On Tue, Jun 03, 2014 at 08:55:46AM -0400, Wietse Venema wrote:
> mancyb...@gmail.com:
> > So i need a method of whitelisting ANY email that comes to domain.com,
> > however i need it to take place before any of the recipient
> > restrictions, they want no RBL or postgrey blocking at all.
>
> Birta Levente:
> > If you want to whitelist recipient domain you need to check recipient
> > access:
> >
> > http://www.postfix.org/postconf.5.html#smtpd_recipient_restrictions
> >
> > smtpd_recipient_restrictions =
> > reject_unauth_destination,
> > check_recipient_access somemapfile,
> > reject_rbl_client b.barracudacentral.org,
> > reject_rbl_client cbl.abuseat.org,
> > reject_rbl_client bl.mailspike.net,
> > check_policy_service unix:postgrey/socket
> >
> >
> > somemapfile:
> > domain.com OK
>
> This is correct, by placing the whitelist after reject_unauth_destination.
> Otherwise you would have an exploitable open relay.
Note, the "somemapfile" instance in the restriction list will need a
table type prefix.
...
check_recipient_access ${indexed}somemapfile,
...
with "indexed" defined in main.cf in the usual way:
indexed = ${default_database_type}:${config_directory}/
--
Viktor.
