Loading ...
Sorry, an error occurred while loading the content.

Re: google outbound SMTP whitelisting

Expand Messages
  • LuKreme
    ... Funny, I just asked about doing this within the last week in a thread postscreen and Google The answer, direct from Wietse, is ... If you re server is
    Message 1 of 10 , May 19, 2013
    View Source
    • 0 Attachment
      On 19 May 2013, at 13:08 , Mike. <the.lists@...> wrote:
      > I wanted to put google's outbound SMTP servers on a postscreen
      > whitelist, but the list seems to be dynamic. I found this web page
      > that explains how to get the list of IP addresses:
      > http://support.google.com/a/bin/answer.py?hl=en&hlrm=de&answer=60764

      Funny, I just asked about doing this within the last week in a thread "postscreen and Google"

      The answer, direct from Wietse, is

      > Don't enable the "after 220" tests, or wait until whitelisting is stable. Given that Google has many servers, manual whitelisting is not a long-term solution.

      If you're server is high-volume, you need to run post screen for a while with soft-bounce enabled to build up the cache. A month.

      You might also read the thread "Snapshot 20130517" which details up-coming changes in 2.11 that will allow whitelisting via a DNS RBL-style lookup.

      (I went with disabling the after-220 tests and postscreen is still doing an excellent job of keeping mail from having to go through spamd, significantly dropping my server's processor load).

      --
      Can I tell you the truth? I mean this isn't like TV news, is it?
    • Benny Pedersen
      ... wishfull thinking here: make postscreen postfix policy compatible -- senders that put my email into body content will deliver it to my own trashcan, so if
      Message 2 of 10 , May 20, 2013
      View Source
      • 0 Attachment
        Mike. skrev den 2013-05-19 21:08:

        > Comments are welcome.

        wishfull thinking here: make postscreen postfix policy compatible

        --
        senders that put my email into body content will deliver it to my own
        trashcan, so if you like to get reply, dont do it
      • Mike.
        ... ============= That s beyond the scope of the project. :) More seriously, if I were to integrate it more closely with postscreen, I would want to seriously
        Message 3 of 10 , May 20, 2013
        View Source
        • 0 Attachment
          On 5/20/2013 at 3:14 PM Benny Pedersen wrote:

          |Mike. skrev den 2013-05-19 21:08:
          |
          |> Comments are welcome.
          |
          |wishfull thinking here: make postscreen postfix policy compatible
          =============

          That's beyond the scope of the project. :)


          More seriously, if I were to integrate it more closely with postscreen,
          I would want to seriously beef up the error checking within the script.
          I purposely left it to the individual mail admin to decide how, and
          to what extent, to fit gwhitelist.sh into the mail system.
        • Steve Jenkins
          ... Simple. Neat. Effective. I ve now added gwhitelist it to the crontab on my personal mail server: # crontab -l @hourly /usr/local/bin/opendkim-reportstats
          Message 4 of 10 , May 20, 2013
          View Source
          • 0 Attachment
            On Mon, May 20, 2013 at 7:02 AM, Mike. <the.lists@...> wrote:
            More seriously, if I were to integrate it more closely with postscreen,
            I would want to seriously beef up the error checking within the script.
              I purposely left it to the individual mail admin to decide how, and
            to what extent, to fit gwhitelist.sh into the mail system.

            Simple. Neat. Effective. I've now added gwhitelist it to the crontab on my personal mail server:

            # crontab -l
            @hourly /usr/local/bin/opendkim-reportstats -sendstats > /dev/null #Send OpenDKIM Stats
            0 4 * * * /usr/local/bin/sa_wrapper.sh #SpamAssassin Learning Tasks
            @weekly /usr/bin/wget -q -N -P /etc/postfix http://hardwarefreak.com/fqrdns.pcre #Download Stan's updated PCRE file
            @weekly /usr/local/bin/gwhitelist.sh > /etc/postfix/gmail_whitelist.cidr #Update Google Mail Server Whitelist

            Thx!

