On 7/29/17 5:45 PM, Wietse Venema wrote:
deoren:
I suppose it was out of ignorance, but I've used 'OK' in the past to
accept mail from specific domains that are blacklisted by Spamhaus or
have partial DNS records.
Recently I came across several threads here that noted how this was a
bad idea. Looking over the Postfix documentation I seemed to find
confirmation of that. As a result, I've attempted to start using 'DUNNO'
for whitelisting sender domains instead of 'OK'. I don't appear to be
having any luck though, so I wanted to reach out and get confirmation
that the DUNNO action applies to what I'm trying to do.
I have all intentional spam control checks applied within the
smtpd_recipient_restrictions section of the conf file.
Here are some of the checks applied:
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
Here, insert: reject_unauth_destination, then it is safe to use "OK"
in your check_xxx_access tables below.
Wietse
check_recipient_access
proxy:mysql:/etc/postfix/mysql-recipient_access.cf,
check_sender_access proxy:mysql:/etc/postfix/mysql-sender_access.cf,
check_client_access proxy:mysql:/etc/postfix/mysql-client_access.cf,
...
reject_rbl_client zen.spamhaus.org,
reject_rbl_client b.barracudacentral.org,
Thank you!
If I have the following, does that free up using
smtpd_recipient_restrictions for just spam/blacklist/whitelist rules?
smtpd_relay_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
Thank you for your help.
