Hello Nicolas,
Try this:
Remove 'check_client_access hash:/etc/postfix/client_access' from
smtpd_recipient_restrictions. Add the following line in main.cf
somewhere before/above smtpd_recipient_restrictions:
smtpd_client_restrictions = hash:/etc/postfix/client_access
And make sure you 'postmap /etc/postfix/client_access' any time you make
changes to the file. And obviously, 'postfix reload' whenever you make
changes to main.cf.
Hope this helps.
Stan
Nicolas KOWALSKI wrote:
Hello,
I would like to whitelist a specific host, because it is currently
listed in the zen rbl, but I am unable to do so.
Here is a sample log of the rejected host connecting to my postfix:
Aug 4 14:17:17 petole postfix/smtpd[23545]: connect from
225.96.68-86.rev.gaoland.net[86.68.96.225]
Aug 4 14:17:17 petole postfix/smtpd[23545]: setting up TLS connection from
225.96.68-86.rev.gaoland.net[86.68.96.225]
Aug 4 14:17:17 petole postfix/smtpd[23545]: TLS connection established from
225.96.68-86.rev.gaoland.net[86.68.96.225]: TLSv1 with cipher ADH-AES256-SHA
(256/256 bits)
Aug 4 14:17:18 petole postfix/smtpd[23545]: NOQUEUE: reject: RCPT from
225.96.68-86.rev.gaoland.net[86.68.96.225]: 554 5.7.1 Service unavailable; Client host
[86.68.96.225] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=86.68.96.225;
from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]> proto=ESMTP
helo=<demisel.dyndns.org>
Aug 4 14:17:18 petole postfix/smtpd[23545]: disconnect from
225.96.68-86.rev.gaoland.net[86.68.96.225]
- I added the following line (full postconf -n below) to the
smtpd_recipient_restrictions, before the rbl check:
check_client_access hash:/etc/postfix/client_access
- /etc/postfix/client_access contains:
demisel.dyndns.org OK
- the full configuration:
petole:~# postconf -n
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
config_directory = /etc/postfix
disable_mime_output_conversion = yes
header_checks = regexp:/etc/postfix/header_checks
inet_protocols = all
local_recipient_maps = hash:/etc/postfix/local_recipients, $alias_maps
mailbox_size_limit = 0
mailbox_transport = cyrus
maximal_queue_lifetime = 60d
message_size_limit = 0
mydestination = localhost, localhost.localdomain, petole, petole.lan,
petole.dyndns.org, petole.demisel.net
mydomain = $myhostname
myhostname = petole.dyndns.org
relay_domains = demisel.dyndns.org
relay_recipient_maps = hash:/etc/postfix/relay_recipients
relayhost = [mail.club-internet.fr]
smtp_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtp_tls_loglevel = 1
smtp_tls_security_level = may
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination,
check_client_access hash:/etc/postfix/client_access,
reject_non_fqdn_sender, reject_non_fqdn_recipient,
reject_invalid_hostname, reject_unknown_hostname,
reject_unknown_sender_domain, reject_rbl_client zen.spamhaus.org, permit
smtpd_tls_cert_file = /etc/postfix/ssl/petole-crt.pem
smtpd_tls_key_file = /etc/postfix/ssl/petole-key.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_timeout = 3600s
Any help would be appreciated,
Thanks,
