View Single Post
Old 15th January 2011, 02:05
mintydave mintydave is offline
Junior Member
Join Date: Dec 2010
Posts: 23
Thanks: 2
Thanked 0 Times in 0 Posts

Originally Posted by Rocky View Post
If an entry is found in the whitelist, it bypasses grey, rbl, spf and mailscanner checks. This was something I thought long and hard about because I wanted to have a common whitelist.

I have a conern that on my spamsnake the whitelist managed in Barawa is not behaving as you state above.

I have the following IP in my whitelist:
46     Any address
Then I get this in my syslog:
Jan 14 14:36:09 curve postfix/smtpd[17734]: NOQUEUE: reject: RCPT from[]: 450 4.7.1 <>: Recipient address rejected: 'SERVFAIL' error on DNS 'SPF' lookup of ''; from=<> to=<> proto=ESMTP helo=<>
Just to cover myself, I researched how the SPF actually works and it appears that there should be an SPF record for "", but there is not, so that is why the server is failing on the DNS lookup.

However, I would prefer that the whitelist just bypasses all the checks and let's the messages through the snake.

Here is my

# See /usr/share/postfix/ for a commented, more complete version

# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = ESMTP SpamSnake
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = /usr/share/doc/postfix

# TLS parameters
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname =
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin =
mydestination =
relayhost =
mynetworks =,,
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
html_directory = /usr/share/doc/postfix/html
message_size_limit = 20485760
local_transport = error:No local mail delivery
local_recipient_maps =
relay_domains = mysql:/etc/postfix/
relay_recipient_maps = mysql:/etc/postfix/
transport_maps = mysql:/etc/postfix/
virtual_alias_maps = hash:/etc/postfix/virtual
disable_vrfy_command = yes
strict_rfc821_envelopes = no
smtpd_delay_reject = yes
smtpd_recipient_limit = 100
smtpd_helo_required = yes
smtpd_client_restrictions = permit_sasl_authenticated, permit_mynetworks, permit
smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, permit
smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, permit
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_recipient_domain, reject_unauth_destination, whitelist_policy, grey_policy, rbl_policy, spf_policy, permit
smtpd_data_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining
smtpd_restriction_classes = spf_policy, rbl_policy, grey_policy, whitelist_policy
spf_policy = check_policy_service unix:private/policy
rbl_policy = reject_rbl_client, reject_rbl_client
grey_policy = check_policy_service unix:private/greyfix
whitelist_policy = check_sender_access mysql:/etc/postfix/
header_checks = regexp:/etc/postfix/header_checks
As always, your input and assistance are greatly appreciated.

Deconn Technical Services
Reply With Quote