Syndicate content

Skip Postgrey test with a Postfix restriction map

By default, when postfix is installed with postgrey, all the emails that are not blocked by some other means are all passed to postgrey.

What if you have a customer who doesn't want to wait forever to get his/her emails?

Well... you need to bypass postgrey (and good luck to him/her in regard to heavy spamming...)

The setup requires two additional entries as defined here:

# in main.cf
smtpd_restriction_classes = permissive
permissive = permit

Here we define a new class called "permissive" (which is case sensitive!) and that we will use in the restriction access file. Somehow, we cannot just use permit in the file (I tried, it doesn't work!)

# in main.cf
smtpd_recipient_restrictions =
   ... # restrictions that always apply
   check_recipient_access hash:/etc/postfix/recipient_access,
   ... # other restrictions
   check_policy_service inet:127.0.0.1:10023

IMPORTANT NOTE: you'll want to reload the info if your server is live:

service postfix reload

The recipient restrictions can check the email address of a user and permit it. Permitting means everything is okay, accept that email without further checking in this list.

So, in the /etc/postfix/recipient_access you could enter something like:

# in recipient_access
# Get right of stupid spammers at the source
super-spammer@example.com REJECT
# Accept for users who want to avoid further checks and especially the greylist check
accept-now@example.com permissive

IMPORTANT NOTE: you'll also have to run the postmap command, something like this:

postmap hash:/etc/postfix/recipient_access

Notice that to use the "PERMIT" you have to use that permissive class. I'm not too sure why REJECT and OK work and not PERMIT, but at least with the class the desired effect works. Note also that it's all lowercase, you cannot declare a PERMISSIVE class and use permissive in the recipient_access file (or vice versa.)

Of course, you can have as many check_recipient_access entries each with a different filename and thus a different behavior (i.e. the super-spammer could be in a file checked before anything else, and the permissive users may be one or two before the last entry in the list.)

Note that the greylist whitelist_recipients cannot be used for that purpose because the accept-now@example.com is a virtual host and thus it isn't known/understood by greylist itself.

Note also that the recipient_access file could make use of complete domain names:

# in recipient_access
example.com permissive

would accept all users at example.com.

Sources:

http://www.postfix.org/postconf.5.html#smtpd_client_restrictions
http://www.postfix.org/RESTRICTION_CLASS_README.html

Syndicate content

Diverse Realty

Diverse Realty Team

Want a New Home?
Want to Sell Your House?

Call Alex at
+1 (916)
220 6482

Alexis Wilke, Realtor
Salesperson
Lic. # 02024063

Cory Marcus, Broker
Lic. # 01079165

     

Terms of Site Index

Find the page/content you are looking for with our index.