Hello, We are using the following parameters on main.cf smtpd_client_restrictions= smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf, permit_mynetworks, permit_sasl_authenticated, reject_rbl_client dnsbl.sorbs.net I tought if I used the Postfix Whitelist on Global filters would allow the sender domain to sent the email even if the IP of the sender is on blacklists but is not working . Is there anyway I can whitelist the domain in order to not delete the "reject_rbl_client dnsbl.sorbs.net" on the smtp_client_restrictions? Thanks in advance
smtpd_client_restrictions is to restrict smtp clients, and is not considering the sender domain. The check_client_access lookup will match against the smtp client's hostname or parent domains, if that's helpful (probably not so much, but on some systems or a dedicated mail server the hostname might also match the sender domain). What I would recommend is not use any rbl's directly in smtpd_client_restrictions, but instead implement postscreen's weighted rbls, and use postwhite to bypass postscreen for domains according to their spf record as needed. See https://git.ispconfig.org/ispconfig/ispconfig3/issues/4239 for example. An alternative solution would be to add a check_sender_access map ahead of the rbl rejection which allows senders from that domain. Something like: Code: smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf, permit_mynetworks, check_sender_access texthash:/etc/postfix/smtpd_client_sender_access, permit_sasl_authenticated, reject_rbl_client dnsbl.sorbs.net Then add your allowed domains to /etc/postfix/smtpd_client_sender_access (eg. 'sender.tld OK').
