On 2017-03-08 15:23, Noel Jones wrote:
On 3/8/2017 2:53 PM, MRob wrote:
Hello all,
Is there a best practices for exempting the postmaster/abuse address
from certain smtpd_mumble_restrictions?
The procedure to whitelist a recipient is to use a
check_recipient_access map prior to whatever rule might reject the
mail. If you have restrictions in each of the smtpd_*_restrictions
sections, then you must add your whitelist in each section.
Exactly how you order your restrictions and where you put the
whitelist may vary depending on your needs.
Simple example assuming all your restrictions are in
smtpd_recipient_restrictions:
# /etc/postfix/whitelist_recipients
postmas...@example.com OK
# main.cf
smtpd_recipient_restrictions =
permit_mynetworks
reject_unauth_destination
check_recipient_access hash:/etc/postfix/whitelist_recipients
reject_unknown_...
reject_rbl_client ...
... more restrictions ...
Note: make sure your whitelist comes AFTER reject_unauth_destination
to prevent open-relay accidents.
http://www.postfix.org/SMTPD_ACCESS_README.html#danger
Thanks, Noel. Are there any admins with opinions where in the order is
best for postmaster/abuse whitelisting?