On Mon, 3 Dec 2012 13:26:25 -0600 /dev/rob0 <r...@gmx.co.uk> wrote
> On Mon, Dec 03, 2012 at 07:40:24PM +0100, Chris wrote:
> > I've been asked to skip RBL checks for certain users on the domain.
> > How can I do that without disabling the for everybody else?
>
> If you're only using good, safe lists, you're only rejecting mail
> which probably should be rejected. What is the goal?
>
> This is not possible if you're using postscreen, which you did not
> mention. In that case perhaps the best solution is to more carefully
> choose the DNSBL services you are using. I can recommend both Zen and
> Barracuda's BRBL as safe and effective for mainstream use. (To the
> point: if you're using those and rejecting real mail, you can be
> certain that you're not the only site they are unable to reach; the
> sending site needs to fix the problems that caused the listing.)
>
> http://www.spamhaus.org/zen/ and
> http://www.barracudacentral.org/rbl
>
> If you're using unsafe and aggressive lists in smtpd restrictions,
> you can implement what you describe by means of restriction classes.
> It's hard work and does not scale well. I have shown an example of
> this in my Postfix/SQLite howto linked from the web address below.
>
> http://www.postfix.org/RESTRICTION_CLASS_README.html
>
> Perhaps a better choice is to write a custom policy service, or to
> tweak an existing one into doing what you need.
>
> http://www.postfix.org/SMTPD_POLICY_README.html
> http://www.postfix.org/addon.html#policy
> --
> http://rob0.nodns4.us/ -- system administration and consulting
> Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
I've looked through the logs and the last couple of days spamcop has blocked
most of the legitimate mail the users have been complaining about.
We're currently checking against those lists:
smtpd_client_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
check_recipient_access hash:/etc/postfix/cidr_bypass,
check_client_access cidr:/etc/postfix/cidr_checks,
check_client_access cidr:/etc/postfix/cidr_asia,
check_client_access pcre:/etc/postfix/fqrdns.regexp,
reject_rbl_client bl.mailspike.net,
reject_rbl_client bl.spamcop.net,
reject_rbl_client dyna.spamrats.com,
reject_rbl_client noptr.spamrats.com,
reject_rbl_client spam.spamrats.com,
reject_rbl_client zen.spamhaus.org,
permit
As far as I'm concerned, when a user starts nagging about this rejected message
or that, I'll let him bypass the checks and deal with the spam himself. That is
until he comes back crawling and begging for help :)
I've looked into the classes definition. Where does the parameter go? Before
'permit_mynetworks'?
Chris
