Re: postfix and ipwhois.rfc-ignorant.org

[Magnus Bäck <magnus@xxxxxxxxxxx>]

On Monday, October 18, 2004 at 08:53 CEST,
     Carinus Carelse <carinus.carelse@xxxxxxxxx> wrote:

> I have implemented this config for the rfc-ignorants nad I have an
> exception map for the rhsbl_sender.  How can I configure an exeception
> map for the rest of the rfc-igonrants. like the ipwhois and the
> bogusmx.  The One exception map does not seem to work for all of them

[...]

> smtpd_recipient_restrictions = permit_mynetworks
>                                               check_sender_access
> dbm:/etc/postfix2/disallow_my_domain
>                                               check_sender_access
> dbm:/etc/postfix2/rhsbl_sender_domain_exceptions
>                                               reject_unauth_destination
>                                               reject_rhsbl_sender
> dsn.rfc-ignorant.org
>                                               reject_rbl_client
> ipwhois.rfc-ignorant.org
>                                               reject_rhsbl_sender
> bogusmx.rfc-ignorant.org

Beware! An OK in rhsbl_sender_domain_exceptions will make you an open
relay. Move reject_unauth_destination right after permit_mynetworks
and you'll be safe.

Otherwise, that map will serve as a whitelist for all following
restrictions and not just reject_rhsbl_sender. But you might want
to introduce a check_client_access-based whitelist to override the
reject_rbl_client restrictions as it doesn't make very good sense
to whitelist certain clients based on the sender address.

[...]

-- 
Magnus Bäck
magnus@xxxxxxxxxxx