We don’t want to allow from a whole network, just single IPs…so…after a bit of searching…
We found this also…while searching for postfix mail whitelist…
To whitelist that server, create the file /etc/postfix/rbl_override where you list all IP addresses or host names (one per line!) that you want to whitelist.
Then run postmap /etc/postfix/rbl_override
Then add Add check_client_access hash:/etc/postfix/rbl_override to that parameter, after reject_unauth_destination, but before the first blacklist in UCR
Under mail/postfix/smtpd/restrictions/recipient registry entry.
Example:
mail/postfix/smtpd/restrictions/recipient/.*:
mail/postfix/smtpd/restrictions/recipient/10: permit_mynetworks
mail/postfix/smtpd/restrictions/recipient/30: permit_sasl_authenticated
mail/postfix/smtpd/restrictions/recipient/50: reject_unauth_destination
mail/postfix/smtpd/restrictions/recipient/60: check_client_access hash:/etc/postfix/rbl_override
mail/postfix/smtpd/restrictions/recipient/70: reject_unlisted_recipient
mail/postfix/smtpd/restrictions/recipient/80: check_policy_service inet:127.0.0.1:12340
Verify with ucr search --brief mail/postfix/smtpd/restrictions/recipient
You should see:
mail/postfix/smtpd/restrictions/recipient/60: check_client_access hash:/etc/postfix/rbl_override
Then restart postfix with:
service postfix restart
We modified it to correspond to UCS…we are now testing it…it was based off this article…