10.8.1 server postfix whitelist

Hi Ben,

Going a little bit deeper into a useful tip before answering your question. As a general rule, but not always, the Serveradmin command from a terminal session will let you do most things that the GUI does. Most, not all.....

So to look for commands under Serveradmin that might help you, the easiest thing to do ( again as a general rule) is to type the following at a terminal prompt.

$ sudo serveradmin settings list

This will give you a list of the server "services".

Then type:

$ sudo serveradmin settings mail

to get a complete list of the mail settings.

If you know what you are looking for, e.g whitelisting, you could type:

$ sudo serveradmin settings | grep white

And that would return some settings of interest that were available through serveradmin.

To answer your question , the command you are looking for is:

$ sudo serveradmin settings mail:postfix:add_whitelist_domain = 'domain1.com,domain2.com,etc'

Hope that helps

Gerry

Also see https://discussions.apple.com/thread/4181320?answerId=19283574022#19283574022 for instructions on adding white lists to amavis-new which is the combined virus check (clamav) and junk check (spamassassin) über-daemon!

Cheers

Gerry

sudo serveradmin settings mail:postfix:add_whitelist_domain = "yahoo.com"

Will whitelist the domain yahoo.com. Substitute that your the domain you want and execute that in terminal.

Not all postfix variables are to be found in serveradmin. E.g. all the smtpd restrictions. Can I safely edit these in main.cf without Apple tooling overwriting them?

Second question, in /Library/Server/Mail/Config/postfix there is that rbl_whitelist file and its db file. But the ones adde with

sudo serveradmin settings mail:postfix:add_whitelist_domain =

do not end up there. I also do not see anything in main.cf that tells me the whitelist is actually used there.

The whitelisted (and blacklisted) senders are added to the postfix client_access file which is referenced in main.cf within smtp_client_restrictions

In terms of Postfix restrictions, the smtp_client_restrictions are processed first. Followed by smtpd_helo_restrictions, smtpd_sender_restrictions, smtpd_recipient_restrictions, and lastly smtpd_data_restrictions

even though they may not be listed in that order in main.cf !

Best,

-- David

Hi Davidh,

Given that the file mentioned was not used, I changed smtpd_client_access (there is no smtp_client_access)

smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated check_client_access hash:/Library/Server/Mail/Config/postfix/whitelist_mtaclientdomains reject_rbl_client zen.spamhaus.org permit

but the whitelist_mtaclientdomains file I have created by hand (with a few domains that do not handle greylisting well). The output of serveradmin below looks suspicious to me:

$sudo serveradmin settings mail:postfix|grep white

mail:postfix:whitelist_from = _empty_array

mail:postfix:add_whitelist_domain:_array_index:0 = "rna.nl"

mail:postfix:add_whitelist_domain:_array_index:1 = "amazon.com,facebook.com,facebookmail.com,messagelabs.com"

mail:postfix:host_whitelist:_array_index:0 = "vanroodewierda.rna.nl"

mail:postfix:add_whitelist_host:_array_index:0 = "vanroodewierda.rna.nl"

mail:postfix:domain_whitelist:_array_index:0 = "rna.nl"

mail:postfix:domain_whitelist:_array_index:1 = "amazon.com,facebook.com,facebookmail.com,messagelabs.com"

Any suggestion what I eed to do to get ths under serveradmin control?

Apologies, minor typo with smtpd_client_access vs. smtp_client_access (no "d").

Right. Things do get funn/ky with Lion & ML server.

But - indeed as you know - the postfix config in ML server lives at /Library/Server/Mail/Config/postfix

That said, you need to run "postmap" on your manually created file, ie:

cd /Library/Server/Mail/Config/postfix/
sudo postmap whitelist_mtaclientdomains

It is quite different. These specific values via serveradmin settings mail:postfix do not end up in postfix proper at all, but at greylist.pl and they are maintained there too. Nothing to do with main.cf from postfix, it turns out.

See https://discussions.apple.com/thread/4543534?start=0&tstart=0

They end up in /Library/Server/Mail/Data/gldb. The linked thread has instructions on how to edit these. Easiest is to stop mail, delete whitelist.db form gldb and edit the text files. Then restart mail.

Ah, well. I don't use greylisting, do not want it. A would-be clever idea far better handled with Postfix' other anti-spam capabilities.

Thanks for the info.

sudo serveradmin settings mail:postfix:add_whitelist_domain = "yahoo.com"

In the command above, would it also work to substitute the IP address for "yahoo.com"? Our server does not want to allow our scanner to send scans via email without turning off junk mail & virus filtering.

Sorry for diggin up and old thread......

I had precisely the same question...

Anyone know how to get this to work on 10.9? I am having no luck getting OS X server to obey the whitelist.

@TigerKR:

This thread is two years old. I'll answer in your other (newer) post at https://discussions.apple.com/thread/4162035?tstart=0

Is the answer to this for the real time black lists?

I have a whole office of workers whose clients are getting snagged in the RTBLs.

I really need to know how to whitelist an IP and a domain from the RTBLs.

Can anybody help?

I have added my answer to another post: Whitelisting in OS X Server (pass greylisting without disabling it)

The mentioned serveradmin command does not change the postfix settings, but the greylist (separate software that is called by postfix) setting sthat are maintained elsewhere. The serveradmin commands were not reliable so I've added information on manual maintenance to te thread mentioned above.