Previous Section  < Day Day Up >  Next Section

Recipe 21.5. Creating Whitelists

21.5.1 Problem

Because you are setting up all kinds of mail filtering and virus-scanning measures, you are worried about losing wanted mail. How can you make sure wanted messages get through?

21.5.2 Solution

Postfix handles this with map files and the smtpd_sender_restriction directive in /etc/postfix/main.cf.

Put your wanted addresses in a plain text file, one per line, like this:

myfriend@mypal.com                  OK

myotherfriend@thatplace.com         OK

mychum@techies.net                  OK

wanteddomain.com                    OK

.wanteddomain.com                   OK

mychum@                             OK

In this example, the text file is named /etc/postfix/whitelist. Now convert it to a nice fast indexed binary database file:

# postmap /etc/postfix/whitelist

Then add this line to /etc/postfix/main.cf:

smtpd_sender_restriction =

     check_sender_access  hash:/etc/postfix/whitelist

Postfix supports three different database formats. To find out which one your system is using, do the following

$ postconf | grep database_type

default_database_type = hash

21.5.3 Discussion

Postfix's database files can be in one of three formats: hash, btree, or dbm. hash and btree have .db extensions. dbm is split into two files, .pag and .dir. hash is usually the Linux default.

Setting up whitelists of important addresses is the first thing you should do when you're setting up any kind of mail filtering. This is an efficient method for ensuring that mail from people or domains that you want to receive mail from will get through.

The format of your whitelist is based on the /etc/postfix/access file. The check_sender_access directive compares the whitelist to the MAIL FROM command during the SMTP transaction (this command, of course, can be spoofed, but it's still a useful check). The example in this recipe demonstrates three types of address selection:


Everything from one user at one address

myfriend@mypal.com


Everything from a single domain

wanteddomain.com


Everything from a domain, including subdomains (note the leading dot)

.wanteddomain.com


Everything from a single user, from any domain

mychum@

OK means accept the message.

21.5.4 See Also

  • RFC 2821, for a complete description of SMTP commands and codes

  • Recipe 20.19

  • Postfix's SMTPD_ACCESS_README and access(5)

  • Chapter 11 of Postfix: The Definitive Guide

    Previous Section  < Day Day Up >  Next Section