whitelist for postfix

xlh3110 · 11-14-2006, 09:27 PM

How to put a white list together with header/body checks so that mails from certain domain will go through even if their header/body matches those REJECT ones defined in the header_checks?

here is related part from my main.cf:

Code:

smtpd_helo_required = yes
smtpd_client_restrictions = 
smtpd_helo_restrictions = reject_invalid_hostname,reject_non_fqdn_hostname 
reject_unverified_sender 
smtpd_sender_restrictions = hash:/etc/postfix/access,reject_non_fqdn_sender,reject_unknown_sender_domain 
smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination,reject_unlisted_recipient 
check_sender_access = regexp:/etc/postfix/sender_checks
header_checks = regexp:/etc/postfix/header_checks
body_checks = regexp:/etc/postfix/body_checks

and in sender_checks

Code:

.org  OK

But this combination does not work.

Any help is appreciated.

billymayday · 11-15-2006, 01:16 AM

Are you sure you can use a regexp for this? Try using a hash table instead, with

check_sender_access = regexp:/etc/postfix/sender_checks

and don't forget to

postmap /etc/postfix/sender_checks

Berhanie · 11-15-2006, 09:29 AM

See here about regexp syntax. To allow a .org sender, use

Code:

/.*\.org$/    OK

This would only affect smtpd_sender_restrictions (or, whatever restriction list the access table happened to be in), not the other checks; so, the message would still be subjected to header/body checks.

If you are rejecting a message based on certain header/body patterns, and yet you still find occasion to make exceptions in certain cases, then I suggest that those patterns should not be used as a basis for rejecting the message. header/body checks are meant to be an all or nothing thing.

Finally, see BUILTIN_FILTER_README.html#domain_except under Configuring header/body checks for mail to some domains only, which discusses setting up a second smtp listener with the checks turned off. But, I don't think that's what you had in mind.