Loading ...
Sorry, an error occurred while loading the content.

Re: Whitelists

Expand Messages
  • /dev/rob0
    ... Numerous ways, depending on what you mean by domain . ... FWIW (very little, in fact) there is check_sender_access. Not a good tool for whitelisting,
    Message 1 of 7 , Jan 1, 2012
    • 0 Attachment
      On Sunday 01 January 2012 21:56:43 Roman Gelfand wrote:
      > I see there is a way to whitelist domain.

      Numerous ways, depending on what you mean by "domain".

      > Is it possible to whitelist sender email address?

      FWIW (very little, in fact) there is check_sender_access. Not a good
      tool for whitelisting, because every email address is used as sender
      by spammers, sooner or later.

      http://www.postfix.org/SMTPD_ACCESS_README.html
      http://www.postfix.org/postconf.5.html#check_sender_access

      > Also, if I am running several filters, will postfix
      > automatically disable filtering for this sender email address?

      Nothing is automatic. You either configure filtering, or not. Why
      would you want to bypass filtering? Do you want to receive "bad"
      content [which claims to be] from that address?

      You might do better here if you describe the problem you have that
      you're wanting to solve. Generally I believe that whitelisting is the
      wrong approach when spam blocking is too aggressive; if you take out
      unsafe and unreasonable restrictions, most good mail will go through.

      If you're having trouble implementing something, see here:

      http://www.postfix.org/DEBUG_README.html#mail
      --
      http://rob0.nodns4.us/ -- system administration and consulting
      Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
    • Roman Gelfand
      I am using the following directive for filtering. The mail goes through 2 grey listing filters, bl lookup using policy_daemon, dkim, spf, dspam, etc... I
      Message 2 of 7 , Jan 1, 2012
      • 0 Attachment
        I am using the following directive for filtering. The mail goes
        through 2 grey listing filters, bl lookup using policy_daemon, dkim,
        spf, dspam, etc... I don't want to start adding a whitelist entry to
        every filter.

        smtpd_recipient_restrictions =
        permit_mynetworks,
        reject_unauth_destination,
        check_recipient_access pcre:/etc/postfix/dspam_check_aliases,
        check_sender_access pcre:/etc/postfix/dspam_check_aliases,
        check_policy_service inet:127.0.0.1:2501,
        check_policy_service inet:127.0.0.1:5525,
        reject_unlisted_recipient,
        check_policy_service inet:127.0.0.1:12525


        On Sun, Jan 1, 2012 at 11:31 PM, /dev/rob0 <rob0@...> wrote:
        > On Sunday 01 January 2012 21:56:43 Roman Gelfand wrote:
        >> I see there is a way to whitelist domain.
        >
        > Numerous ways, depending on what you mean by "domain".
        >
        >> Is it possible to whitelist sender email address?
        >
        > FWIW (very little, in fact) there is check_sender_access. Not a good
        > tool for whitelisting, because every email address is used as sender
        > by spammers, sooner or later.
        >
        > http://www.postfix.org/SMTPD_ACCESS_README.html
        > http://www.postfix.org/postconf.5.html#check_sender_access
        >
        >> Also, if I am running several filters, will postfix
        >> automatically disable filtering for this sender email address?
        >
        > Nothing is automatic. You either configure filtering, or not. Why
        > would you want to bypass filtering? Do you want to receive "bad"
        > content [which claims to be] from that address?
        >
        > You might do better here if you describe the problem you have that
        > you're wanting to solve. Generally I believe that whitelisting is the
        > wrong approach when spam blocking is too aggressive; if you take out
        > unsafe and unreasonable restrictions, most good mail will go through.
        >
        > If you're having trouble implementing something, see here:
        >
        > http://www.postfix.org/DEBUG_README.html#mail
        > --
        >  http://rob0.nodns4.us/ -- system administration and consulting
        >  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
      • Stan Hoeppner
        ... check_sender_access hash:/etc/postfix/whitelist ... /etc/postfix/whitelist example.com permit_auth_destination user@example2.com permit_auth_destination
        Message 3 of 7 , Jan 2, 2012
        • 0 Attachment
          On 1/1/2012 11:19 PM, Roman Gelfand wrote:
          > I am using the following directive for filtering. The mail goes
          > through 2 grey listing filters, bl lookup using policy_daemon, dkim,
          > spf, dspam, etc... I don't want to start adding a whitelist entry to
          > every filter.
          >
          > smtpd_recipient_restrictions =
          > permit_mynetworks,
          > reject_unauth_destination,
          check_sender_access hash:/etc/postfix/whitelist
          > check_recipient_access pcre:/etc/postfix/dspam_check_aliases,
          > check_sender_access pcre:/etc/postfix/dspam_check_aliases,
          > check_policy_service inet:127.0.0.1:2501,
          > check_policy_service inet:127.0.0.1:5525,
          > reject_unlisted_recipient,
          > check_policy_service inet:127.0.0.1:12525

          /etc/postfix/whitelist
          example.com permit_auth_destination
          user@... permit_auth_destination

          After creating or modifying /etc/postfix/whitelist do

          $ postmap whitelist

          See: man 5 access

          --
          Stan
        • /dev/rob0
          ... Roman mentioned filters , so naturally I thought he was referring to content filtering. Bypassing restrictions is done as Stan showed. ... My only
          Message 4 of 7 , Jan 2, 2012
          • 0 Attachment
            On Monday 02 January 2012 09:26:18 Stan Hoeppner wrote:
            > On 1/1/2012 11:19 PM, Roman Gelfand wrote:
            > > I am using the following directive for filtering. The mail goes
            > > through 2 grey listing filters, bl lookup using policy_daemon,
            > > dkim, spf, dspam, etc... I don't want to start adding a
            > > whitelist entry to every filter.

            Roman mentioned "filters", so naturally I thought he was referring to
            content filtering. Bypassing restrictions is done as Stan showed.

            > > smtpd_recipient_restrictions =
            > >
            > > permit_mynetworks,
            > > reject_unauth_destination,
            >
            > check_sender_access hash:/etc/postfix/whitelist

            My only additional suggestion would be that the filename should
            reflect a bit more of how it is used, i.e., "sender_whitelist".

            > > check_recipient_access pcre:/etc/postfix/dspam_check_aliases,
            > > check_sender_access pcre:/etc/postfix/dspam_check_aliases,
            > > check_policy_service inet:127.0.0.1:2501,
            > > check_policy_service inet:127.0.0.1:5525,
            > > reject_unlisted_recipient,
            > > check_policy_service inet:127.0.0.1:12525
            >
            > /etc/postfix/whitelist
            > example.com permit_auth_destination
            > user@... permit_auth_destination
            >
            > After creating or modifying /etc/postfix/whitelist do
            >
            > $ postmap whitelist
            >
            > See: man 5 access

            --
            http://rob0.nodns4.us/ -- system administration and consulting
            Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
          Your message has been successfully submitted and would be delivered to recipients shortly.