Sep 122009
 

Sometimes we need to do manual whitelisting for mail users whose customers’ admins don’t respond to your complaints about their server settings.

Another option to consider ist automatic whitelisting by using the hand-crafted DNSWL ( http://www.dnswl.org/ ). We should also consider requesting to get added to DNSWL.

dnswl-update.sh

#!/bin/sh
rsync --times rsync1.dnswl.org::dnswl/postfix-* /some/path/

In /etc/postfix/main.cf add this line within the smtpd_recipient_restrictions :

smtpd_recipient_restrictions = ...
     reject_unauth_destination,
     ...
     check_client_access cidr:/etc/postfix/postfix-dnswl-permit,
     ...

Note that reject_unauth_destination must should come before the check_client_access to ensure you do not become an open relay for the whitelisted networks.

After that reload postfix

# postfix reload

we can also put dnswl-update.sh in cronjob/crontab for autmatically updating dnswl db.

01 * * * * root /path-to/dnswl-update.sh > /dev/null 2>&1

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.