1

I typically do not use grey listing as it doesn't play nice with multiple mx servers, but I do like preventing direct-access attempts to email me (use an MTA, or don't send email).

I would like to prevent grey-listing for any server that has a valid SPF record.

How can I combine (2) check_policy_services?

Server Setup: Centos7, Postfix, PostGrey, OpenDKIM, SPF, RBLs (listed), as well as TLS support.

postconf | grep smtpd_recipient_restrictions smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination reject_unauth_pipelining, reject_unknown_reverse_client_hostname, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_invalid_hostname,check_recipient_access hash:/etc/postfix/recipient_access, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client b.barracudacentral.org, reject_rbl_client dnsbl.sorbs.net, check_policy_service unix:private/policy, check_policy_service unix:postgrey/socket, permit

Jacob Evans
  • 7,636
  • 3
  • 25
  • 55
  • One way i can think of is to use a single policy service that does the decision if the mail should be accepted – zeridon Oct 21 '15 at 13:56
  • Then how can I combine check_policy_service to do SPF, then grey-list. – Jacob Evans Oct 21 '15 at 13:59
  • good point to start is to look into perl-spf-policy (that makes SPF verification). You could (based on the result of this) either return direct or exec an external piece of code (like graylisting) – zeridon Oct 22 '15 at 07:34

0 Answers0