I added an IP-address and domain to Postfix Whitelist in E-Mail -tab. From reading https://www.howtoforge.com/how-to-whitelist-hosts-ip-addresses-in-postfix How To Whitelist Hosts/IP Addresses In Postfix, I assumed ISPConfig would modify /etc/postfix/main.cf. But I see no changes to any files in /etc/postfix. Did the whitelisting really do something? How could I verify the whitelisting works? I used the whitelist because one of the blacklist I use blocks a sender that does not send spam, at least to my e-mail server.
The Postfix white- and blacklist is stored in the mail_access table, the mail_access table is queried in these postfix mysql config files: /etc/postfix/mysql-virtual_client.cf:table = mail_access /etc/postfix/mysql-virtual_recipient.cf:table = mail_access /etc/postfix/mysql-virtual_sender.cf:table = mail_access So the whole setup is a virtual setup where the whitelist and blacklist are stored in MySQL. The setup as it is should work. But I guess you might have to wait until an email is sent from the blacklisted location to see if everything is ok.
Looks like my whitelisting does not work. Debian Stretch with ISPConfig 3.1.13. Email | Global Filters | Postfix whitelist Code: Server posti.mydomain.fi Whitelist Address 11.22.33.11 Type Recipient Active V Similar entry also for IP-address 11.22.33.10, since the sender has two mail servers listed in MX records. I also added whitelist record for sender1domain, but no help. Code: Server posti.mydomain.fi Whitelist Address sender1domain.fi Type Recipient Active V Parts of mail.log, IP-numbers and domain names obfuscated systematically. Code: root@posti:/var/log# tail -f mail.log | egrep "(sender1domain.fi|sender2domain|11.22.33.11|11.22.33.10)" Apr 30 12:03:01 posti postfix/smtpd[23056]: NOQUEUE: filter: RCPT from localhost[::1]: <[email protected]>: Sender address triggers FILTER amavis:[127.0.0.1]:10026; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<posti.mydomain.fi> Apr 30 12:03:02 posti amavis[18258]: (18258-12) Passed CLEAN {RelayedOutbound}, ORIGINATING LOCAL [::1]:38534 <[email protected]> -> <[email protected]>, Queue-ID: 52506A03BA, Message-ID: <[email protected]>, mail_id: 6NnbvA8PZ8IW, Hits: -0.999, size: 1079, queued_as: 382E0A03BB, 845 ms Apr 30 12:03:02 posti postfix/smtp[23060]: 52506A03BA: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10026, delay=0.99, delays=0.1/0.04/0.01/0.85, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10027): 250 2.0.0 Ok: queued as 382E0A03BB) Apr 30 12:03:12 posti postfix/smtp[23086]: 382E0A03BB: to=<[email protected]>, relay=mailscanner02.sendingserver.fi[11.22.33.11]:25, delay=10, delays=0.03/0.04/0.64/9.8, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as E89E641BE0) May 1 20:01:10 posti postfix/smtpd[12543]: connect from mailscanner01.sendingserver.fi[11.22.33.10] May 1 20:01:10 posti postfix/smtpd[12543]: NOQUEUE: filter: RCPT from mailscanner01.sendingserver.fi[11.22.33.10]: <[email protected]>: Sender address triggers FILTER amavis:[127.0.0.1]:10026; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mailscanner01.sendingserver.fi> May 1 20:01:10 posti postfix/smtpd[12543]: NOQUEUE: filter: RCPT from mailscanner01.sendingserver.fi[11.22.33.10]: <[email protected]>: Sender address triggers FILTER amavis:[127.0.0.1]:10024; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mailscanner01.sendingserver.fi> May 1 20:01:10 posti postfix/smtpd[12543]: NOQUEUE: reject: RCPT from mailscanner01.sendingserver.fi[11.22.33.10]: 554 5.7.1 Service unavailable; Client host [11.22.33.10] blocked using bl.suomispam.net; 20180925 sender4.fi; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mailscanner01.sendingserver.fi> May 1 20:01:11 posti postfix/smtpd[12543]: disconnect from mailscanner01.sendingserver.fi[11.22.33.10] ehlo=2 starttls=1 mail=1 rcpt=0/1 data=0/1 rset=1 quit=1 commands=6/8 May 1 20:02:25 posti postfix/smtpd[12543]: connect from mailscanner02.sendingserver.fi[11.22.33.11] May 1 20:02:25 posti postfix/smtpd[12543]: NOQUEUE: filter: RCPT from mailscanner02.sendingserver.fi[11.22.33.11]: <[email protected]>: Sender address triggers FILTER amavis:[127.0.0.1]:10026; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mailscanner02.sendingserver.fi> May 1 20:02:25 posti postfix/smtpd[12543]: NOQUEUE: filter: RCPT from mailscanner02.sendingserver.fi[11.22.33.11]: <[email protected]>: Sender address triggers FILTER amavis:[127.0.0.1]:10024; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mailscanner02.sendingserver.fi> May 1 20:02:25 posti postfix/smtpd[12543]: NOQUEUE: reject: RCPT from mailscanner02.sendingserver.fi[11.22.33.11]: 554 5.7.1 Service unavailable; Client host [11.22.33.11] blocked using bl.suomispam.net; 20181114 sender1domain.fi; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mailscanner02.sendingserver.fi> May 1 20:02:25 posti postfix/smtpd[12543]: disconnect from mailscanner02.sendingserver.fi[11.22.33.11] ehlo=2 starttls=1 mail=1 rcpt=0/1 data=0/1 rset=1 quit=1 commands=6/8
I don't think that you can whitelist a server IP for type recipient. There are some explanations in the ISPConfig manual on page 208 and 209 which explains which values in whitelist address are used in conjunction with the Type field.
It's on page 200 on my ISPConfig Manual 3-1. It says Recipient is for The Recipient looked to me the best bet. But I admit the descriptions for Recipient, Sender and Client do confuse me. I'll try Client next. Maybe Recipient checks what is in RCPT TO: field, and not the actual sending server.