Something I did pretty recently on the various restrictions in main.cf
was add a spam_lovers access file that allows me to whitelist certain
recipients so that messages to them will bypass all the filtering.
I did this because I've had people tell me about situations where they
did not receive an important email, usually from a relative. When I
look into these problems, it's almost always something basic, like
reverse DNS. And I find that a whole lot of people will not lift a
finger to fix the problems with their mail server.
For users who want to receive email from servers that are run by these
bad admins, I can add them to the spam_lovers file and redo postmap on
it. Their incoming email will bypass almost every filter I've got.
They don't even seem to mind the massive increase in spam that this creates.
But I've realized that this config doesn't affect postscreen. Sometimes
the sender will be on a server that has been blacklisted by an RBL and
either the admin won't try to fix the problem or they are unable to get
the problem fixed.
So now we come to my question: Can I whitelist a recipient so email to
that user will always pass postscreen? I tried to find an answer with
google and came up empty.
Here's the full restriction config from main.cf. If anybody sees any
problems with that config, I would appreciate knowing that too:
----------
smtpd_relay_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
defer_unauth_destination
smtpd_client_restrictions =
check_recipient_access hash:/etc/postfix/spam_lovers,
check_sender_access hash:/etc/postfix/always_sender_access,
permit_sasl_authenticated,
permit_mynetworks,
check_client_access cidr:/etc/postfix/client_access,
check_sender_access hash:/etc/postfix/sender_access,
reject_unknown_reverse_client_hostname,
reject_unknown_client_hostname
smtpd_helo_restrictions =
check_recipient_access hash:/etc/postfix/spam_lovers,
check_sender_access hash:/etc/postfix/always_sender_access,
permit_sasl_authenticated,
permit_mynetworks,
check_client_access cidr:/etc/postfix/client_access,
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname
smtpd_sender_restrictions =
check_recipient_access hash:/etc/postfix/spam_lovers,
check_sender_access hash:/etc/postfix/always_sender_access,
permit_sasl_authenticated,
permit_mynetworks,
check_sender_access hash:/etc/postfix/sender_access,
check_client_access cidr:/etc/postfix/client_access,
reject_non_fqdn_sender,
reject_unknown_sender_domain
smtpd_recipient_restrictions =
check_recipient_access hash:/etc/postfix/spam_lovers,
check_sender_access hash:/etc/postfix/always_sender_access,
permit_sasl_authenticated,
permit_mynetworks,
check_sender_access hash:/etc/postfix/sender_access,
check_recipient_access hash:/etc/postfix/recipient_access,
check_client_access cidr:/etc/postfix/client_access,
sleep 2,
reject_non_fqdn_recipient,
reject_unauth_destination,
reject_unknown_recipient_domain,
reject_unlisted_recipient,
check_policy_service unix:private/policy-spf
smtpd_data_restrictions =
permit_mynetworks,
reject_unauth_pipelining,
reject_multi_recipient_bounce
----------
Thanks,
Shawn
