Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > HOWTO-Related Questions

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 11th September 2009, 23:39
FatalError FatalError is offline
Junior Member
 
Join Date: Aug 2009
Posts: 11
Thanks: 2
Thanked 0 Times in 0 Posts
Default How do I whitelist a domain in Postfix?

I saw one how-to covering this, but it didn't look the same as my SpamSnake setup. Anyway here is my issue:

One of our vendors is being rejected on an SPF check.

Someone told me that they had very recently changed ISPs.

Here's a log entry from Postfix:

Quote:
Sep 10 15:25:21 spamsnake postfix/smtpd[24756]: NOQUEUE: reject: RCPT from unknown[their.ip.addr.here]: 450 4.7.1 <myuser@mydomain.com>: Recipient address rejected: SPF-Result=mail.theirmailserversdomainname.com: 'SERVFAIL' error on DNS 'SPF' lookup of 'mail.theirmailserversdomainname.com'; from=<theiruser@theirdomain.com> to=<myuser@mydomain.com> proto=ESMTP helo=<mail.THEIRMAILSERVERSDOMAINNAME.COM>
Maybe they haven't updated their SPF record after the ISP change?

Anyway, is there a way to whitelist their domain(s) in Postfix so my users can receive mail from them?


UPDATE: after checking a few online dns query sites, I have determined that there is NO SPF record for either of their domain names. This doesn't sound right...

If anyone wants a crack at this, their email server's name is mail.cbsinsne.com and their email address domain is fainsgroup.com.

Last edited by FatalError; 11th September 2009 at 23:59.
Reply With Quote
Sponsored Links
  #2  
Old 12th September 2009, 05:56
Rocky Rocky is offline
Senior Member
 
Join Date: Oct 2005
Posts: 553
Thanks: 14
Thanked 49 Times in 48 Posts
Default

You would have to use a client access list in postfix to get around this issue. Below is an example of what you would have to put in your postfix main.cf file, in the smtpd_recipient section. You just have to create a file called /etc/postfix/goodip and add the IP and OK to it eg. (2.2.2.2 OK) and then postmap it (postmap /etc/postfix/goodip). Then add the below string to postfix and do a postfix reload. This should now allow their IP through postfix. You can google check_client_access to get a better idea of the usage and syntax.

smtpd_recipient_restrictions =
check_client_access = hash:/etc/postfix/goodip
__________________
Home of the SpamSnake
Reply With Quote
  #3  
Old 21st September 2009, 16:31
FatalError FatalError is offline
Junior Member
 
Join Date: Aug 2009
Posts: 11
Thanks: 2
Thanked 0 Times in 0 Posts
Default

I am assuming that I leave all existing values on the line "smtpd_recipient_restrictions =" ?
Reply With Quote
  #4  
Old 22nd September 2009, 16:25
Rocky Rocky is offline
Senior Member
 
Join Date: Oct 2005
Posts: 553
Thanks: 14
Thanked 49 Times in 48 Posts
 
Default

Yes, make sure you leave the other statements in there.

Example: smtpd_sender_restrictions = hash:/etc/postfix/access, reject_unknown_sender_domain
__________________
Home of the SpamSnake
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix not responding to telnet CarbonCopy Server Operation 6 8th May 2009 06:39
HELP: Postfix on Lenny: NO STARTTLS MESSAGE zeus80 HOWTO-Related Questions 2 26th March 2009 19:54
Postfix: Incoming Mail for one domain returns to sender andreyenkin Installation/Configuration 1 15th November 2008 16:35
i dont recive any mail of any domain chua_jose Installation/Configuration 18 10th November 2008 19:55
Bind, Postfix and possibly more problems from "http://" domain entry LunarNexus Installation/Configuration 5 5th April 2006 16:50


All times are GMT +2. The time now is 12:07.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.