Wietse Venema a écrit :
> /dev/rob0:
>> On Wed March 18 2009 03:06:40 Pascal Volk wrote:
>>>> can i whitelist one domain from checking spamhaus ?
>>>> thanks
>>> smtpd_recipient_restrictions =
>>> ...
>>> reject_unauth_destination
>>> ...
>>> check_client_access hash:/etc/postfix/whitelist_clients
>>> check_sender_access hash:/etc/postfix/whitelist_senders
>>> reject_rbl_client zen.spamhaus.org
>>> ...
>>>
>>> /etc/postfix/whitelist_clients:
>>> mailout.trusteddoma.in OK
>>> # or ip address of trusted hosts
>>>
>>> /etc/postfix/whitelist_senders:
>>> u...@trusteddoma.in OK
>> Some comments I would add:
>>
>> 1. I consider it best practice to use "permit_auth_destination" rather
>> than "OK" for whitelisting. That's an extra safety check in case you
>> accidentally put smtpd_recipient_restrictions in the wrong order.
>
> That is a good point. I wonder how much would break with
>
> /etc/postfix/main.cf
> restriction_classes = ok [... other names ...]
> ok = permit_auth_destination
>
> This would change the meaning of OK such that it works like
> permit_auth_destination in access(5) maps. It's a gross hack, but
> then, restriction_classes was also a gross hack.
>
I would suggest separating relay control from other checks. something like
smtpd_relay_restrictions =
permit_mynetworks
permit_sasl_authenticated
