Ajouter dans la section smtpd_recipient_restrictions ,après reject_unauth_destination et avant les blacklists la ligne :
| check_client_access hash:/etc/postfix/rbl_override, |
example :
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_non_fqdn_recipient
reject_unknown_sender_domain,
reject_unauth_destination,
reject_non_fqdn_sender,
reject_unknown_recipient_domain,
reject_invalid_helo_hostname,
reject_unlisted_recipient,
reject_unlisted_sender,
reject_non_fqdn_helo_hostname,
reject_unauth_destination,
check_client_access hash:/etc/postfix/internal_networks,
check_sender_access proxy:pgsql:/etc/postfix/postfix-files.d/pgsql_not_our_domain_as_sender.cf,
check_helo_access proxy:pgsql:/etc/postfix/postfix-files.d/pgsql-hello.cf,
check_sender_access proxy:pgsql:/etc/postfix/postfix-files.d/pgsql-sender.cf,
check_client_access proxy:pgsql:/etc/postfix/postfix-files.d/pgsql-client.cf,
check_policy_service unix:private/policyd-spf,
check_client_access hash:/etc/postfix/rbl_override,
reject_rbl_client zen.spamhaus.org,
reject_rhsbl_helo dbl.spamhaus.org,
reject_rhsbl_sender dbl.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client multi.uribl.com,
reject_rbl_client dsn.rfc-ignorant.org,
reject_rbl_client dul.dnsbl.sorbs.net,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client dnsbl.sorbs.net,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client ix.dnsbl.manitu.net,
reject_rbl_client combined.rbl.msrbl.net,
reject_rbl_client rabl.nuclearelephant.com,
permit
Création du fichier contenant les IPs ou noms de domaines à whitelister :
1.2.3.4 OK 1.2.3.5 OK domaine.com OK |
'Activation' du fichier (à faire à chaque changement fait de celui-ci :
postmap /etc/postfix/rbl_override |