How to Whitelist on UCS Mail?

mail

#1

How does one whitelist an IP on UCS Mail? We have been adding sender email addresses that we want to accept to our whitelists in HORDE, but we also need to accept any email that comes from a specific IP. We are having emails being bounced from a specific vendor’s IP despite having the email address in the HORDE whitelists.

These emails are cloud backup status emails that we NEED to get.

The UCS Documentation does not have any instructions on how to whitelist an entire IP address.


#2

Hi,

you may set this in postfix through ucr

rg
Christian


#3

We don’t want to allow from a whole network, just single IPs…so…after a bit of searching…

We found this also…while searching for postfix mail whitelist…

To whitelist that server, create the file /etc/postfix/rbl_override where you list all IP addresses or host names (one per line!) that you want to whitelist.

Then run postmap /etc/postfix/rbl_override

Then add Add check_client_access hash:/etc/postfix/rbl_override to that parameter, after reject_unauth_destination, but before the first blacklist in UCR

Under mail/postfix/smtpd/restrictions/recipient registry entry.

Example:

mail/postfix/smtpd/restrictions/recipient/.*:
mail/postfix/smtpd/restrictions/recipient/10: permit_mynetworks
mail/postfix/smtpd/restrictions/recipient/30: permit_sasl_authenticated
mail/postfix/smtpd/restrictions/recipient/50: reject_unauth_destination
mail/postfix/smtpd/restrictions/recipient/60: check_client_access hash:/etc/postfix/rbl_override
mail/postfix/smtpd/restrictions/recipient/70: reject_unlisted_recipient
mail/postfix/smtpd/restrictions/recipient/80: check_policy_service inet:127.0.0.1:12340

Verify with ucr search --brief mail/postfix/smtpd/restrictions/recipient

You should see:
mail/postfix/smtpd/restrictions/recipient/60: check_client_access hash:/etc/postfix/rbl_override

Then restart postfix with:

service postfix restart

We modified it to correspond to UCS…we are now testing it…it was based off this article…


#4

Hi Brian,

you mention the right way.
Just to complete your post:

1. create a file (/etc/postfix/check_custom_client_access) with the following content:
10.10.10.10 OK Whitlist IP
2. make a hash-map of your file
postmap /etc/postfix/check_custom_client_access
3. adjust the smtpd restrictions
ucr set mail/postfix/smtpd/restrictions/recipient/59="check_client_access hash:/etc/postfix/check_custom_client_access"
4. reload postfix
postfix reload

Be aware, that if you don’t adjust your submission restrictions, all the checks under mail/postfix/smtpd/restrictions/recipient/.* take also effect at the submission ports (587 and 465). You may want to have a look at mail/postfix/mastercf/options/submission/.* and mail/postfix/submission/restrictions/recipient/.*. If you need more information about submission restriction see this Bug 38061 or create a new topic with your questions.

Regards, Tobi

More Infos about Client Access:


#5

If I want to white list a sender…would I also make a version of…

mail/postfix/smtpd/restrictions/recipient/60: check_client_access hash:/etc/postfix/rbl_override

but instead make it as…

mail/postfix/smtpd/restrictions/sender/check_client_access hash:/etc/postfix/rbl_override

Trying to make a clear path for some vendor status emails to pass through our email, but are currently being bounced.