Recipe 21.5. Creating Whitelists

 < Day Day Up > 

21.5.1 Problem

Because you are setting up all kinds of mail filtering and virus-scanning measures, you are worried about losing wanted mail. How can you make sure wanted messages get through?

21.5.2 Solution

Postfix handles this with map files and the smtpd_sender_restriction directive in /etc/postfix/main.cf.

Put your wanted addresses in a plain text file, one per line, like this:

myfriend@mypal.com                  OK myotherfriend@thatplace.com         OK mychum@techies.net                  OK wanteddomain.com                    OK .wanteddomain.com                   OK mychum@                             OK

In this example, the text file is named /etc/postfix/whitelist. Now convert it to a nice fast indexed binary database file:

# postmap /etc/postfix/whitelist

Then add this line to /etc/postfix/main.cf:

smtpd_sender_restriction =      check_sender_access  hash:/etc/postfix/whitelist

Postfix supports three different database formats. To find out which one your system is using, do the following

$ postconf | grep database_type default_database_type = hash

21.5.3 Discussion

Postfix's database files can be in one of three formats: hash, btree, or dbm. hash and btree have .db extensions. dbm is split into two files, .pag and .dir. hash is usually the Linux default.

Setting up whitelists of important addresses is the first thing you should do when you're setting up any kind of mail filtering. This is an efficient method for ensuring that mail from people or domains that you want to receive mail from will get through.

The format of your whitelist is based on the /etc/postfix/access file. The check_sender_access directive compares the whitelist to the MAIL FROM command during the SMTP transaction (this command, of course, can be spoofed, but it's still a useful check). The example in this recipe demonstrates three types of address selection:


Everything from one user at one address

myfriend@mypal.com


Everything from a single domain

wanteddomain.com


Everything from a domain, including subdomains (note the leading dot)

.wanteddomain.com


Everything from a single user, from any domain

mychum@

OK means accept the message.

21.5.4 See Also

  • RFC 2821, for a complete description of SMTP commands and codes

  • Recipe 20.19

  • Postfix's SMTPD_ACCESS_README and access(5)

  • Chapter 11 of Postfix: The Definitive Guide

     < Day Day Up > 


    Linux Cookbook
    Linux Cookbook
    ISBN: 0596006403
    EAN: 2147483647
    Year: 2004
    Pages: 434

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net