The Linux Page

Skip Postgrey test with a Postfix restriction map

By default, when postfix is installed with postgrey, all the emails that are not blocked by some other means are all passed to postgrey.

What if you have a customer who doesn't want to wait forever to get his/her emails?

Well... you need to bypass postgrey (and good luck to him/her in regard to heavy spamming...)

The setup requires two additional entries as defined here:

# in main.cf
smtpd_restriction_classes = permissive
permissive = permit

Here we define a new class called "permissive" (which is case sensitive!) and that we will use in the restriction access file. Somehow, we cannot just use permit in the file (I tried, it doesn't work!)

# in main.cf
smtpd_recipient_restrictions =
   ... # restrictions that always apply
   check_recipient_access hash:/etc/postfix/recipient_access,
   ... # other restrictions
   check_policy_service inet:127.0.0.1:10023

IMPORTANT NOTE: you'll want to reload the info if your server is live:

service postfix reload

The recipient restrictions can check the email address of a user and permit it. Permitting means everything is okay, accept that email without further checking in this list.

So, in the /etc/postfix/recipient_access you could enter something like:

# in recipient_access
# Get right of stupid spammers at the source
super-spammer@example.com REJECT
# Accept for users who want to avoid further checks and especially the greylist check
accept-now@example.com permissive

IMPORTANT NOTE: you'll also have to run the postmap command, something like this:

postmap hash:/etc/postfix/recipient_access

Notice that to use the "PERMIT" you have to use that permissive class. I'm not too sure why REJECT and OK work and not PERMIT, but at least with the class the desired effect works. Note also that it's all lowercase, you cannot declare a PERMISSIVE class and use permissive in the recipient_access file (or vice versa.)

Of course, you can have as many check_recipient_access entries each with a different filename and thus a different behavior (i.e. the super-spammer could be in a file checked before anything else, and the permissive users may be one or two before the last entry in the list.)

Note that the greylist whitelist_recipients cannot be used for that purpose because the accept-now@example.com is a virtual host and thus it isn't known/understood by greylist itself.

Note also that the recipient_access file could make use of complete domain names:

# in recipient_access
example.com permissive

would accept all users at example.com.

Sources:

http://www.postfix.org/postconf.5.html#smtpd_client_restrictions
http://www.postfix.org/RESTRICTION_CLASS_README.html

Syndicate content

SMS From Me Logo

SMS From Me

To automatically start one on one conversations with your online leads.

     

   

Terms of Site Index

Find the page/content you are looking for with our index.

  • Intrepid

    Name of a Walt Disney character used for a version of Ubuntu.

  • PayPal

    An online credit card processor that anyone, including individuals, can use to get paid. Often viewed as expensive though.

  • QuickBooks
  • drop
  • low