On 11/24/2015 4:38 PM, Homer Wilson Smith wrote: > > Dear Gentle Folk, > > Postfix rocks! > > Running postfix 2.8.2 > > I was using reject_unknown_reverse_client_hostname for many years. > > But too much spam was getting through and bogging my barracuda to > its knees with delayed mail etc. This is AFTER greylisting! > > I am now using reject_unknown_client_hostname and it cut my > spam by > 90 percent. and my customers are VERY happy not to mention my > barracuda > which breezes through the remaining spam. > > When a customer complains that some mail is not coming through, I > look up the client IP in /var/log/mail and I whitelist the client IP, > and everyone is happy, until the next one. So far after a month of > using this I have only had to whitelist 6 incoming servers who are > misconfigured but not spammers. > > Because sometimes these incoming mails are mission critical orders > to large multimillion dollar clients of mine, I wish to be able to > allow > them to get their orders without removing the stricter rule for > everyone. > > I wish to be able to whitelist not the client IP as a whole, but > whitelist a recipient address, either by domain or exact address, such > that for them, the client rule is not obeyed, but all other ones are. > > As an aside it would be useful if for each rule, there could be an > associated (possibly) delayed whitelist. > > I don't fully understand how this works or could work. > > Ideally in the smtpd_CLIENT_restrictions, I would like to be > able to say if recipient is ho...@lightlink.com, whitelist him from > > reject unknown client hostname but not > reject unknown reverse client hostname > > That's probably asking too much, but the main goal is: > > If mail comes into ord...@domain.com, to bypass the reject unknown > client hostname. > > How about something like this: > > smtpd_CLIENT_restrictions= > reject_unknown_reverse_client_hostname <- applies to everyone > check_RECIPIENT_access hash:/etc/postfix/unknown_client_override > reject_unknown_client_hostname <- applies to those not in the file >
Yes, that will work, as long as you keep the default "smtpd_delay_reject = yes". -- Noel Jones
