On 2017-03-08 Noel Jones wrote: > On 3/8/2017 2:53 PM, MRob wrote: >> Is there a best practices for exempting the postmaster/abuse address >> from certain smtpd_mumble_restrictions? > > The procedure to whitelist a recipient is to use a > check_recipient_access map prior to whatever rule might reject the > mail. If you have restrictions in each of the smtpd_*_restrictions > sections, then you must add your whitelist in each section. > Exactly how you order your restrictions and where you put the > whitelist may vary depending on your needs. > > Simple example assuming all your restrictions are in > smtpd_recipient_restrictions: > > # /etc/postfix/whitelist_recipients > postmas...@example.com OK > > # main.cf > smtpd_recipient_restrictions = > permit_mynetworks > reject_unauth_destination > check_recipient_access hash:/etc/postfix/whitelist_recipients > reject_unknown_... > reject_rbl_client ... > ... more restrictions ... > > Note: make sure your whitelist comes AFTER reject_unauth_destination > to prevent open-relay accidents. > http://www.postfix.org/SMTPD_ACCESS_README.html#danger
This is probably just personal preference, but in addition to whitelisting postmaster recipients I put a client blacklist before the whitelist where I block all clients who deemed sending spam to a postmaster address a good idea. Regards Ansgar Wiechers -- "Abstractions save us time working, but they don't save us time learning." --Joel Spolsky
