At one time I tried to do it all in Postfix. It's all or nothing binary
operation of its Spam rules drove me to find another solution to Spam;
SpamAssassin. Now a triggered rule only adds to a Spamminess value, and
won't kill the message. I ultimately took almost all the rules out of
Postfix because I couldn't keep up with the false positives they created.
All the FQDN, MX, an A record checks were removed due to false positives...
The check_* restrictions implement white and black listing.
smtpd_recipient_restrictions =
check_recipient_access hash:$config_directory/smtpd-recipient-checks,
permit_mynetworks,
reject_invalid_hostname,
reject_unauth_destination,
check_recipient_access regexp:$config_directory/smtpd-recipient-checks.rx,
check_sender_access hash:$config_directory/smtpd-sender-checks,
check_sender_access regexp:$config_directory/smtpd-sender-checks.rx,
check_client_access hash:$config_directory/smtpd-client-checks,
check_helo_access hash:$config_directory/smtpd-helo-checks,
reject_unknown_recipient_domain
smtpd_data_restrictions =
reject_unauth_pipelining
Dan
-Original Message-
From: Menno van Bennekom [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 07, 2004 5:45 AM
To: users@spamassassin.apache.org
Cc: David Newman
Subject: SA vs. postfix main.cf
We run postfix 2.1.5_1,1 on FreeBSD 5.2.1, and use some RBL lists:
smtpd_recipient_restrictions =
...
reject_rbl_client opm.blitzed.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client proxies.relays.monkeys.com,
reject_rbl_client relays.ordb.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client sbl.spamhaus.org
We are seeing cases where mail is rejected because of the
RBL lists,
even when a sender is whitelisted in a recipient's SA
user_prefs file.
Is there any way to reverse the order of operations so that postfix
doesn't check with the RBL list when SA says a sender is OK?
You can't reverse the checks, but you can whitelist
addresses in Postfix.
I use the check_client_access to allow certain domains/ips
to send mail although they appear in RBL's. Just put them in
the access-file with 'OK'
on the end of the line. You can do the same with check_sender_access.
And make sure this check is done before the RBL checks, like:
smtpd_recipient_restrictions = reject_non_fqdn_sender,
reject_non_fqdn_recipient,
permit_mynetworks,
reject_unauth_destination,
check_client_access hash:/etc/postfix/client_access,
check_helo_access hash:/etc/postfix/helo_access,
check_sender_access hash:/etc/postfix/sender_access,
reject_rbl_client dynablock.njabl.org,
reject_rbl_client dul.dnsbl.sorbs.net,
reject_rbl_client cbl.abuseat.org
Regards
Menno van Bennekom