On 12/3/2012 1:18 PM, Noel Jones wrote: > On 12/3/2012 12:40 PM, Chris wrote: >> Hi all. >> I've been asked to skip RBL checks for certain users on the domain. How can I >> do that without disabling the for everybody else? >> We're using virtual mailboxes on mysql. >> >> Thanks, >> >> Chris >> >> > > > Before we start, a reminder that SMTP doesn't have a good mechanism > for per-recipient policy. If a message has multiple recipients, > only one policy policy can be used, usually the more restrictive policy.
Nonsense, if the restrictions are done during the RCPT stage, you can reliably reject some recipients while accepting others. But I agree with the rest of your post. > > There are (in general) two ways to do this. Which you choose > depends on your needs. > > For a recipient that you want to never reject mail for, such as > abuse@ or sales@, add them to a whitelist before your UCE > restrictions. This example assumes all your UCE restrictions are > under smtpd_recipient_restrictions: > # main.cf > smtpd_recipient_restrictions = > permit_mynetworks > reject_unauth_destination > check_recipient_access hash:/etc/postfix/recipient_whitelist > ... other UCE checks ... > > # recipient_whitelist > grumpy_...@example.com permit_auth_destination > > ** IMPORTANT ** the check_recipient_access list must come /after/ > reject_unauth_destination to prevent open-relay accidents. > http://www.postfix.org/SMTPD_ACCESS_README.html#danger > > > > For finer control, eg. specifying which controls to use for a group > of users, use smtpd_restriction_classes. Further examples of > restriction classes can be found in the list archives. > http://www.postfix.org/postconf.5.html#smtpd_restriction_classes > http://www.postfix.org/RESTRICTION_CLASS_README.html > > > > > -- Noel Jones >
