dnswl.org - Protect against false positives

The postfix-update-dnswl.pl will fetch two files
(postfix-dnswl-header and postfix-dnswl-permit). These two files
serve two distinct purposes. The -header file is used to insert a
header into mails passing through Postifx which will indicate the
whitelisting status. The -permit file will make sure that any
blocklist entries will be bypassed for whitelisted addresses. 


A sample Postfix configuration may look like the following:

--- /etc/postfix/main.cf ---
smtpd_recipient_restrictions = ...
      reject_unauth_destination, ...
      check_client_access cidr:/etc/postfix/postfix-dnswl-header,
      check_client_access cidr:/etc/postfix/postfix-dnswl-permit,
	  ...
	  reject_rbl_client ...
---

Note that 'reject_unauth_destination' must be *before* the
'check_client_access', otherwise your would allow  relaying to all
whitelisted servers, which is probably  not a good idea. 

The order of ...-header and ...-permit is important. With  the first
line, a header is added to the message, which can  later be used for
scoring. With the second line, you can  choose to bypass eg spam
filtering altogether. 

Although the two files may be used as-is, this script will filter
and reformat them for two purposes:

* Add a custom header to avoid spoofing of such a header by
spammers (if everybody would use the same header, spammers could
easily forge them).
  
* Change the behaviour of the "permit" to allow direct bypassing of
eg the spamfilter


More information:   http://www.dnswl.org/
Source for updates: http://www.dnswl.org/data/

$Id: README.postfix,v 1.1 2006/11/26 20:57:15 mleisi Exp $

# EOF