HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   HOWTO-Related Questions (http://www.howtoforge.com/forums/forumdisplay.php?f=2)
-   -   How do I whitelist a domain in Postfix? (http://www.howtoforge.com/forums/showthread.php?t=39079)

FatalError 11th September 2009 22:39

How do I whitelist a domain in Postfix?
 
I saw one how-to covering this, but it didn't look the same as my SpamSnake setup. Anyway here is my issue:

One of our vendors is being rejected on an SPF check.

Someone told me that they had very recently changed ISPs.

Here's a log entry from Postfix:

Quote:

Sep 10 15:25:21 spamsnake postfix/smtpd[24756]: NOQUEUE: reject: RCPT from unknown[their.ip.addr.here]: 450 4.7.1 <myuser@mydomain.com>: Recipient address rejected: SPF-Result=mail.theirmailserversdomainname.com: 'SERVFAIL' error on DNS 'SPF' lookup of 'mail.theirmailserversdomainname.com'; from=<theiruser@theirdomain.com> to=<myuser@mydomain.com> proto=ESMTP helo=<mail.THEIRMAILSERVERSDOMAINNAME.COM>
Maybe they haven't updated their SPF record after the ISP change?

Anyway, is there a way to whitelist their domain(s) in Postfix so my users can receive mail from them?


UPDATE: after checking a few online dns query sites, I have determined that there is NO SPF record for either of their domain names. This doesn't sound right...

If anyone wants a crack at this, their email server's name is mail.cbsinsne.com and their email address domain is fainsgroup.com.

Rocky 12th September 2009 04:56

You would have to use a client access list in postfix to get around this issue. Below is an example of what you would have to put in your postfix main.cf file, in the smtpd_recipient section. You just have to create a file called /etc/postfix/goodip and add the IP and OK to it eg. (2.2.2.2 OK) and then postmap it (postmap /etc/postfix/goodip). Then add the below string to postfix and do a postfix reload. This should now allow their IP through postfix. You can google check_client_access to get a better idea of the usage and syntax.

smtpd_recipient_restrictions =
check_client_access = hash:/etc/postfix/goodip

FatalError 21st September 2009 15:31

I am assuming that I leave all existing values on the line "smtpd_recipient_restrictions =" ?

Rocky 22nd September 2009 15:25

Yes, make sure you leave the other statements in there.

Example: smtpd_sender_restrictions = hash:/etc/postfix/access, reject_unknown_sender_domain


All times are GMT +2. The time now is 09:53.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.