Per user whitelist in postfix

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Per user whitelist in postfix

Guy-749
Hi,

I'm currently using dnswl (dnswl.org) in my recipient restrictions on a mail gateway.
Below is an example line from the list:
193.222.110.200/32      permit_auth_destination med nonea.se DNSWLId 10128

As I understand it, this whitelists those IP's from all the RBL etc checks that follow in the recipient restrictions?

I've been told that we now need per recipient whitelisting. I'm guessing I need to do something similar to the dnswl, but have it check against mysql using the recipients address to find out whether it should skip the checks. Basically I have to give users the option to receive spam if they so choose.

So is this idea feasible and does anyone have any recommendations on its implementation? Any howtos or documentation from someone that's done something similar would also be appreciated as it doesn't seem to be something done very much.

Thanks
Guy

[Current recipient restrictions]
smtpd_recipient_restrictions =
        permit_mynetworks,
        reject_invalid_hostname,
        reject_non_fqdn_sender,
        reject_unknown_sender_domain,
        reject_unauth_destination,
        check_client_access cidr:/etc/postfix/postfix-dnswl-permit,
        reject_rbl_client zen.spamhaus.org,
        reject_rbl_client bl.spamcop.net,
        reject_rbl_client psbl.surriel.com,
        reject_rhsbl_client zen.spamhaus.org,
        reject_rhsbl_client bl.spamcop.net,
        check_policy_service inet:127.0.0.1:10031,
        permit


--
Don't just do something...sit there!
Reply | Threaded
Open this post in threaded view
|

Re: Per user whitelist in postfix

mouss-2
Guy a écrit :

> Hi,
>
> I'm currently using dnswl (dnswl.org <http://dnswl.org>) in my
> recipient restrictions on a mail gateway.
> Below is an example line from the list:
> 193.222.110.200/32 <http://193.222.110.200/32>    
> permit_auth_destination med nonea.se <http://nonea.se> DNSWLId 10128
>
> As I understand it, this whitelists those IP's from all the RBL etc
> checks that follow in the recipient restrictions?

yes.
>
> I've been told that we now need per recipient whitelisting. I'm
> guessing I need to do something similar to the dnswl, but have it
> check against mysql using the recipients address to find out whether
> it should skip the checks. Basically I have to give users the option
> to receive spam if they so choose.

use check_recipient_access. the lookup should return OK if the user
"wants spam". In "hash" terms, it would be something like


[hidden email]      OK