Postfix Whitelist on Global Filters no Working

Discussion in 'Installation/Configuration' started by W-C, Apr 10, 2019.

  1. W-C

    W-C Member


    We are using the following parameters on smtpd_client_restrictions=
    smtpd_client_restrictions = check_client_access mysql:/etc/postfix/, permit_mynetworks, permit_sasl_authenticated, reject_rbl_client

    I tought if I used the Postfix Whitelist on Global filters would allow the sender domain to sent the email even if the IP of the sender is on blacklists but is not working . Is there anyway I can whitelist the domain in order to not delete the "reject_rbl_client" on the smtp_client_restrictions?

    Thanks in advance
  2. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    smtpd_client_restrictions is to restrict smtp clients, and is not considering the sender domain. The check_client_access lookup will match against the smtp client's hostname or parent domains, if that's helpful (probably not so much, but on some systems or a dedicated mail server the hostname might also match the sender domain).

    What I would recommend is not use any rbl's directly in smtpd_client_restrictions, but instead implement postscreen's weighted rbls, and use postwhite to bypass postscreen for domains according to their spf record as needed. See for example.

    An alternative solution would be to add a check_sender_access map ahead of the rbl rejection which allows senders from that domain. Something like:
    smtpd_client_restrictions = check_client_access mysql:/etc/postfix/, permit_mynetworks, check_sender_access texthash:/etc/postfix/smtpd_client_sender_access, permit_sasl_authenticated, reject_rbl_client
    Then add your allowed domains to /etc/postfix/smtpd_client_sender_access (eg. 'sender.tld OK').
    W-C likes this.
  3. W-C

    W-C Member

    Hello Jesse,

    I'd follow your suggestion and let you know how it works...

    Thanks a lot for you help.

Share This Page