Hi Dominic,
Thanks for the reply. I think I got it to work the way I want it by using
check_sender_access instead of check_client_access in the
smtpd_recipient_restrictions section. Your suggestion got me
looking closely at different restrictions. I also found this postifx
restrictions howto:
https://wiki.centos.org/HowTos/postfix_restrictions
Thanks,
Roberto
On 28/01/17 01:19 AM, Dominic Raferd wrote:
On 27 January 2017 at 23:47, Roberto Fulgado <[email protected]> wrote:
Hi All,
First of all I wanted to let you know that I just recently started using
postfix as our
mail server. We've been using sendmail for a long time. I have a question on
RBL
whitelisting. I have done internet search on how to do it but I can't seem
to whitelist
some senders.
From what I understand, I can only white list mail server's FQDN
or it's IP address.
Is there a way to white list by sender's domain name and sender's
email address.
I suggest you visit http://www.postfix.org/postconf.5.html and search
for 'check_' this will show you the many types of whitelist that are
possible with the various restriction lists.
Regarding restriction lists, as I understand it emails are checked
against them in this order (if they exist):
1 smtpd_client_restrictions
2 smtpd_helo_restrictions
3 smtpd_sender_restrictions (normally 1-3 are all evaluated after
RCPT TO or ETRN)
4 smtpd_relay_restrictions (after RCPT TO)
5 smtpd_recipient_restrictions (after RCPT TO)
6 smtpd_data_restrictions (can reject at DATA)
7 smtpd_end_of_data_restrictions (can reject at END-OF-DATA)
8 smtpd_etrn_restrictions (can reject at ETRN)
In each restriction list that is specified in main.cf are a series of
access tests carried out in order, and in each of these access tests
an email's further progress depends on when/if it matches to a test in
which case an 'action' is carried out
(http://www.postfix.org/access.5.html), the common ones being:
REJECT: decisively reject the email
OK: any remaining checks in this access test and in this
restriction list are skipped - but not subsequent lists, to which the
email will be submitted
DUNNO : any remaining checks in this access test are skipped - but
not subsequent tests in this restriction list nor any subsequent
lists, to which the email will be submitted
Afterwards come non-restriction-list-based processing including:
header_checks (can only be processed after the mail
has been received, so is slower)
body_checks (ditto, and even slower)
content_filter e.g. amavis (very slow)
I can't think of an easy way to whitelist by the internal 'From:'
address because this can't be checked until header_checks which
however runs after all restriction lists (is this right?).
If I've said something wrong here hopefully someone will correct me
(and I will learn!)
Dominic
--
Roberto Fulgado
DM&T Service Ltd.
Tel: (905)731-0142 ext. 64
Email: [email protected]
---------------------------------------------------------------------------------
"I'd love to go out with you, but I've been scheduled for a karma transplant."
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
