Re: Whitelisting Redux
- Dennis Putnam wrote:
>No, I meant for you to change the "smtpd_client_restrictions" entry that
> On May 1, 2007, at 10:06 AM, Jorey Bump wrote:
>> I'm not sure why you're removing permit_sasl_authenticated, but if you
>> don't need it, no harm done.
> I thought that was what you suggested I do.
you provided to "smtpd_recipient_restrictions" and remove the redundant
smtpd_recipient_restrictions from your configuration.
>> It appears your whitelist is not being consulted. Be sure to issue aIt was. The address was wrong.
>> 'postfix reload' after editing main.cf.
> I do/did. Why would the white list not be consulted?
>> Put permit_sasl_authenticated back before permit_mynetworks inNo.
>> smtpd_recipient_restrictions, if you are using authentication for
>> submission via port 25.
> It seems to be working without it but I will. In any case this is not
> effecting the white list is it?
>> dap@... != dap1@...To be clear, it's using the address provided during MAIL FROM (not the
> I missed that detail. I didn't think it used the FROM field since that
> is easily spoofed. The difference is whether the mail originated on a
> Linux box or Windows box. The bad news is that when I add that to my
> white list it still doesn't work.
From: header), and you're right, that's easily spoofed. But if you want
to use check_sender_access, that's what we're talking about, the
>> If you want to keep things simple, use this in sender_whitelist:Refer to Email Address Patterns in:
>> bellsouth.net permit_auth_destination
> I don't really want to open it to all but I might have to try that just
> to see if anything can get through. Will that also work if the hostname
> is home.bellsouth.net?
man 5 access
> Actually I need to get this working not just forWell, I sympathize, but this may be a user issue. They need to complain
> this user but for others as well. I want to make sure it all works and I
> understand it before adding more users. These otherwise legitimate ISPs
> that refuse to take responsibility for spam originating on their
> networks drive me nuts. I have things pretty tight so we get very little
> spam leaking through but there are a few legitimate sources that don't.
to the ISP or switch. Kudos for trying to solve their problem, but you
may be taking on a maintenance headache. Of course, you could move your
RBLs to a scoring system via a policy server or SpamAssassin if they are
causing you too many problems. Using RBLs isn't required, so I guess you
do bear some of the responsibility here.
>> Note that you'll have to put your map *after*I meant you must do this if you plan to use the bellsouth.net address as
>> reject_unauth_destination if you use the bellsouth.net address for
>> outgoing mail (in which case, you should really use their mail server,
> Now I'm confused (as usual). If I send something to dap1@...
> it will be rejected? Outgoing mail cannot go to 'bellsouth.net' as that
> does not resolve to an smtp server. I thought postfix looked up the MX
> record for that address instead.
your sender address for outgoing mail. Outgoing mail *to* bellsouth.net
is not affected by this configuration.