dnswl.org - Protect against false positives The postfix-update-dnswl.pl will fetch two files (postfix-dnswl-header and postfix-dnswl-permit). These two files serve two distinct purposes. The -header file is used to insert a header into mails passing through Postifx which will indicate the whitelisting status. The -permit file will make sure that any blocklist entries will be bypassed for whitelisted addresses. A sample Postfix configuration may look like the following: --- /etc/postfix/main.cf --- smtpd_recipient_restrictions = ... reject_unauth_destination, ... check_client_access cidr:/etc/postfix/postfix-dnswl-header, check_client_access cidr:/etc/postfix/postfix-dnswl-permit, ... reject_rbl_client ... --- Note that 'reject_unauth_destination' must be *before* the 'check_client_access', otherwise your would allow relaying to all whitelisted servers, which is probably not a good idea. The order of ...-header and ...-permit is important. With the first line, a header is added to the message, which can later be used for scoring. With the second line, you can choose to bypass eg spam filtering altogether. Although the two files may be used as-is, this script will filter and reformat them for two purposes: * Add a custom header to avoid spoofing of such a header by spammers (if everybody would use the same header, spammers could easily forge them). * Change the behaviour of the "permit" to allow direct bypassing of eg the spamfilter More information: http://www.dnswl.org/ Source for updates: http://www.dnswl.org/data/ $Id: README.postfix,v 1.1 2006/11/26 20:57:15 mleisi Exp $ # EOF