Loading ...
Sorry, an error occurred while loading the content.

273673Re: foolproof whitelisting

Expand Messages
  • Brian Evans - Postfix List
    Feb 1, 2011
      On 2/1/2011 7:43 AM, sunhux G wrote:
      >
      > Our current way of blocking a spam address is by editing
      > access_sender & access_recipient & then reload postmap.
      >
      > From time to time we're given addresses that should never
      > be blocked but due to staff turnover & documentation not
      > up-to-date, an address that should never be blocked was
      > somehow blocked.
      >
      > Pardon me if this has been discussed before,
      > what's the best way to go about preventing such mistakes?
      >
      > Is there a whitelist file that we can enter addresses that should
      > never blocked so that even if this address is manually added
      > into access_sender & access_recipient, they will still not be
      > blocked (& possibly will be automatically removed from the
      > two files access_sender/recipient).
      >
      > If there's such a whitelist file, presumably there should be 2
      > of them, one for sending & receiving. Let me know the full
      > directory path & filename of the whitelist files
      >
      Postfix does not allocate certain file names for access maps.
      You may have as many as you like, the only thing that matters is the
      order of the maps in the restriction class.
      The first match always wins, so put your whitelists before any blacklists.

      I recommend using "permit_auth_destination" as the result for a
      whitelist due to your mentioned turnover rate.
      This will prevent any open relays if the whitelist is incorrectly placed
      in the chain of restrictions (in recipient restrictions before
      reject_unauth_destination)
    • Show all 3 messages in this topic