jbt540

Q: 10.8.1 server postfix whitelist

Having upgraded a server to mountain lion and then applied the .1 upgrade I now have 10.8.1 mountain lion server

 

I was looking to whitelist a couple of domains so that there email would never be blocked

 

I look in

 

/Library/Server/Mail/Config/postfix/rbl_whitelist

 

but the file says:

 

=============================================

: cat rbl_whitelist

 

### DO NOT MANUALLY EDIT THIS FILE ###

# This file is automatically generated

# any manual additions to this file will be lost

==============================================

 

So which GUI or server admin type utility is best to add a couple of domains to a whitelist?

 

If this whitelist only applies to the issue of RBL then I may need still to research into other programs like Spam Assassin to fully make sure important email for us is not hampered or blocked.

 

 

Ben

Mac mini Server (Mid 2011), OS X Server, email server

Posted on Aug 31, 2012 9:45 AM

Close

Q: 10.8.1 server postfix whitelist

  • All replies
  • Helpful answers

Page 1 Next
  • by redshift82r,Solvedanswer

    redshift82r redshift82r Aug 31, 2012 7:50 PM in response to jbt540
    Level 2 (325 points)
    Aug 31, 2012 7:50 PM in response to jbt540

    Hi Ben,

     

    Going a little bit deeper into a useful tip before answering your question.  As a general rule, but not always, the Serveradmin command from a terminal session will let you do most things that the GUI does. Most, not all.....

     

    So to look for commands under Serveradmin that might help you, the easiest thing to do ( again as a general rule) is to type the following at a terminal prompt.

     

    $ sudo serveradmin settings list

     

    This will give you a list of the server "services".

     

    Then type:

     

    $ sudo serveradmin settings mail

     

    to get a complete list of the mail settings.

     

    If you know what you are looking for, e.g whitelisting, you could type:

     

    $ sudo serveradmin settings | grep white

     

    And that would return some settings of interest that were available through serveradmin.

     

    To answer your question , the command you are looking for is:

     

    $ sudo serveradmin settings mail:postfix:add_whitelist_domain = 'domain1.com,domain2.com,etc'

     

    Hope that helps

     

    Gerry

  • by redshift82r,Helpful

    redshift82r redshift82r Aug 31, 2012 7:58 PM in response to jbt540
    Level 2 (325 points)
    Aug 31, 2012 7:58 PM in response to jbt540

    Also see https://discussions.apple.com/message/19283574#19283574 for instructions on adding white lists to amavis-new which is the combined virus check (clamav) and junk check (spamassassin) über-daemon!

     

    Cheers

    Gerry

  • by Mark23,

    Mark23 Mark23 Sep 1, 2012 3:30 AM in response to jbt540
    Level 3 (975 points)
    Sep 1, 2012 3:30 AM in response to jbt540

    sudo serveradmin settings mail:postfix:add_whitelist_domain = "yahoo.com"

     

    Will whitelist the domain yahoo.com. Substitute that your the domain you want and execute that in terminal.

  • by Gerben Wierda,

    Gerben Wierda Gerben Wierda Apr 5, 2013 2:56 PM in response to redshift82r
    Level 1 (144 points)
    Mac OS X
    Apr 5, 2013 2:56 PM in response to redshift82r

    Not all postfix variables are to be found in serveradmin. E.g. all the smtpd restrictions. Can I safely edit these in main.cf without Apple tooling overwriting them?

     

    Second question, in /Library/Server/Mail/Config/postfix there is that rbl_whitelist file and its db file. But the ones adde with

    sudo serveradmin settings mail:postfix:add_whitelist_domain =

    do not end up there. I also do not see anything in main.cf that tells me the whitelist is actually used there.

  • by davidh,

    davidh davidh Apr 6, 2013 2:51 PM in response to Gerben Wierda
    Level 4 (1,890 points)
    Apr 6, 2013 2:51 PM in response to Gerben Wierda

    The whitelisted (and blacklisted) senders are added to the postfix client_access file which is referenced in main.cf within smtp_client_restrictions

     

    In terms of Postfix restrictions, the smtp_client_restrictions are processed first. Followed by smtpd_helo_restrictions, smtpd_sender_restrictions, smtpd_recipient_restrictions, and lastly smtpd_data_restrictions

     

    even though they may not be listed in that order in main.cf !

