On Sun, 2009-06-28 at 20:44 +0100, Steve wrote:
> On Sun, 2009-06-28 at 14:38 -0500, Noel Jones wrote:
> > Steve wrote:
> > > Hi,
> > >
> > > I've been looking at some archive posts regarding white listing by
> > > intended recipient domain.
> > >
> > > Say for example I wish to white list any incoming mail for:
> > > b...@example.com - is this actually possible?
> >
> > Yes, this is one reason some people like to put all their
> > restrictions under smtpd_recipient_restrictions.
> >
> > >
> > > Thinking about the stages of the SMTP conversation this is not going to
> > > be available until the RCPT TO is given, so any white list (if it is
> > > possible) would need to go in smtpd_recipient_restrictions. That is what
> > > common sense would tell me.
> >
> > With the default smtpd_delay_reject=yes, recipient information
> > is available during smtpd_{client, helo, sender}_restrictions.
> >
> > But then you have to specify your whitelist multiple times.
> > It's usually easier to just put all your restrictions in
> > smtpd_recipient_restrictions.
> >
> > >
> > > I can already see that any earlier client, helo or sender restrictions
> > > probably can't be white listed by recipient domain - but should it work
> > > at the smtpd_recipient_restriction level?
> > >
> > > Perhaps what I am actually asking is;
> > >
> > > Should this work?
> > > Could it be extended to effect a whole domain (not just b...@example.com,
> > > but *...@example.com)
> >
> > Yes, you can whitelist a whole domain. See the access(5) man
> > page for details. Your lookup table would contain
> > example.com OK
> >
> > > In lieu of smtpd_delay_reject = yes could this be applied to earlier
> > > restrictions?
> >
> > The default setting of smtpd_delay_reject=yes is required if
> > you want to whitelist recipeints during
> > smtpd_{client,helo,sender}_restrictions.
> >
> > But it's easier to just put all your restrictions under
> > smtpd_recipient_restrictions.
> >
> > Oh, be sure to put any whitelists after
> > reject_unauth_destination, such as:
> > smtpd_recipient_restrictions =
> > permit_mynetworks
> > permit_sasl_authenticated
> > reject_unauth_destination
> > ... whitelist goes here ...
> > ... UCE checks here ...
> >
> >
> >
> > -- Noel Jones
>
> Thanks you kindly Noel. Much appreciated.
The one observation I've made is there is no way of spotting in the logs
that the mail was subjected to a whitelist. For example;
map:
example.com OK putting text here does not log it
I'm guessing I can do this
example.com WARN whitelisted
example.com OK
But is there a way to get OK to write to the log without the extra
'warn' line?
