On 24 Dec 2018, at 12:40, Michael Fox wrote:
I'm pretty sure I've seen this documented somewhere, but I can't find
it.
In addition to defining alternative restriction lists and classes as
Wietse noted, you can keep all of your restrictions in the standard
smtpd_*_restrictions lists if you prefer and can accept the limitation
of having each type of whitelisting applied to a trailing sublist of
restrictions.
This method is implicit in the documentation of the various
smtpd_*_restrictions lists, but I don't think it is described explicitly
anywhere.
What I'd like to do is have a whitelist apply to only a specific
reject.
[...]
But suppose
each reject_... test needs different whitelists? Is there a way to do
that?
You can do that by defining restriction lists and classes as in
http://www.postfix.org/RESTRICTION_CLASS_README.html or you can get
close to it without a myriad of special lists by using the fact that
directives in a restriction list are ordered, and you can have as many
check_*_access maps as you like, ordered amongst the reject_* directives
however you like. So this sort of thing would work, although it's a bit
more than I expect anyone would need:
smtpd_recipient_restrictions = permit_mynetworks,
check_recipient_access hash:/etc/postfix/protect_from_all,
reject_[some_rule_1],
check_recipient_access hash:/etc/postfix/protect_from_2-n,
check_client_access hash:/etc/postfix/protect_from_2-n,
reject_[some_rule_2],
check_recipient_access hash:/etc/postfix/protect_from_3-n,
check_sender_access hash:/etc/postfix/protect_from_3-n,
reject_[some_rule_3],
[...]
check_recipient_access hash:/etc/postfix/protect_from_n,
check_client_access hash:/etc/postfix/protect_from_n,
check_sender_access hash:/etc/postfix/protect_from_n,
reject_[some_rule_n],
permit
--
Bill Cole
