On 26 Dec 2018, at 22:35, Michael Fox wrote:
What I'd like to do is have a whitelist apply to only a specific
reject.
You could use an access table to look up per-recipient rules.
See http://www.postfix.org/RESTRICTION_CLASS_README.html for an
example.
Hmmm. I read that. I don't see how it applies to this case.
That's because the logic for doing it in Postfix is the reverse of what
you'r3e asking for. It still works, however.
Can you give
me an example?
Suppose I have the following general case:
/etc/postfix/whitelist1:
<host_a> OK
<host_b> OK
/etc/postfix/whitelist2:
<host_c> OK
How would I accomplish the following?
smtpd_*_restrictions =
. . .
reject_[type1] . . . (except for hosts in whitelist1)
reject_[type2] . . . (except for hosts in whitelist2)
main.cf:
smtpd_restriction_classes = whitelist1, whitelist2, unwhitelisted
whitelist1 = reject_[type2]
whitelist2 = reject_[type1]
unwhitelisted = reject_[type1], reject_[type2]
smtpd_*_restrictions =
check_client_access pcre:/etc/postfix/whitelisting
... (NOT including reject_[type1] or reject_[type2])
/etc/postfix/whitelisting:
/^host_a$/ whitelist1
/^host_b$/ whitelist1
/^host_c$/ whitelist2
/.*/ unwhitelisted
The reason I'm specifying 'whitelisting' map as pcre type instead of
hash is that I don't think there's any way to make a hash map default to
a restriction class or restriction list. One way to read the access(5)
man page implies that '.' would match any hostname not matched, but I
have not tried that.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Available For Hire: https://linkedin.com/in/billcole
