[PLUG] Postfix whitelist?

Steven Raymond stever at woo-hoo.com
Tue May 27 15:15:02 PDT 2003

> On Mon, 2003-03-10 at 08:40, Steven Raymond wrote:
>> Is there an easy way to make a Postfix whitelist which says "accept
>> mail from so-and-so regardless of the other filters"?
> Yes, of course. Just create a map file with the IP address(es)
> of the remote mail server(s) you always want to receive mail
> from and refer to it in your smtpd_recipient_restrictions
> sections before the maps that block the mail.
> For example:
> smtpd_recipient_restrictions =
>       check_client_access = hash:/etc/postfix/goodip,
>       ...,
>       [your black lists]
>       ...,
>       permit mynetworks
> In the goodip file:
>   OK
> Don't forget to use the postmap program

I simply could not get this to work.  No errors, it just simply was
ineffective.  I created /etc/postfix/permit-domains, which consisted of:
domainname.com    OK
ipaddr^^^^        OK
(used both domain name and ip addr of the mail server just to be sure)

Added the line in main.cf:
smtpd_recipient_restrictions =
       check_client_access = hash:/etc/postfix/permit-domains,

Ran "postmap /etc/postfix/permit-domains" which generates a
permit-domain.db file.    (should main.cf say instead check_client_access
= hash:/etc/postfix/permit-domains.db?)

Then nothing else happened, still rejected the good emails based upon helo

Have gotten it to accept mail by domains by adding the following to
/etc/postfix/access, then postmap access:
domainname.com     OK
ipaddr^^^^         OK

I observe the following references to /etc/postfix/access in various parts
of main.cf:
smtpd_client_restrictions =
        check_client_access hash:/etc/postfix/access,
smtpd_helo_required = yes
smtpd_helo_restrictions =
        check_helo_access hash:/etc/postfix/access,

smtpd_sender_restrictions =
        check_sender_access hash:/etc/postfix/access,

smtpd_recipient_restrictions =
        check_recipient_access hash:/etc/postfix/access,

What's the functional difference between:

I'd prefer to have the stand-alone file per Ed's suggestion, rather than
mucking around in /etc/postfix/access, but that didn't work for reasons I
don't understand.  Any input is appreciated.

More information about the PLUG mailing list