How to confirm if Postfix whitelist entries are working correctly in ISPConfig 3?

Discussion in 'Installation/Configuration' started by cbj4074, Feb 27, 2014.

  1. cbj4074

    cbj4074 Member

    Hello,

    I have a need to whitelist a specific domain (and any subdomain thereof) such that some of Postfix's normal smtpd_recipient_restrictions are bypassed.

    In ISPConfig 3, I have gone into Email -> Global Filters -> Postfix Whitelist and created a new entry. In "Whitelist Address", I have *.example.com, and the "Type" is Recipient. (The Active box is checked, too, of course.)

    Two questions:

    1.) Is *.example.com the correct notation to use for this? The Postfix documentation states:

    2.) Is there any way to verify that this whitelist entry is actually effective? Everything seems to be in-place, but I need to be able to verify the behavior.

    Here's my current value for smtpd_recipient_restrictions:

    Code:
    smtpd_recipient_restrictions = 
    	permit_mynetworks,
    	permit_sasl_authenticated,
    	reject_unauth_destination,
    	check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf,
    	reject_sender_login_mismatch,
    	reject_invalid_hostname,
    	reject_non_fqdn_hostname,
    	reject_non_fqdn_sender,
    	reject_non_fqdn_recipient,
    	reject_unknown_sender_domain,
    	reject_unknown_recipient_domain,
    	check_policy_service unix:private/policy-spf,
    	check_policy_service inet:127.0.0.1:10023,
    	reject_rbl_client zen.spamhaus.org,
    	reject_rhsbl_helo dbl.spamhaus.org,
    	reject_rhsbl_sender dbl.spamhaus.org
    
    check_recipient_access seems to be the relevant check here. I want to ensure that whitelisted senders are subjected to all of the normal checks, except for the three reject_ rules at the end. Should I move check_recipient_access down the list so that it's just above reject_rbl_client to achieve the desired result?

    Thanks for any assistance with this.
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

  3. cbj4074

    cbj4074 Member

    Thanks for the follow-up, Till.

    I had consulted the manual prior to posting, but the wording is ambiguous. (And not to nit-pick, but the word "Exmaples" should be "Examples" in the documentation. :))

    Is the implication that specifying a "parent domain", such as example.com, includes any subdomain thereof, such as subdomain.example.com?

    Also, any idea regarding question 2.) in my original post?
     

Share This Page