On 27 January 2017 at 23:47, Roberto Fulgado <[email protected]> wrote: > Hi All, > > First of all I wanted to let you know that I just recently started using > postfix as our > mail server. We've been using sendmail for a long time. I have a question on > RBL > whitelisting. I have done internet search on how to do it but I can't seem > to whitelist > some senders. > > > From what I understand, I can only white list mail server's FQDN > or it's IP address. > > Is there a way to white list by sender's domain name and sender's > email address. >
I suggest you visit http://www.postfix.org/postconf.5.html and search for 'check_' this will show you the many types of whitelist that are possible with the various restriction lists. Regarding restriction lists, as I understand it emails are checked against them in this order (if they exist): 1 smtpd_client_restrictions 2 smtpd_helo_restrictions 3 smtpd_sender_restrictions (normally 1-3 are all evaluated after RCPT TO or ETRN) 4 smtpd_relay_restrictions (after RCPT TO) 5 smtpd_recipient_restrictions (after RCPT TO) 6 smtpd_data_restrictions (can reject at DATA) 7 smtpd_end_of_data_restrictions (can reject at END-OF-DATA) 8 smtpd_etrn_restrictions (can reject at ETRN) In each restriction list that is specified in main.cf are a series of access tests carried out in order, and in each of these access tests an email's further progress depends on when/if it matches to a test in which case an 'action' is carried out (http://www.postfix.org/access.5.html), the common ones being: REJECT: decisively reject the email OK: any remaining checks in this access test and in this restriction list are skipped - but not subsequent lists, to which the email will be submitted DUNNO : any remaining checks in this access test are skipped - but not subsequent tests in this restriction list nor any subsequent lists, to which the email will be submitted Afterwards come non-restriction-list-based processing including: header_checks (can only be processed after the mail has been received, so is slower) body_checks (ditto, and even slower) content_filter e.g. amavis (very slow) I can't think of an easy way to whitelist by the internal 'From:' address because this can't be checked until header_checks which however runs after all restriction lists (is this right?). If I've said something wrong here hopefully someone will correct me (and I will learn!) Dominic
