On 4/30/2015 9:27 AM, Rod K wrote: > On 4/30/2015 10:15 AM, Noel Jones wrote: >> On 4/30/2015 8:59 AM, Rod K wrote: >>> Postscreen is successfully blocking a lot of spam for us. Our DNSBL >>> settings are doing a great job, however I'm having one "false >>> positive." One of our customers does a bit of business with a >>> Chinese firm. Their rep from this firm is using the nefarious >>> 163.com as their service provider. Of course this is being >>> blocked. I do NOT want to allow 163.com as a whole to be >>> whitelisted (I'm getting 100s of connections/day from them and AFAIK >>> only this particular address is sending legit email.) >>> >>> Is there anyway to have postscreen allow just the one particular >>> address? >> >> postscreen knows the client IP address, nothing else. If the >> customer uses a particular IP address, you can whitelist it in >> postscreen_access_list. >> http://www.postfix.org/postconf.5.html#postscreen_access_list >> >> The alternative is to move the offending setting from postscreen to >> smtpd_sender_restrictions where you can whitelist by sender or >> client name. >> >> >> -- Noel Jones > That is what I thought. However, postscreen DOES have that > information eventually as it logs the reject with sender and recipient.
At the time the reject decision is made, only the IP is known. The collection of sender and recipient information is done by a stub smtp agent much later, as a logging convenience. This is intentional due to performance considerations and is unlikely to ever be changed. -- Noel Jones
