Postfix whitelisting by recipient address?

carlmarshall · 11-28-2006, 04:56 AM

Hi,

I am using a Postfix mail server using MySQL for virtual users and have several rules for blocking UCE configured. In addition, I am using an SQL table for whitelisting sender email addresses which works very well.

However I have a customer who receives email from a wide variety of clients and doesn't know in advance what their email address will be. Typically, many of these get blocked by my blackhole filters.

Does anyone know of a method by which I can apply a whitelist based on recipient address rather than on sender address?

Just had a thought on the subject: I suspect that I could use smtpd_restriction_classes eg:

smtpd_restriction_classes= filtered, unfiltered

However all of my domains etc. are virtual and change often. Does anyone have an idea as to how to read class members from an SQL database?

Cheers,

Carl.

gani · 12-04-2006, 06:02 AM

Performing a simple reverse lookup should validate your domain's existense and thus if it exists, it won't be suspected as being used by spammers since spammers do usually use fake domains or short-lived domains.

The first example shows that it can't resolve to what domain that IP is pointed to.

@webmaster:~$ host your.internet.ip.add
Host your.internet.ip.add.in-addr.arpa not found: 3(NXDOMAIN)

This one next is what should be expected.

@webmaster:~$ host your.internet.ip.add
your.internet.ip.add.in-addr.arpa domain name pointer your.domain.com.

gani · 12-04-2006, 06:06 AM

Sorry, I've mistaken sending this reply to this thread. It should not be here.

I've never noticed that my browser window is on the wrong thread.

Sorry guys...

carlmarshall · 12-04-2006, 06:07 AM

Not a problem gani!

Hope you sort someone's problem, even if it's not mine!

Carl.

gani · 12-07-2006, 07:12 AM

I've come across with this file on my server that came from a contribution from a Japanese developer regarding tarpiting patch for postgrey. It is named whitelist_recipient with example lines included as

Code:

# *** whitelist recipient ***
postmaster@mydomain.example          OK
abuse@mydomain.example               OK

Though I'm not using this and just decided posting this in thinking that this might help you or provide you with some idea.

This should be included in smtpd_recipient_restrictions in main.cf as ordered

Code:

smtpd_recipient_restrictions =
      permit_mynetworks
      permit_sasl_authenticated
      reject_unauth_destination
      check_recipient_access hash:/etc/postfix/whitelist_recipient   # HERE
      check_recipient_access mysql:/etc/postfix/mysql-recipient.cf   # just an example
      reject_invalid_hostname
      reject_non_fqdn_sender
      reject_non_fqdn_hostname
      reject_unknown_sender_domain
      ... others...
      .... etc.
      permit

# postmap /etc/postfix/whitelist_recipient
# postfix reload

-Gani