LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 11-14-2006, 09:27 PM   #1
xlh3110
LQ Newbie
 
Registered: Nov 2005
Posts: 19

Rep: Reputation: 0
Question whitelist for postfix


How to put a white list together with header/body checks so that mails from certain domain will go through even if their header/body matches those REJECT ones defined in the header_checks?

here is related part from my main.cf:

Code:
smtpd_helo_required = yes
smtpd_client_restrictions = 
smtpd_helo_restrictions = reject_invalid_hostname,reject_non_fqdn_hostname 
reject_unverified_sender 
smtpd_sender_restrictions = hash:/etc/postfix/access,reject_non_fqdn_sender,reject_unknown_sender_domain 
smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination,reject_unlisted_recipient 
check_sender_access = regexp:/etc/postfix/sender_checks
header_checks = regexp:/etc/postfix/header_checks
body_checks = regexp:/etc/postfix/body_checks
and in sender_checks

Code:
.org  OK

But this combination does not work.

Any help is appreciated.
 
Old 11-15-2006, 01:16 AM   #2
billymayday
Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
Are you sure you can use a regexp for this? Try using a hash table instead, with

check_sender_access = regexp:/etc/postfix/sender_checks

and don't forget to

postmap /etc/postfix/sender_checks

Last edited by billymayday; 11-15-2006 at 01:17 AM.
 
Old 11-15-2006, 09:29 AM   #3
Berhanie
Senior Member
 
Registered: Dec 2003
Location: phnom penh
Distribution: Fedora
Posts: 1,625

Rep: Reputation: 165Reputation: 165
See here about regexp syntax. To allow a .org sender, use
Code:
/.*\.org$/    OK
This would only affect smtpd_sender_restrictions (or, whatever restriction list the access table happened to be in), not the other checks; so, the message would still be subjected to header/body checks.

If you are rejecting a message based on certain header/body patterns, and yet you still find occasion to make exceptions in certain cases, then I suggest that those patterns should not be used as a basis for rejecting the message. header/body checks are meant to be an all or nothing thing.

Finally, see BUILTIN_FILTER_README.html#domain_except under Configuring header/body checks for mail to some domains only, which discusses setting up a second smtp listener with the checks turned off. But, I don't think that's what you had in mind.

Last edited by Berhanie; 11-16-2006 at 04:00 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix - whitelist leandrob Linux - Software 0 06-07-2006 12:38 PM
Blacklist all, whitelist two countries daiver Linux - Security 4 04-30-2006 10:41 PM
Sendmail : Whitelist Skip-DMP Linux - Software 5 04-11-2006 10:38 AM
secret whitelist for qmail Chris Murphy Linux - General 1 01-03-2005 12:35 AM
Spamassassin 3 whitelist ignored gquiring Linux - Software 0 10-04-2004 08:11 AM


All times are GMT -5. The time now is 10:24 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration