By Passing RBL for specific domain for specific IP

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

By Passing RBL for specific domain for specific IP

janaka wicky
Hi,

    Is there a way to by pass RBL check for a specific domain and receiving from specific IP,

my main.cf's smtpd_recipient_restrictions looks like this

smtpd_recipient_restrictions =
            permit_mynetworks,
            reject_unauth_destination,
            reject_rbl_client multi.uribl.com,
            ...
            ... more rbls ....
            ...
            permit


       I've tried creating a smtpd_restriction_class where I assign whitelisted_ip and hash list linking the whitelited_ip with domain as below,

/etc/postfix/whitelisted_ips
===================
aaa.bbb.ccc.ddd    permit
zzz.yyy.ppp.www   reject


/etc/postfix/domain_client_IP_access
============================
my-good.domain.com    whitelisted_ips

and change the main.cf as follows

smtpd_restriction_classes = whitelisted_ips

whitelisted_ips = hash:/etc/postfix/whitelisted_ips

smtpd_recipient_restrictions =
            permit_mynetworks,
            check_client_access hash:/etc/postfix/domain_client_IP_access
            reject_unauth_destination,
            reject_rbl_client multi.uribl.com,
            ...
            ... more rbls ....
            ...
            permit

I checked the rejecting part i.e. sending from zzz.yyy.ppp.www IP but still going through.. also tried at smtpd_sender_restrictions and smtpd_client_restrictions but still the same..

Great if you could help me with this..

Thanks in advance...

With Best Regards,
Janaka
Reply | Threaded
Open this post in threaded view
|

Re: By Passing RBL for specific domain for specific IP

Kamil Raczyński
On 2011-10-19 19:37, Janaka Wickramasinghe wrote:"

>      Is there a way to by pass RBL check for a specific domain and
> receiving from specific IP,

Yes.

>         I've tried creating a smtpd_restriction_class where I assign
> whitelisted_ip and hash list linking the whitelited_ip with domain as below,

You don't need that. It was designed to create rules for groups of
*your* users. Besides - you configured it in wrong way - see
http://www.postfix.org/RESTRICTION_CLASS_README.html

You can use just "check_client_access" option. Use OK for accepting and
REJECT for rejecting emails from particular clients. Both IP addresses
and domain names are allowed. See http://www.postfix.org/access.5.html

Postfix is really, really well documented.

Best Regards
--
Kamil Raczynski
Reply | Threaded
Open this post in threaded view
|

Re: By Passing RBL for specific domain for specific IP

janaka wicky
Thanks for the reply.. yes I've configured wrong way.. it's working now.. :-)

The IP that we wanted to white-list is actually one of the ISPs relay server so, it get blacklisted sometime, but we wanted to receive the mails from one domain which, is also using the same relay server and not wanted to reject only for that domain even though, the IP is blacklisted.

I also had to put the entry to the smtpd_sender_restriction instead of smtpd_recipient_restriction since we are doing the access control  based on the sender.

btw, currently we have the rbl checks at the smtpd_recipient_restriction. Our access control only works if I shift the rbl checks also to smtpd_sender_restriction. Should it have a different effect if I move the rbl checks to the smtpd_sender_restriction ?




2011/10/20 Kamil Raczyński <[hidden email]>
On 2011-10-19 19:37, Janaka Wickramasinghe wrote:"

    Is there a way to by pass RBL check for a specific domain and
receiving from specific IP,

Yes.


       I've tried creating a smtpd_restriction_class where I assign
whitelisted_ip and hash list linking the whitelited_ip with domain as below,

You don't need that. It was designed to create rules for groups of *your* users. Besides - you configured it in wrong way - see http://www.postfix.org/RESTRICTION_CLASS_README.html

You can use just "check_client_access" option. Use OK for accepting and REJECT for rejecting emails from particular clients. Both IP addresses and domain names are allowed. See http://www.postfix.org/access.5.html

Postfix is really, really well documented.

Best Regards
--
Kamil Raczynski