Attempting to whitelist sender domain with DUNNO result

Fri, 28 Jul 2017 21:15:07 -0700

I suppose it was out of ignorance, but I've used 'OK' in the past to accept mail from specific domains that are blacklisted by Spamhaus or have partial DNS records.
Recently I came across several threads here that noted how this was a bad idea. Looking over the Postfix documentation I seemed to find confirmation of that. As a result, I've attempted to start using 'DUNNO' for whitelisting sender domains instead of 'OK'. I don't appear to be having any luck though, so I wanted to reach out and get confirmation that the DUNNO action applies to what I'm trying to do. 


I have all intentional spam control checks applied within the 
smtpd_recipient_restrictions section of the conf file.


Here are some of the checks applied:

smtpd_recipient_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,

    check_recipient_access 
proxy:mysql:/etc/postfix/mysql-recipient_access.cf,

    check_sender_access proxy:mysql:/etc/postfix/mysql-sender_access.cf,
    check_client_access proxy:mysql:/etc/postfix/mysql-client_access.cf,
    ...
    reject_rbl_client zen.spamhaus.org,
    reject_rbl_client b.barracudacentral.org,


From the log message (which seems to indicate working FCrDNS):

connect from vmta-b-80.listrak.com[66.216.179.80]

and then later:


NOQUEUE: reject: RCPT from vmta-b-80.listrak.com[66.216.179.80]: 554 
5.7.1 Service unavailable; Client host [66.216.179.80] blocked using 
zen.spamhaus.org; https://www.spamhaus.org/sbl/query/SBL340844; 
from=<d75h814d135dch4btoesis...@bounce.planttherapy.com> 
to=<y...@example.com> proto=ESMTP helo=<vmta-b-80.listrak.com>



I'm attempting to match on the planttherapy.com portion of the 'FROM' 
value by using 'planttherapy.com' as my left-hand value. I've used the 
'OK' right-hand value as a response in the past for domains I've wished 
to whitelist with the check_sender_access directive. Those entries still 
work well, though as I've mentioned earlier I now question whether I 
should be using 'OK' for whitelisting.



Thanks for reading this and any advice that you have.



References I consulted:

* http://www.postfix.org/access.5.html


* 
http://www.postfix.org/postconf.5.html#check_reverse_client_hostname_access



* 
http://postfix.1071664.n5.nabble.com/check-client-access-won-t-check-hostname-td86126.html
























					Reply via email to