[PLUG] Postfix whitelist?

Steven Raymond stever at woo-hoo.com
Tue May 27 15:15:02 PDT 2003 

> On Mon, 2003-03-10 at 08:40, Steven Raymond wrote:
>> Is there an easy way to make a Postfix whitelist which says "accept
>> mail from so-and-so regardless of the other filters"?
>
> Yes, of course. Just create a map file with the IP address(es)
> of the remote mail server(s) you always want to receive mail
> from and refer to it in your smtpd_recipient_restrictions
> sections before the maps that block the mail.
> For example:
>
> smtpd_recipient_restrictions =
>       check_client_access = hash:/etc/postfix/goodip,
>       ...,
>       [your black lists]
>       ...,
>       permit mynetworks
>
> In the goodip file:
>
> 1.2.3.4   OK
> Don't forget to use the postmap program

I simply could not get this to work.  No errors, it just simply was
ineffective.  I created /etc/postfix/permit-domains, which consisted of:
domainname.com    OK
ipaddr^^^^        OK
(used both domain name and ip addr of the mail server just to be sure)

Added the line in main.cf:
smtpd_recipient_restrictions =
       check_client_access = hash:/etc/postfix/permit-domains,
....

Ran "postmap /etc/postfix/permit-domains" which generates a
permit-domain.db file.    (should main.cf say instead check_client_access
= hash:/etc/postfix/permit-domains.db?)

Then nothing else happened, still rejected the good emails based upon helo
checks.


Have gotten it to accept mail by domains by adding the following to
/etc/postfix/access, then postmap access:
domainname.com     OK
ipaddr^^^^         OK

I observe the following references to /etc/postfix/access in various parts
of main.cf:
smtpd_client_restrictions =
        permit_mynetworks,
...
        check_client_access hash:/etc/postfix/access,
        permit
smtpd_helo_required = yes
smtpd_helo_restrictions =
        permit_mynetworks,
...
        check_helo_access hash:/etc/postfix/access,
...
        permit

smtpd_sender_restrictions =
...
        check_sender_access hash:/etc/postfix/access,
...
        permit

smtpd_recipient_restrictions =
        permit_mynetworks,
        check_recipient_access hash:/etc/postfix/access,


What's the functional difference between:
check_client_access
check_helo_access
check_sender_access
check_recipient_access
?

I'd prefer to have the stand-alone file per Ed's suggestion, rather than
mucking around in /etc/postfix/access, but that didn't work for reasons I
don't understand.  Any input is appreciated.
Thanks

More information about the PLUG mailing list