On 2/1/2011 7:43 AM, sunhux G wrote: > > Our current way of blocking a spam address is by editing > access_sender & access_recipient & then reload postmap. > > From time to time we're given addresses that should never > be blocked but due to staff turnover & documentation not > up-to-date, an address that should never be blocked was > somehow blocked. > > Pardon me if this has been discussed before, > what's the best way to go about preventing such mistakes? > > Is there a whitelist file that we can enter addresses that should > never blocked so that even if this address is manually added > into access_sender & access_recipient, they will still not be > blocked (& possibly will be automatically removed from the > two files access_sender/recipient). > > If there's such a whitelist file, presumably there should be 2 > of them, one for sending & receiving. Let me know the full > directory path & filename of the whitelist files > Postfix does not allocate certain file names for access maps. You may have as many as you like, the only thing that matters is the order of the maps in the restriction class. The first match always wins, so put your whitelists before any blacklists.
I recommend using "permit_auth_destination" as the result for a whitelist due to your mentioned turnover rate. This will prevent any open relays if the whitelist is incorrectly placed in the chain of restrictions (in recipient restrictions before reject_unauth_destination)
