Re: Can I set up Whitelists W/Blacklists???

At 07:20 PM 1/26/04, willief wrote:


>Hi,
>
>We do spam filtering with access, header_checks, body_checks. Works fine
>except body_checks matches strings in binary attachments from trusted
>senders. I want a whitelist implementation that will not filter the emails
>coming from those listed in the whitelist, and just send them through
>without scanning.
>
>
>A test /etc/postfix/whitelist entry is:
>
>wallymcdoogle@yahoo.com OK
>
>
>
>
>My line in main.cf is:
>
>
>smtpd_recipient_restrictions = check_recipient hash:/etc/postfix/whitelist
>
>
>But when I reload, it gives the following errors and kills postfix
>from sending anything.
>
>
>Jan 26 13:56:10 sally postfix/smtpd[23355]: fatal: parameter
>"smtpd_recipient_restrictions": specify at least one working instance of:
>check_relay_domains, reject_unauth_destination, reject, defer or
>defer_if_permit

Two problems here.
The first is a perception problem. Header and body checks are applied to
all email. There is no whitelist method.
If you must receive mail from these trusted clients, set up a separate
postfix with no header/body checks on a different IP or port, and have them
submit mail there.

The other problem is syntax errors. First, there is no restriction named
"check_recipient" as you have posted above, and, as the error message
indicates, smtpd_recipient_restrictions must contain one of the "reject"
restrictions so you are not an open relay. The default is:
smtpd_recipient_restrictions =
permit_mynetworks
reject_unauth_destination

If you want to add something else, you must explicitly list these and then
add your own restrictions after, as in:
smtpd_recipient_restrictions =
permit_mynetworks
reject_unauth_destination
check_recipient_access hash:/etc/postfix/whitelist

Postfix comes with a lot of documentation, you really have to read it. at
least try.


--
Noel Jones