---------- Original Message ---------------------------------- From: wie...@porcupine.org (Wietse Venema) Reply-To: Postfix users <postfix-users@postfix.org> Date: Wed, 9 Dec 2009 16:25:42 -0500 (EST)
>Kenneth Marshall: >> On Wed, Dec 09, 2009 at 03:42:30PM -0500, Wietse Venema wrote: >> > Len Conrad: >> > > postconf -n | egrep postscreen >> > > >> > > postscreen_blacklist_action = drop >> > > postscreen_blacklist_networks = >> > > mysql:/usr/local/etc/postfix/mysql-mta_clients_b.cf >> > ... >> > > postscreen_whitelist_networks = $mynetworks, >> > > hash:/usr/local/etc/postfix/mta_clients_white.map >> > > >> > > postmap -q "12.184.45.106" /usr/local/etc/postfix/mta_clients_white.map >> > > ok >> > > >> > > but still >> > > >> > > Dec 9 15:16:01 mx101 postfix/postscreen[94732]: BLACKLISTED >> > > 12.184.45.106 >> > >> > The postscreen manpage lists the tests in the order of execution. >> > Thus, the blacklist is done tested first. If the client is not >> > blacklisted, then the whitelist test is done. And so on. >> > >> > I could swap the order of black/white tests if there is agreement that >> > the current order is not optimal, but something has to go first. >> > >> > Wietse >> > >> It would make more sense to have the whitelist first since that >> is its normal use, overriding a restriction. > >No problem. I suppose I lost sight of the prime directive, which >is to deliver mail. when 95%+ of the mail is crap, my prime directive is to keep it out. whitelist is usually manual after some @sshole's legit server behaves badly, gets RBLs, gets compromised, and gets harvested into blacklist automatically. btw, how to get: postmap -d "ip.ad.re.ss" msyql:mysql:/usr/local/etc/postfix/mysql-mta_clients_b.cf not to return: postmap: fatal: mysql:/usr/local/etc/postfix/mysql-mta_clients_b.cf map requires O_RDONLY access mode the mysql user in the mysql .cf script has all but grant rights to the mx database. Len
