0

Because an specific IP is often von a black list provider I have to put this IP on a whitelist because there are too many false-positives.

I configured it some time ago and I am a Windows Administrator - so I am not that fresh in this subject anymore and need help. The Problem is that the whitelisted IP is still blocked by bl.spamcop.net.

I guess you need the important content of the configuration:

smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/blockedSender smtpd_client_restrictions = check_client_access hash:/etc/postfix/IPWhitelist smtpd_relay_restrictions = reject_unknown_reverse_client_hostname reject_unknown_sender_domain permit_mynetworks permit_sasl_authenticated reject_unauth_destination reject_rbl_client zen.spamhaus.org reject_rbl_client bl.spamcop.net reject_rbl_client psbl.surriel.com

What is not clear for me: Is postfix still handle the other things like relay and recipient restrictions EVEN if I put the IP on the whitelist (wouldn't make sense because it is a whitelist and further testing is not needed)?

Markus Schuhmacher
  • 1
  • In the case of a closure, I think your question may be a beter match on http://unix.stackexchange.com . – peterh Jun 20 '17 at 05:08

1 Answers1

1

smtpd_recipient_restrictions, smtpd_client_restrictions and smtpd_relay_restrictions are all handling different restrictions. If you put an IP on whitelist for smtpd_client_restrictions it only enables this IP to connect to SMTP port and doesn't enable email relay. To enable relay you need to modify smtpd_relay_restrictions but you need to keep in mind that by enabling relay for someone who is blocked by spamcop you can end up being blocked yourself.

AlexD
  • 8,179
  • 2
  • 28
  • 38
  • hmm... My goal is to specify an IP of an host (in my case a big ISP in my country who I have seen often on those lists) which bypasses the SPAM filter regarding blocking lists or content filtering. But I would appreciate that the specified IP would not be able to let my system send a message to other external systems. This is what I want to achieve. – Markus Schuhmacher Jun 10 '17 at 19:33
  • Would it help to achieve my goal if I maintain a list of senders xyz@t-online.de for example. Would this prevent postfix blocking this mail? If so what must I configure? – Markus Schuhmacher Jun 10 '17 at 19:48
  • To allow receiving mail from an IP without enabling relaying you need to modify `smtpd_recipient_restrictions` and add `check_client_access` with appropriate IP table. Alternatively you can use existing /etc/postfix/blockedSender to whitelist allowed senders. – AlexD Jun 11 '17 at 07:57
  • Thank you for the advice. I tried to modify the blockedSender file and added "address@domain.tld OK" into the file and rebuild it with postmap. I will see if it will work that way. – Markus Schuhmacher Jun 11 '17 at 18:40