On Thursday 27 October 2011 03:43:26 IT geek 31 wrote: > > No, since that will only whitelist the sender part; > > smtpd_recipient_restrictions may still reject the message or the > > recipient(s). > > Put the sender check in smtpd_recipient_restrictions instead. > > So would this work: > > smtpd_recipient_restrictions = permit_sasl_authenticated, > check_sender_access hash:/usr/pkg/etc/postfix/sender_access, > reject_unauth_destination, reject_unauth_pipelining,
Sure it works, but it is not safe, as per the "dangerous use" issue mentioned yesterday: http://www.postfix.org/SMTPD_ACCESS_README.html#danger At the very least, this must come after reject_unauth_destination. A similar effect can be achieved using permit_auth_destination as the check_sender_access result, rather than permit or OK. > reject_rbl_client zen.spamhaus.org, check_policy_service > inet:127.0.0.1:10023, permit > > As in the minute it discovered an ok'd email address in > sender_access it would stop processing the rest of the checks and > permit it? Whitelisting by sender address is not safe, because the vast majority of all spam is sent using forged sender addresses. If you can find a better way to manage your whitelist, do. Or better yet, reduce the need for whitelisting by using only safe restrictions. -- Offlist mail to this address is discarded unless "/dev/rob0" or "not-spam" is in Subject: header