On 12/23/2012 9:57 PM, Alex wrote:
> Hi,
>
>>> I've implemented postscreen with postfix-2.9.4 on fc17 and it is
>>> rejecting mail from alice.it and libero.it, which are apparently two
>>> ISPs in Italy. We receive a large number of messages that are rejected
>>> due to postscreen, but now we have one email address from each domain
>>> that we need to allow the ability to send to us.
>>>
>>> Is there no alternative to creating a postscreen access list that
>>> permits mail from the /24 for these domains just for these two users,
>>> then let spamassassin filter the junk? I'd also then have to whitelist
>>> the users in spamassassin as well.
>>
>> The purpose of postscreen is to block spambots regardless of what
>> email they send.
>>
>> You can exclude an entire IP address range with postscreen_access_list,
>> again, regardless of what email they send.
>>
>> For per-recipient exceptions use smtpd_mumble_restrictions or
>> postfwd.
>
> I haven't been able to find much available on the proper use for
> smtpd_mumble_restrictions. It doesn't seem to be documented with
> postscreen or the postconf page or even my postconf output.
smtpd_mumble_restrictions is shorthand for "use any of
smtpd_{client, helo, sender, recipient, data,
end_of_data}_restrictions."
I'm curious what postscreen rules you're using that are rejecting
mail from an ISP. (I'm not familiar with the two you mention, and
assume they aren't spammer-haven worthy of global blocking.)
>
> I'm already excluding entire ranges with a postscreen access list, but
> as I mentioned, I was hoping to avoid that, because there are only two
> legitimate users I'm concerned with, and dozens or more messages that
> would otherwise be spam rejected per day. I'd like to continue to be
> able to reject outright the spam and only permit messages from these
> two users.
>
> I also understand that organizations use separate IPs from those
> listed in their MX records -- that was my point. I have no way of
> knowing what those IPs are, except through trial and error, looking
> through logs and correlating them with addresses, etc.
Perhaps they publish SPF records, which were invented for this purpose.
$ host -t txt libero.it
libero.it descriptive text "v=spf1 ip4:212.52.84.101/32
ip4:212.52.84.102/31 ip4:212.52.84.104/29 ip4:212.52.84.112/29
ip4:212.52.84.192/32 ip4:212.52.84.43/32 include:blackberry.com ?all"
-- Noel Jones
