >>> smtpd_recipient_restrictions = >>> ... >>> reject_unauth_destination >>> ... >>> check_client_access hash:/etc/postfix/whitelist_clients >>> check_sender_access hash:/etc/postfix/whitelist_senders >>> reject_rbl_client zen.spamhaus.org >>> ... >>> >>> /etc/postfix/whitelist_clients: >>> mailout.trusteddoma.in OK >>> # or ip address of trusted hosts >>> >>> /etc/postfix/whitelist_senders: >>> u...@trusteddoma.in OK >> Some comments I would add: >> >> 1. I consider it best practice to use "permit_auth_destination" rather >> than "OK" for whitelisting. That's an extra safety check in case you >> accidentally put smtpd_recipient_restrictions in the wrong order. > > That is a good point. I wonder how much would break with > > /etc/postfix/main.cf > restriction_classes = ok [... other names ...] > ok = permit_auth_destination > > This would change the meaning of OK such that it works like > permit_auth_destination in access(5) maps. It's a gross hack, but > then, restriction_classes was also a gross hack. >
I would suggest separating relay control from other checks. something like smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated