[prev in list] [next in list] [prev in thread] [next in thread] 

List:       postfix-users
Subject:    Re: Whitelisting refuses to work
From:       "Bill Cole" <postfixlists-070913 () billmail ! scconsult ! com>
Date:       2019-12-17 18:49:05
Message-ID: F3AA0486-F970-43C9-9ADE-159FD1924F61 () billmail ! scconsult ! com
[Download RAW message or body]

On 17 Dec 2019, at 9:24, Ieva Dav wrote:

> Hi,
>
> So i inherited an old postfix setup and we have:
>
> smtpd_client_restrictions =
>   check_client_access hash:$conf_dir/whitelist,
>   reject_rbl_client blah
>   reject_rbl_client blahblah
>   etc
>
> And it still blocks the domains i put in the whitelist.

Note that check_client_access requires an IPv4 address or 1-3 octet 
prefix, an  IPv6 address or 3-8 octetpair prefix, or a domain tail that 
matches the VERIFIED reverse name of the client host. It does NOT match 
domains in envelope sender addresses, EHLO/HELO names, or any message 
header.


> Google says to have
> this in recipient restrictions instead, but that doesn't work either.

Where you put specific restrictions affects how you can whitelist one 
with another. Ordering across the different restriction lists and within 
each list is important. You can't use a whitelist in 
smtpd_recipient_restrictions to reverse a rejection made in 
smtpd_client_restrictions and a whitelist that operates in 
smtpd_client_restrictions doesn't prevent a rejection in 
smtpd_recipient_restrictions.

Determining what exactly is not working in your case requires more 
details.

> What did i miss?

These instructions for seeking help here:

http://www.postfix.org/DEBUG_README.html#mail



-- 
Bill Cole
bill@scconsult.com or billcole@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
[prev in list] [next in list] [prev in thread] [next in thread]