Steve wrote:
Hi,
I've been looking at some archive posts regarding white listing by
intended recipient domain.
Say for example I wish to white list any incoming mail for:
b...@example.com - is this actually possible?
Yes, this is one reason some people like to put all their
restrictions under smtpd_recipient_restrictions.
Thinking about the stages of the SMTP conversation this is not going to
be available until the RCPT TO is given, so any white list (if it is
possible) would need to go in smtpd_recipient_restrictions. That is what
common sense would tell me.
With the default smtpd_delay_reject=yes, recipient information
is available during smtpd_{client, helo, sender}_restrictions.
But then you have to specify your whitelist multiple times.
It's usually easier to just put all your restrictions in
smtpd_recipient_restrictions.
I can already see that any earlier client, helo or sender restrictions
probably can't be white listed by recipient domain - but should it work
at the smtpd_recipient_restriction level?
Perhaps what I am actually asking is;
Should this work?
Could it be extended to effect a whole domain (not just b...@example.com,
but *...@example.com)
Yes, you can whitelist a whole domain. See the access(5) man
page for details. Your lookup table would contain
example.com OK
In lieu of smtpd_delay_reject = yes could this be applied to earlier
restrictions?
The default setting of smtpd_delay_reject=yes is required if
you want to whitelist recipeints during
smtpd_{client,helo,sender}_restrictions.
But it's easier to just put all your restrictions under
smtpd_recipient_restrictions.
Oh, be sure to put any whitelists after
reject_unauth_destination, such as:
smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
... whitelist goes here ...
... UCE checks here ...
-- Noel Jones