            SteveJ
          • Benny Pedersen
            ... unsure if postfix self reloads on filechanges ? :/ if not can postfix do this ? -- senders that put my email into body content will deliver it to my own
            Message 5 of 10 , May 20, 2013
            View Source
            • 0 Attachment
              Steve Jenkins skrev den 2013-05-20 16:31:

              > @weekly /usr/local/bin/gwhitelist.sh >
              > /etc/postfix/gmail_whitelist.cidr #Update Google Mail Server
              > Whitelist

              unsure if postfix self reloads on filechanges ? :/

              if not can postfix do this ?

              --
              senders that put my email into body content will deliver it to my own
              trashcan, so if you like to get reply, dont do it
            • Wietse Venema
              ... You need postfix reload after changing cidr maps (and pres, regexp, and other files that are processed in their entirety as the map is opened). Wietse
              Message 6 of 10 , May 20, 2013
              View Source
              • 0 Attachment
                Benny Pedersen:
                > Steve Jenkins skrev den 2013-05-20 16:31:
                >
                > > @weekly /usr/local/bin/gwhitelist.sh >
                > > /etc/postfix/gmail_whitelist.cidr #Update Google Mail Server
                > > Whitelist
                >
                > unsure if postfix self reloads on filechanges ? :/
                >
                > if not can postfix do this ?

                You need "postfix reload after changing cidr maps (and pres, regexp,
                and other files that are processed in their entirety as the map is
                opened).

                Wietse
              • Steve Jenkins
                ... I wasn t sure either, which is why I added a postfix reload as the last line of the gwhitelist.sh script. :) SteveJ
                Message 7 of 10 , May 20, 2013
                View Source
                • 0 Attachment
                  On Mon, May 20, 2013 at 8:57 AM, Benny Pedersen <me@...> wrote:
                  Steve Jenkins skrev den 2013-05-20 16:31:


                  @weekly /usr/local/bin/gwhitelist.sh >
                  /etc/postfix/gmail_whitelist.cidr #Update Google Mail Server Whitelist

                  unsure if postfix self reloads on filechanges ? :/

                  if not can postfix do this ?

                  I wasn't sure either, which is why I added a "postfix reload" as the last line of the gwhitelist.sh script. :)

                  SteveJ 
                • Benny Pedersen
                  ... here i just move cidr maps to postgresql so it does not need to reload postfix, but its maybe not all using postgresql, just to note it for cron update
                  Message 8 of 10 , May 21, 2013
                  View Source
                  • 0 Attachment
                    wietse@... skrev den 2013-05-20 19:02:

                    > You need "postfix reload after changing cidr maps (and pres, regexp,
                    > and other files that are processed in their entirety as the map is
                    > opened).

                    here i just move cidr maps to postgresql so it does not need to reload
                    postfix, but its maybe not all using postgresql, just to note it for
                    cron update postfix

                    using spf data to dump into cidr is basicly a bit silly in the terms
                    its not live data, postscreen could use tables in any postconf -m, its
                    only make sense to use cidr for speed reasons imho

                    --
                    senders that put my email into body content will deliver it to my own
                    trashcan, so if you like to get reply, dont do it
                  • Benny Pedersen
                    ... please respect my signature, if you use multiple sh files to update via cron, then you might combine all sh into one cron script and end it all with one
                    Message 9 of 10 , May 21, 2013
                    View Source
                    • 0 Attachment
                      Steve Jenkins skrev den 2013-05-20 19:06:

                      > I wasn't sure either, which is why I added a "postfix reload" as the
                      > last line of the gwhitelist.sh script. :)

                      please respect my signature, if you use multiple sh files to update via
                      cron, then you might combine all sh into one cron script and end it all
                      with one single postfix reload, if not using postgresql :)

                      --
                      senders that put my email into body content will deliver it to my own
                      trashcan, so if you like to get reply, dont do it
                    Your message has been successfully submitted and would be delivered to recipients shortly.