Thread: whitelist
View Single Post
Old 03-30-2011, 12:57 PM   #1
Junior Member
 
Join Date: Aug 2010
Location: Czech Republic
Posts: 23
cyberpaul is on a distinguished road
Default whitelist

Hi,

one of our customers pointed out a strange behaviour of whitelisting feature.

Environment:
ISP Manager Pro 4.3.53.1
CentOS 5.5
Postfix 2.3.3

When you put a domain on the whitelist, one would suppose you will receive email from this domain even when it's on a DNSbl. But it's not how it works. It works like this:

[ /etc/postfix/main.cf ]:
smtpd_sender_restrictions =
permit_sasl_authenticated,
check_sender_access hash:/etc/mail/access
smtpd_recipient_restrictions =
permit_sasl_authenticated,
check_recipient_access hash:/etc/mail/access,
permit_mynetworks,
reject_unauth_destination,
reject_unlisted_recipient,
reject_rbl_client truncate.gbudb.net

[ /etc/mail/access ]:
whitelisted-domain.net OK

This means that when postfix receives MAIL FROM command and the sender is whitelisted, he gets OK. That's nice.

But when postfix receives RCPT command, recipient is checked against the whitelist. But the recipient is not the whitelisted domain, recipient is local. What this means is, that when I whitelist a domain, anybody can use my server as a relay for this domain (recipient is whitelisted).

Is this a bug or a feature?
cyberpaul is offline   Reply With Quote