{"id":771,"date":"2017-09-01T15:44:07","date_gmt":"2017-09-01T12:44:07","guid":{"rendered":"https:\/\/helia.ee\/koolitus\/?page_id=771"},"modified":"2017-09-01T15:44:07","modified_gmt":"2017-09-01T12:44:07","slug":"debian-postfix-how-to-whitelist-hostsip-addresses-in-postfix","status":"publish","type":"page","link":"https:\/\/helia.ee\/koolitus\/?page_id=771","title":{"rendered":"Debian &#8211; Postfix (How To Whitelist Hosts\/IP Addresses In Postfix)"},"content":{"rendered":"<h2 id=\"how-to-whitelist-hostsip-addresses-in-postfix-\">How To Whitelist Hosts\/IP Addresses In Postfix<\/h2>\n<p>Version 1.0<br \/>\nAuthor: Falko Timme<\/p>\n<p>If you are administrating a mail server and use blacklists to block spam (like in this article: <a href=\"https:\/\/www.howtoforge.com\/block_spam_at_mta_level_postfix\" target=\"_blank\" rel=\"noopener\">How To Block Spam Before It Enters The Server (Postfix)<\/a>), you probably know this problem: from time to time your customers complain that they cannot receive emails from certain freemailers. Most often this happens because a freemailer was abused to send out spam and therefore got blacklisted. This short guide shows how you can whitelist such a mail server in Postfix to make your customers happy again.<\/p>\n<div>\n<div id=\"google_ads_div_howtoforge_com_article_rectangle_a_300x250_ad_wrapper\">\n<div id=\"google_ads_div_howtoforge_com_article_rectangle_a_300x250_ad_container\">\n<div><\/div>\n<\/div>\n<\/div>\n<\/div>\n<p>I do not issue any guarantee that this will work for you!<\/p>\n<p>If a blacklisted server tries to send mail to your server, you should find something like this in your mail log:<\/p>\n<p class=\"system\">SMTP error from remote mail server after RCPT TO:&lt;bla@example.com&gt;: host mail.example.com [4.3.2.1]: 554 5.7.1 Service unavailable; Client host [1.2.3.4] blocked using dnsbl.sorbs.net; Currently Sending Spam See: http:\/\/www.sorbs.net\/lookup.shtml?1.2.3.4<\/p>\n<p>In this example, the mail server <span class=\"system\">1.2.3.4<\/span> is blacklisted and therefore blocked.<\/p>\n<p>To whitelist that server, create the file <span class=\"system\">\/etc\/postfix\/rbl_override<\/span> where you list all IP addresses or host names (one per line!) that you want to whitelist:<\/p>\n<p class=\"command\">vi \/etc\/postfix\/rbl_override<\/p>\n<table border=\"1\" width=\"90%\" cellspacing=\"0\" cellpadding=\"2\" align=\"center\" bgcolor=\"#cccccc\">\n<tbody>\n<tr>\n<td class=\"\">\n<pre>1.2.3.4 OK\r\n1.2.3.5 OK\r\nmail.freemailer.tld OK<\/pre>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>After you&#8217;ve created\/modified that file, you must run<\/p>\n<p class=\"command\">postmap \/etc\/postfix\/rbl_override<\/p>\n<p>Next open <span class=\"system\">\/etc\/postfix\/main.cf<\/span> and search for the <span class=\"system\">smtpd_recipient_restrictions<\/span> parameter. Add <span class=\"system\">check_client_access hash:\/etc\/postfix\/rbl_override<\/span> to that parameter, after <span class=\"system\">reject_unauth_destination<\/span>, but before the first blacklist.<\/p>\n<p>So if <span class=\"system\">smtpd_recipient_restrictions<\/span> looks like this now&#8230;<\/p>\n<p class=\"command\">vi \/etc\/postfix\/main.cf<\/p>\n<table border=\"1\" width=\"90%\" cellspacing=\"0\" cellpadding=\"2\" align=\"center\" bgcolor=\"#cccccc\">\n<tbody>\n<tr>\n<td class=\"\">\n<pre>[...]\r\nsmtpd_recipient_restrictions = reject_invalid_hostname,\r\n                               reject_unauth_pipelining,\r\n                               permit_mynetworks,\r\n                               permit_sasl_authenticated,\r\n                               reject_unauth_destination,\r\n                               reject_rbl_client multi.uribl.com,\r\n                               reject_rbl_client dsn.rfc-ignorant.org,\r\n                               reject_rbl_client dul.dnsbl.sorbs.net,\r\n                               reject_rbl_client list.dsbl.org,\r\n                               reject_rbl_client sbl-xbl.spamhaus.org,\r\n                               reject_rbl_client bl.spamcop.net,\r\n                               reject_rbl_client dnsbl.sorbs.net,\r\n                               reject_rbl_client cbl.abuseat.org,\r\n                               reject_rbl_client ix.dnsbl.manitu.net,\r\n                               reject_rbl_client combined.rbl.msrbl.net,\r\n                               reject_rbl_client rabl.nuclearelephant.com,\r\n                               permit\r\n[...]<\/pre>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&#8230; modify it so that it looks as follows:<\/p>\n<div><\/div>\n<table border=\"1\" width=\"90%\" cellspacing=\"0\" cellpadding=\"2\" align=\"center\" bgcolor=\"#cccccc\">\n<tbody>\n<tr>\n<td class=\"\">\n<pre>[...]\r\nsmtpd_recipient_restrictions = reject_invalid_hostname,\r\n                               reject_unauth_pipelining,\r\n                               permit_mynetworks,\r\n                               permit_sasl_authenticated,\r\n                               reject_unauth_destination,\r\n                               check_client_access hash:\/etc\/postfix\/rbl_override,\r\n                               reject_rbl_client multi.uribl.com,\r\n                               reject_rbl_client dsn.rfc-ignorant.org,\r\n                               reject_rbl_client dul.dnsbl.sorbs.net,\r\n                               reject_rbl_client list.dsbl.org,\r\n                               reject_rbl_client sbl-xbl.spamhaus.org,\r\n                               reject_rbl_client bl.spamcop.net,\r\n                               reject_rbl_client dnsbl.sorbs.net,\r\n                               reject_rbl_client cbl.abuseat.org,\r\n                               reject_rbl_client ix.dnsbl.manitu.net,\r\n                               reject_rbl_client combined.rbl.msrbl.net,\r\n                               reject_rbl_client rabl.nuclearelephant.com,\r\n                               permit\r\n[...]<\/pre>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>That&#8217;s it! Restart Postfix, and you&#8217;re done:<\/p>\n<p class=\"command\">\/etc\/init.d\/postfix restart<\/p>\n","protected":false},"excerpt":{"rendered":"<p>How To Whitelist Hosts\/IP Addresses In Postfix Version 1.0 Author: Falko Timme If you are administrating a mail server and use blacklists to block spam (like in this article: How To Block Spam Before It Enters The Server (Postfix)), you probably know this problem: from time to time your customers complain that they cannot receive [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":621,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"class_list":["post-771","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/pages\/771","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=771"}],"version-history":[{"count":1,"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/pages\/771\/revisions"}],"predecessor-version":[{"id":772,"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/pages\/771\/revisions\/772"}],"up":[{"embeddable":true,"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/pages\/621"}],"wp:attachment":[{"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=771"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}