E-mail whitelist, how to see it works?

Discussion in 'ISPConfig 3 Priority Support' started by Taleman, Apr 23, 2019.

  1. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    I added an IP-address and domain to Postfix Whitelist in E-Mail -tab. From reading https://www.howtoforge.com/how-to-whitelist-hosts-ip-addresses-in-postfix How To Whitelist Hosts/IP Addresses In Postfix, I assumed ISPConfig would modify /etc/postfix/main.cf. But I see no changes to any files in /etc/postfix.
    Did the whitelisting really do something? How could I verify the whitelisting works?
    I used the whitelist because one of the blacklist I use blocks a sender that does not send spam, at least to my e-mail server.
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    The Postfix white- and blacklist is stored in the mail_access table, the mail_access table is queried in these postfix mysql config files:

    /etc/postfix/mysql-virtual_client.cf:table = mail_access
    /etc/postfix/mysql-virtual_recipient.cf:table = mail_access
    /etc/postfix/mysql-virtual_sender.cf:table = mail_access

    So the whole setup is a virtual setup where the whitelist and blacklist are stored in MySQL. The setup as it is should work. But I guess you might have to wait until an email is sent from the blacklisted location to see if everything is ok.
     
    Last edited: Apr 23, 2019
  3. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    I see. I'll monitor mail.log until that server sends me something.
     
  4. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Looks like my whitelisting does not work. Debian Stretch with ISPConfig 3.1.13.
    Email | Global Filters | Postfix whitelist
    Code:
    Server                 posti.mydomain.fi
    Whitelist Address     11.22.33.11
    Type                 Recipient
    Active                 V
    Similar entry also for IP-address 11.22.33.10, since the sender has two mail servers listed in MX records.
    I also added whitelist record for sender1domain, but no help.
    Code:
    Server                posti.mydomain.fi
    Whitelist Address    sender1domain.fi
    Type                Recipient
    Active                V
    Parts of mail.log, IP-numbers and domain names obfuscated systematically.

    Code:
    root@posti:/var/log# tail -f mail.log | egrep "(sender1domain.fi|sender2domain|11.22.33.11|11.22.33.10)"
    Apr 30 12:03:01 posti postfix/smtpd[23056]: NOQUEUE: filter: RCPT from localhost[::1]: <[email protected]>: Sender address triggers FILTER amavis:[127.0.0.1]:10026; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<posti.mydomain.fi>
    Apr 30 12:03:02 posti amavis[18258]: (18258-12) Passed CLEAN {RelayedOutbound}, ORIGINATING LOCAL [::1]:38534 <[email protected]> -> <[email protected]>, Queue-ID: 52506A03BA, Message-ID: <[email protected]>, mail_id: 6NnbvA8PZ8IW, Hits: -0.999, size: 1079, queued_as: 382E0A03BB, 845 ms
    Apr 30 12:03:02 posti postfix/smtp[23060]: 52506A03BA: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10026, delay=0.99, delays=0.1/0.04/0.01/0.85, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10027): 250 2.0.0 Ok: queued as 382E0A03BB)
    Apr 30 12:03:12 posti postfix/smtp[23086]: 382E0A03BB: to=<[email protected]>, relay=mailscanner02.sendingserver.fi[11.22.33.11]:25, delay=10, delays=0.03/0.04/0.64/9.8, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as E89E641BE0)
    May  1 20:01:10 posti postfix/smtpd[12543]: connect from mailscanner01.sendingserver.fi[11.22.33.10]
    May  1 20:01:10 posti postfix/smtpd[12543]: NOQUEUE: filter: RCPT from mailscanner01.sendingserver.fi[11.22.33.10]: <[email protected]>: Sender address triggers FILTER amavis:[127.0.0.1]:10026; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mailscanner01.sendingserver.fi>
    May  1 20:01:10 posti postfix/smtpd[12543]: NOQUEUE: filter: RCPT from mailscanner01.sendingserver.fi[11.22.33.10]: <[email protected]>: Sender address triggers FILTER amavis:[127.0.0.1]:10024; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mailscanner01.sendingserver.fi>
    May  1 20:01:10 posti postfix/smtpd[12543]: NOQUEUE: reject: RCPT from mailscanner01.sendingserver.fi[11.22.33.10]: 554 5.7.1 Service unavailable; Client host [11.22.33.10] blocked using bl.suomispam.net; 20180925 sender4.fi; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mailscanner01.sendingserver.fi>
    May  1 20:01:11 posti postfix/smtpd[12543]: disconnect from mailscanner01.sendingserver.fi[11.22.33.10] ehlo=2 starttls=1 mail=1 rcpt=0/1 data=0/1 rset=1 quit=1 commands=6/8
    May  1 20:02:25 posti postfix/smtpd[12543]: connect from mailscanner02.sendingserver.fi[11.22.33.11]
    May  1 20:02:25 posti postfix/smtpd[12543]: NOQUEUE: filter: RCPT from mailscanner02.sendingserver.fi[11.22.33.11]: <[email protected]>: Sender address triggers FILTER amavis:[127.0.0.1]:10026; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mailscanner02.sendingserver.fi>
    May  1 20:02:25 posti postfix/smtpd[12543]: NOQUEUE: filter: RCPT from mailscanner02.sendingserver.fi[11.22.33.11]: <[email protected]>: Sender address triggers FILTER amavis:[127.0.0.1]:10024; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mailscanner02.sendingserver.fi>
    May  1 20:02:25 posti postfix/smtpd[12543]: NOQUEUE: reject: RCPT from mailscanner02.sendingserver.fi[11.22.33.11]: 554 5.7.1 Service unavailable; Client host [11.22.33.11] blocked using bl.suomispam.net; 20181114 sender1domain.fi; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mailscanner02.sendingserver.fi>
    May  1 20:02:25 posti postfix/smtpd[12543]: disconnect from mailscanner02.sendingserver.fi[11.22.33.11] ehlo=2 starttls=1 mail=1 rcpt=0/1 data=0/1 rset=1 quit=1 commands=6/8
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    I don't think that you can whitelist a server IP for type recipient. There are some explanations in the ISPConfig manual on page 208 and 209 which explains which values in whitelist address are used in conjunction with the Type field.
     
  6. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    It's on page 200 on my ISPConfig Manual 3-1.
    It says Recipient is for
    The Recipient looked to me the best bet. But I admit the descriptions for Recipient, Sender and Client do confuse me.
    I'll try Client next. Maybe Recipient checks what is in RCPT TO: field, and not the actual sending server.
     

Share This Page