Correct way to do whitlising / bypassing of filtering.

To: <postfix-users@xxxxxxxxxxx>
Subject: Correct way to do whitlising / bypassing of filtering.
From: "Mike" <MikeD@xxxxxxxxx>
Date: Thu, 28 Oct 2004 23:18:07 -0400
Delivered-to: zerbey@xxxxxxxxxxxxxx
Delivered-to: postfix-users-outgoing@xxxxxxxxxx
Delivered-to: postfix-users@xxxxxxxxxx
List-help: <http://www.postfix.org/lists.html>
List-post: <mailto:postfix-users@postfix.org>
List-subscribe: <mailto:majordomo@postfix.org>
List-unsubscribe: <mailto:majordomo@postfix.org>
Sender: owner-postfix-users@xxxxxxxxxxx
Thread-index: AcS9X7Ifid6/fnaHQUaSZkTUxtq52AABgD0g

OK I have pasted my configuration below wich works well for blocking spam etc, but gives us issues when we try to whitelist someone in order to bypass RBL's etc.

What I would like to do is 2 types of whitelisting.

1. individual emails like bob@xxxxxxx, as well as a more wildcard approach like @123.com.

when we bounce messages from lefit people we want to add them to the list so their email can go through.

2. I also want to allow our internal servers which send out mail from this box to be able to skip by the filtering. In this case either IP address, or server1.myoffice.com.

( this server is already in my mynetworks settings)

One reason that we are trying to do this ( so you can better understand my situation ) is when we send out electronic invoices or statements to clients, our exchange server sends these 200k pdf files to the postfix server, but the postfix server starts to filter the incoming message, so as you can imagine with all the body_checks, SA, header_checks RBL's etc. cleanup for each message starts to eat up cpu to the point that top returns a load average of 30 - 50 which is nasty.

Now we are only sending between 30 - 50 of these things at any given time so it's not like we are trying to send out 50k emails and saying the system is slow etc.

Having said that I was using check_client_access hash:/etc/postfix/client_access to try and allow those people to bypass filtering, but it wasn't working.

Sometimes the check_client_access -vs- check_sender_access gets a little fuzzy as to which is really the right way to accomplish this, assuming I am even in the ballpark.

If you could please provide me with some detailed help that would be great!

Also If I am just trying something that can't be done, let me know...

Thanks!

Mike

My Config --------------------------------------------------

myorigin = $mydomain
mydestination = $myhostname, localhost.$mydomain, $mydomain

myhostname = server1.myoffice.com
mynetworks =
127.0.0.0/8

delay_warning_time = 24h

# -----< Stop Forged Mail from Freemail places >-----------------------------------------
smtpd_restriction_classes = from_freemail_host
from_freemail_host = check_client_access hash:/etc/postfix/freemail_hosts,
reject

# ---------------------------------------------------------------------
mail_spool_directory = /var/spool/mail

biff = no
soft_bounce = no
smtpd_helo_required = yes
strict_rfc821_envelopes = yes
disable_vrfy_command = yes
smtpd_hard_error_limit = 3
smtpd_junk_command_limit = 3

unknown_address_reject_code = 554
unknown_hostname_reject_code = 554
unknown_client_reject_code = 554

deliver_lock_attempts = 10

# -----< SMTP AUTH >----------------------------------------------------------------

smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes

# -----< Virtual >----------------------------------------------------------------
virtual_maps = hash:/etc/postfix/virtual
hash:/etc/postfix/local-host-names

alias_maps = hash:/etc/postfix/aliases
mx_access = hash:/etc/postfix/mx_access
relay_domains = /etc/postfix/relay-domains
transport_maps = hash:/etc/postfix/transport
relay_recipient_maps = hash:/etc/postfix/relay_recipients

# -----------------------------------------------------------------------
smtpd_recipient_restrictions =
        reject_invalid_hostname,
#       reject_non_fqdn_hostname,
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        reject_unknown_sender_domain,
        reject_unknown_recipient_domain,
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_unauth_destination,

        check_client_access hash:/etc/postfix/client_access,
#---------------------------------------------------------------- Stop Forged Mail from Freemail places
        check_sender_access hash:/etc/postfix/freemail_access,
#---------------------------------------------------------------- Verisign Hijack Reject ( mx_access )
        check_recipient_mx_access hash:/etc/postfix/mx_access,
        reject_unauth_pipelining,
# ---------< RBL's >----------------------------------------
        reject_rbl_client bl.spamcop.net,
        reject_rbl_client sbl.spamhaus.org,
        reject_rbl_client list.dsbl.org,
        reject_rhsbl_sender dsn.rfc-ignorant.org
        reject_rbl_client relays.ordb.org,
        reject_rbl_client cbl.abuseat.org,
        reject_rbl_client blackholes.uceb.org,
        reject_rbl_client opm.blitzed.org,
        reject_rbl_client dnsbl.ahbl.org,
        warn_if_reject reject_rbl_client virbl.dnsbl.bit.nl,

#---------------------------------------------------------------- Spam Assassin
check_recipient_access hash:/etc/postfix/filtered_domains

# -------------------------------------------------
message_size_limit = 20000000
mailbox_size_limit = 35000000
body_checks_size_limit = 21200
bounce_size_limit = 2048
maximal_queue_lifetime = 5d
bounce_queue_lifetime = 1d

# -------------------------------------------------
body_checks = pcre:/etc/postfix/body_checks
header_checks = regexp:/etc/postfix/header_checks
html_directory = no

Prev by Date: Re: upgrading from very old (1999!) to 2.1.5 - some problems
Next by Date: Slow banner display, one interface only
Previous by thread: Re: How can I use any.any@domain in the name??
Next by thread: Re: Hello
Index(es):
- Date
- Thread