On Mon, Dec 03, 2012 at 09:51:34PM +0100, Chris wrote: > On Mon, 3 Dec 2012 13:26:25 -0600 /dev/rob0 <r...@gmx.co.uk> wrote > > On Mon, Dec 03, 2012 at 07:40:24PM +0100, Chris wrote: > > > I've been asked to skip RBL checks for certain users on > > > the domain. How can I do that without disabling the for > > > everybody else? > > > > If you're only using good, safe lists, you're only rejecting > > mail which probably should be rejected. What is the goal? snip
> I've looked through the logs and the last couple of days spamcop > has blocked most of the legitimate mail the users have been > complaining about. We're currently checking against those lists: Ah, so there is your answer. No, I'd never use Spamcop for outright rejection. I don't even believe that Spamcop recommends such use. It's useful in a scoring system, such as postscreen, and I do use it there. > smtpd_client_restrictions = > permit_mynetworks, > permit_sasl_authenticated, > check_recipient_access hash:/etc/postfix/cidr_bypass, > check_client_access cidr:/etc/postfix/cidr_checks, > check_client_access cidr:/etc/postfix/cidr_asia, > check_client_access pcre:/etc/postfix/fqrdns.regexp, > reject_rbl_client bl.mailspike.net, I'm not familiar with this. If you are, and you are okay with their listing and delisting policies, fine. Otherwise, don't use a DNSBL unless you are familiar with their policies and the way it is run. > reject_rbl_client bl.spamcop.net, I would definitely take this out. > reject_rbl_client dyna.spamrats.com, > reject_rbl_client noptr.spamrats.com, > reject_rbl_client spam.spamrats.com, I'm not familiar with these lists either. Cute name. :) > reject_rbl_client zen.spamhaus.org, > permit > > As far as I'm concerned, when a user starts nagging about this > rejected message or that, I'll let him bypass the checks and deal > with the spam himself. That is until he comes back crawling and > begging for help :) Well, I still try to keep the spam out of my server. I don't want to help spammers in any way. > I've looked into the classes definition. Where does the parameter > go? Before 'permit_mynetworks'? I'm not sure what parameter you are talking about. If you are interested in restriction classes, do take the time to read the "Postfix Per-Client/User/etc. Access Control" document, a/k/a RESTRICTION_CLASS_README.html . It probably has the answer to your question. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
