On Mon, 3 Dec 2012 15:41:45 -0600 /dev/rob0 <r...@gmx.co.uk> wrote > On Mon, Dec 03, 2012 at 09:51:34PM +0100, Chris wrote: > > On Mon, 3 Dec 2012 13:26:25 -0600 /dev/rob0 <r...@gmx.co.uk> wrote > > > On Mon, Dec 03, 2012 at 07:40:24PM +0100, Chris wrote: > > > > I've been asked to skip RBL checks for certain users on > > > > the domain. How can I do that without disabling the for > > > > everybody else? > > > > > > If you're only using good, safe lists, you're only rejecting > > > mail which probably should be rejected. What is the goal? > snip > > > I've looked through the logs and the last couple of days spamcop > > has blocked most of the legitimate mail the users have been > > complaining about. We're currently checking against those lists: > > Ah, so there is your answer. No, I'd never use Spamcop for outright > rejection. I don't even believe that Spamcop recommends such use. > It's useful in a scoring system, such as postscreen, and I do use it > there. > > > smtpd_client_restrictions = > > permit_mynetworks, > > permit_sasl_authenticated, > > check_recipient_access hash:/etc/postfix/cidr_bypass, > > check_client_access cidr:/etc/postfix/cidr_checks, > > check_client_access cidr:/etc/postfix/cidr_asia, > > check_client_access pcre:/etc/postfix/fqrdns.regexp, > > reject_rbl_client bl.mailspike.net, > > I'm not familiar with this. If you are, and you are okay with their > listing and delisting policies, fine. Otherwise, don't use a DNSBL > unless you are familiar with their policies and the way it is run. > > > reject_rbl_client bl.spamcop.net, > > I would definitely take this out. > > > reject_rbl_client dyna.spamrats.com, > > reject_rbl_client noptr.spamrats.com, > > reject_rbl_client spam.spamrats.com, > > I'm not familiar with these lists either. Cute name. :) > > > reject_rbl_client zen.spamhaus.org, > > permit > > > > As far as I'm concerned, when a user starts nagging about this > > rejected message or that, I'll let him bypass the checks and deal > > with the spam himself. That is until he comes back crawling and > > begging for help :) > > Well, I still try to keep the spam out of my server. I don't want to > help spammers in any way. > > > I've looked into the classes definition. Where does the parameter > > go? Before 'permit_mynetworks'? > > I'm not sure what parameter you are talking about. If you are > interested in restriction classes, do take the time to read the > "Postfix Per-Client/User/etc. Access Control" document, a/k/a > RESTRICTION_CLASS_README.html . It probably has the answer to your > question. > --
Thanks. I'm already using a hash db to map users that opted out of greylisting in smtpd_recipient_restrictions. Map's in the form of u...@example.com OK Can I re-use the same list in the position Neil suggested?