I have postscreen setup according to the how-to. I use the following
configuration for the access list. As I understand it, I can only add IP addresses or ranges to this list. Is it possible to whitelist the domain name in the from address? postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access.cidr |
On 10.11.17 10:33, [hidden email] wrote:
>I have postscreen setup according to the how-to. I use the following >configuration for the access list. As I understand it, I can only add >IP addresses or ranges to this list. Is it possible to whitelist the >domain name in the from address? no. postscreen is lighweight and runs so early that it only knows the client IP, not the sender domain. -- Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I drive way too fast to worry about cholesterol. |
In reply to this post by lists
On 11/10/2017 10:33 AM, [hidden email] wrote:
> I have postscreen setup according to the how-to. I use the following > configuration for the access list. As I understand it, I can only > add IP addresses or ranges to this list. Is it possible to whitelist > the domain name in the from address? > > > postscreen_access_list = permit_mynetworks, > cidr:/etc/postfix/postscreen_access.cidr It is not possible to whitelist by names in postscreen. Postscreen operates at a very early stage where the only information available is the client IP. |
Thanks, I thought that might be the case.
The problem I'm trying to solve is these messages in the log file: postfix/postscreen[2938]: NOQUEUE: reject: CONNECT from [91.238.9.63]:38101: too many connections I think this must be from the limit I set up with smtpd_client_connection_count_limit as described here? postscreen_client_connection_count_limit ($smtpd_client_connection_count_limit) How many simultaneous connections any client is allowed to have with the postscreen(8) daemon. Most of the time, this is not a problem. This IP for example is a spammer and I want them to be limited. But I have a legitimate server that needs to send a lot of email at once. Can I bypass this limit by adding the sender's IP to postscreen_access.cidr? I've already added their domain to smtpd_client_event_limit_exceptions. On 2017-11-10 10:56 am, Noel Jones wrote: > On 11/10/2017 10:33 AM, [hidden email] wrote: >> I have postscreen setup according to the how-to. I use the following >> configuration for the access list. As I understand it, I can only >> add IP addresses or ranges to this list. Is it possible to whitelist >> the domain name in the from address? >> >> >> postscreen_access_list = permit_mynetworks, >> cidr:/etc/postfix/postscreen_access.cidr > > > It is not possible to whitelist by names in postscreen. Postscreen > operates at a very early stage where the only information available > is the client IP. |
In reply to this post by Noel Jones-2
Noel Jones:
> On 11/10/2017 10:33 AM, [hidden email] wrote: > > I have postscreen setup according to the how-to. I use the following > > configuration for the access list. As I understand it, I can only > > add IP addresses or ranges to this list. Is it possible to whitelist > > the domain name in the from address? > > > > > > postscreen_access_list = permit_mynetworks, > > ??????? cidr:/etc/postfix/postscreen_access.cidr > > > It is not possible to whitelist by names in postscreen. Postscreen > operates at a very early stage where the only information available > is the client IP. Confirmed. By design, postscreen will do DNS lookups only from a small number of DNSBL or DNSWL domains. Those servers are set up to provide quick responses. Making postscreen dependent on DNS lookups from random DNS servers would disastrously limit the amount of traffic that postscreen can handle. Wietse |
In reply to this post by lists
[hidden email]:
> Most of the time, this is not a problem. This IP for example is a > spammer and I want them to be limited. But I have a legitimate server > that needs to send a lot of email at once. Can I bypass this limit by > adding the sender's IP to postscreen_access.cidr? I've already added > their domain to smtpd_client_event_limit_exceptions. Yes, whitelist their network in the postscreen access table. Wietse |
Free forum by Nabble | Edit this page |