Trust IP for receiving but not relaying

[gtr33m]

I've got a couple of IPs that I need to receive mail for, but they are blacklisted on several RBL lists which I use and want to keep active.

I can add them as trusted MTAs, and can receive mail, but I'm a bit reluctanct to do this as I don't want them to be able to relay mail, just send mail without being blocked because of RBL.

I've done some searching and found the that problem lies with Postfix, and not Spamassasin as it is being rejected completely before being received. Some more searching has lead me to a good solution How To Whitelist Hosts/IP Addresses In Postfix | HowtoForge - Linux Howtos and Tutorials which involves creating a whitelist file and modifying the main.cf file to read the whitelist file.

Problem is, modifying the main.cf file seems to be not recommended and instead needs to be done with zmprov. What I'd like to do is add something similar to

Code:

check_client_access hash:/etc/postfix/rbl_override,

to smtpd_recipient_restrictions.

Is this good idea or even supported?

[phoenix]

Quote:

Originally Posted by gtr33m

I can add them as trusted MTAs, and can receive mail, but I'm a bit reluctanct to do this as I don't want them to be able to relay mail, just send mail without being blocked because of RBL.

Do NOT add them to the Trusted MTA field, that's not what it's for. Search the wiki for 'whitelist' for details on how to whitelist an IP or email address.

[gmichels]

Add to /opt/zimbra/conf/postfix_recipient_restrictions.cf, before the RBL entries:

Code:

check_client_access hash:/opt/zimbra/conf/rbl_override

Edit the file with the IPs you need to whitelist, postmap it and postfix reload as the zimbra user.

Works for me, but be aware that the postfix_recipient_restrictions.cf file will probably be overwritten on zimbra upgrades, so keep a backup copy.

[uxbod]

nice hint, did not really know about the RBL override. thanks and kudos