On 2/14/15 4:23 PM, "LuKreme" <krem...@kreme.com> wrote: >I wasn¹t suggesting you implement it on your machine. That said, I would >very much like a list of hosts that pass whitelist_auth.
whitelist_auth isn't a host-level check, it's an email address or domain-level check. "If a message can be authenticated as being from this email address, then accept it." Mine is a short list, almost exclusively financial: blacklist_from *@wellsfargo.com whitelist_auth *@wellsfargo.com blacklist_from *@chase.com whitelist_auth *@chase.com blacklist_from *@bankofamerica.com whitelist_auth *@bankofamerica.com blacklist_from *.aexp.com whitelist_auth *.aexp.com blacklist_from *@americanexpress.com blacklist_from *.americanexpress.com whitelist_auth *@americanexpress.com whitelist_auth *.americanexpress.com blacklist_from *@atmosenergy.com whitelist_auth *@atmosenergy.com blacklist_from *@citibank.com whitelist_auth *@citibank.com And Reindl is right that I'm assuming these senders won't suddenly decide to quit sending authenticated email. If they do, I'll notice it in my logs pretty quickly and get it resolved, but I understand that for some mail admins that's a risk they can't take. For myself, Id rather reject barely-possibly-valid mail from those senders than accept probable-phishing emails claiming to be from those senders; as always YMMV and my advice is worth precisely what you paid for it. ;-) -- Dave Pooser Cat-Herder-in-Chief, Pooserville.com
