Good timing. I was just trying to figure out why a domain on the
whitelist was still caught by an rbl when you sent this. Thank you.
To fix the issue, I have added an additional check_sender_access
smtpd_client_restrictions = check_sender_access
mysql:/etc/postfix/whitelist.cf,
check_sender_access
mysql:/etc/postfix/shortcircuit.cf,
reject_rbl_client dnsbl.sorbs.net,
reject_rbl_client b.barracudacentral.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client dnsbl-1.uceprotect.net,
reject_rbl_client dnsrbl.org,
reject_rbl_client bad.psky.me,
check_sender_access mysql:/etc/postfix/blacklist.cf
Contents of shortcircuit.cf:
user = postfix
password = foopass
dbname = postfix
query = SELECT 'OK' AS whitelist_action FROM whitelist WHERE
whitelist_domain = '%s'
hosts = 127.0.0.1
Michael Munger, dCAP, MCPS, MCNPS, MBSS
High Powered Help, Inc.
Microsoft Certified Professional
Microsoft Certified Small Business Specialist
Digium Certified Asterisk Professional
mich...@highpoweredhelp.com
On 11/28/2016 10:12 PM, Noel Jones wrote:
> On 11/28/2016 8:14 PM, Michael Munger wrote:
>
> ...
>> we simply changed the action
>> from "OK" to "FILTER relay:192.168.10.81". This means that inbound
>> mail, once it is discovered to be on a whitelist, is immediately
>> relayed to our Exchange server.
> No, the mail is not immediately relayed. It goes through the rest of
> the configured restrictions, is queued, and is then relayed to the
> next-hop specified by your FILTER statement. Of particular interest
> is that FILTER -- similar to DUNNO -- does not skip further checking
> such as rbl lookups or hostname restrictions.
>
> To both set the next-hop AND skip further postfix restriction
> processing, you need two check_sender_access tables; the first to
> return FILTER and the second to return OK to skip further checks.
>
>
>
> -- Noel Jones
