How does one whitelist an IP on UCS Mail? We have been adding sender email addresses that we want to accept to our whitelists in HORDE, but we also need to accept any email that comes from a specific IP. We are having emails being bounced from a specific vendor’s IP despite having the email address in the HORDE whitelists.
These emails are cloud backup status emails that we NEED to get.
The UCS Documentation does not have any instructions on how to whitelist an entire IP address.
Hi,
you may set this in postfix through ucr
rg
Christian
We don’t want to allow from a whole network, just single IPs…so…after a bit of searching…
We found this also…while searching for postfix mail whitelist…
To whitelist that server, create the file /etc/postfix/rbl_override where you list all IP addresses or host names (one per line!) that you want to whitelist.
Then run postmap /etc/postfix/rbl_override
Then add Add check_client_access hash:/etc/postfix/rbl_override to that parameter, after reject_unauth_destination, but before the first blacklist in UCR
Under mail/postfix/smtpd/restrictions/recipient registry entry.
Example:
mail/postfix/smtpd/restrictions/recipient/.*:
mail/postfix/smtpd/restrictions/recipient/10: permit_mynetworks
mail/postfix/smtpd/restrictions/recipient/30: permit_sasl_authenticated
mail/postfix/smtpd/restrictions/recipient/50: reject_unauth_destination
mail/postfix/smtpd/restrictions/recipient/60: check_client_access hash:/etc/postfix/rbl_override
mail/postfix/smtpd/restrictions/recipient/70: reject_unlisted_recipient
mail/postfix/smtpd/restrictions/recipient/80: check_policy_service inet:127.0.0.1:12340
Verify with ucr search --brief mail/postfix/smtpd/restrictions/recipient
You should see:
mail/postfix/smtpd/restrictions/recipient/60: check_client_access hash:/etc/postfix/rbl_override
Then restart postfix with:
service postfix restart
We modified it to correspond to UCS…we are now testing it…it was based off this article…
Hi Brian,
you mention the right way.
Just to complete your post:
10.10.10.10 OK Whitlist IP
postmap /etc/postfix/check_custom_client_access
ucr set mail/postfix/smtpd/restrictions/recipient/59="check_client_access hash:/etc/postfix/check_custom_client_access"
postfix reload
Be aware, that if you don’t adjust your submission restrictions, all the checks under mail/postfix/smtpd/restrictions/recipient/.* take also effect at the submission ports (587 and 465). You may want to have a look at mail/postfix/mastercf/options/submission/.* and mail/postfix/submission/restrictions/recipient/.*. If you need more information about submission restriction see this Bug 38061 or create a new topic with your questions.
Regards, Tobi
More Infos about Client Access:
If I want to white list a sender…would I also make a version of…
mail/postfix/smtpd/restrictions/recipient/60: check_client_access hash:/etc/postfix/rbl_override
but instead make it as…
mail/postfix/smtpd/restrictions/sender/check_client_access hash:/etc/postfix/rbl_override
Trying to make a clear path for some vendor status emails to pass through our email, but are currently being bounced.