On Sun, 2009-06-28 at 14:38 -0500, Noel Jones wrote:
> Steve wrote:
> > Hi,
> >
> > I've been looking at some archive posts regarding white listing by
> > intended recipient domain.
> >
> > Say for example I wish to white list any incoming mail for:
> > b...@example.com - is this actually possible?
>
> Yes, this is one reason some people like to put all their
> restrictions under smtpd_recipient_restrictions.
>
> >
> > Thinking about the stages of the SMTP conversation this is not going to
> > be available until the RCPT TO is given, so any white list (if it is
> > possible) would need to go in smtpd_recipient_restrictions. That is what
> > common sense would tell me.
>
> With the default smtpd_delay_reject=yes, recipient information
> is available during smtpd_{client, helo, sender}_restrictions.
>
> But then you have to specify your whitelist multiple times.
> It's usually easier to just put all your restrictions in
> smtpd_recipient_restrictions.
>
> >
> > I can already see that any earlier client, helo or sender restrictions
> > probably can't be white listed by recipient domain - but should it work
> > at the smtpd_recipient_restriction level?
> >
> > Perhaps what I am actually asking is;
> >
> > Should this work?
> > Could it be extended to effect a whole domain (not just b...@example.com,
> > but *...@example.com)
>
> Yes, you can whitelist a whole domain. See the access(5) man
> page for details. Your lookup table would contain
> example.com OK
>
> > In lieu of smtpd_delay_reject = yes could this be applied to earlier
> > restrictions?
>
> The default setting of smtpd_delay_reject=yes is required if
> you want to whitelist recipeints during
> smtpd_{client,helo,sender}_restrictions.
>
> But it's easier to just put all your restrictions under
> smtpd_recipient_restrictions.
>
> Oh, be sure to put any whitelists after
> reject_unauth_destination, such as:
> smtpd_recipient_restrictions =
> permit_mynetworks
> permit_sasl_authenticated
> reject_unauth_destination
> ... whitelist goes here ...
> ... UCE checks here ...
>
>
>
> -- Noel Jones
Thanks you kindly Noel. Much appreciated.