     

    Best,

     

    -- David

  • by Gerben Wierda,

    Gerben Wierda Gerben Wierda Apr 6, 2013 3:35 PM in response to davidh
    Level 1 (144 points)
    Mac OS X
    Apr 6, 2013 3:35 PM in response to davidh

    Hi Davidh,

     

    Given that the file mentioned was not used, I changed smtpd_client_access (there is no smtp_client_access)

     

    smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated check_client_access hash:/Library/Server/Mail/Config/postfix/whitelist_mtaclientdomains reject_rbl_client zen.spamhaus.org permit

     

    but the whitelist_mtaclientdomains file I have created by hand (with a few domains that do not handle greylisting well). The output of serveradmin below looks suspicious to me:

    $sudo serveradmin settings mail:postfix|grep white

    mail:postfix:whitelist_from = _empty_array

    mail:postfix:add_whitelist_domain:_array_index:0 = "rna.nl"

    mail:postfix:add_whitelist_domain:_array_index:1 = "amazon.com,facebook.com,facebookmail.com,messagelabs.com"

    mail:postfix:host_whitelist:_array_index:0 = "vanroodewierda.rna.nl"

    mail:postfix:add_whitelist_host:_array_index:0 = "vanroodewierda.rna.nl"

    mail:postfix:domain_whitelist:_array_index:0 = "rna.nl"

    mail:postfix:domain_whitelist:_array_index:1 = "amazon.com,facebook.com,facebookmail.com,messagelabs.com"

    Any suggestion what I eed to do to get ths under serveradmin control?

  • by davidh,

    davidh davidh Apr 6, 2013 4:30 PM in response to Gerben Wierda
    Level 4 (1,890 points)
    Apr 6, 2013 4:30 PM in response to Gerben Wierda

    Apologies, minor typo with smtpd_client_access vs. smtp_client_access (no "d").

     

    Right. Things do get funn/ky with Lion & ML server.

    But - indeed as you know - the postfix config in ML server lives at /Library/Server/Mail/Config/postfix

     

    That said, you need to run "postmap" on your manually created file, ie:

     

    cd /Library/Server/Mail/Config/postfix/
    sudo postmap whitelist_mtaclientdomains

  • by Gerben Wierda,

    Gerben Wierda Gerben Wierda Apr 6, 2013 6:19 PM in response to davidh
    Level 1 (144 points)
    Mac OS X
    Apr 6, 2013 6:19 PM in response to davidh

    It is quite different. These specific values via serveradmin settings mail:postfix do not end up in postfix proper at all, but at greylist.pl and they are maintained there too. Nothing to do with main.cf from postfix, it turns out.

     

    See https://discussions.apple.com/thread/4543534?start=0&tstart=0

     

    They end up in /Library/Server/Mail/Data/gldb. The linked thread has instructions on how to edit these. Easiest is to stop mail, delete whitelist.db form gldb and edit the text files. Then restart mail.

  • by davidh,

    davidh davidh Apr 6, 2013 8:17 PM in response to Gerben Wierda
    Level 4 (1,890 points)
    Apr 6, 2013 8:17 PM in response to Gerben Wierda

    Ah, well. I don't use greylisting, do not want it. A would-be clever idea far better handled with Postfix' other anti-spam capabilities.

     

    Thanks for the info.

  • by NorrinRadd1966,

    NorrinRadd1966 NorrinRadd1966 Oct 8, 2013 1:46 PM in response to Mark23
    Level 1 (0 points)
    Oct 8, 2013 1:46 PM in response to Mark23
    sudo serveradmin settings mail:postfix:add_whitelist_domain = "yahoo.com"

    In the command above, would it also work to substitute the IP address for "yahoo.com"?  Our server does not want to allow our scanner to send scans via email without turning off junk mail & virus filtering.

     

    Sorry for diggin up and old thread......

  • by Matt Domenici,

    Matt Domenici Matt Domenici Feb 26, 2014 10:55 AM in response to NorrinRadd1966
    Level 1 (119 points)
    Feb 26, 2014 10:55 AM in response to NorrinRadd1966

    I had precisely the same question...

  • by TigerKR,

    TigerKR TigerKR May 1, 2014 11:49 PM in response to redshift82r
    Level 1 (30 points)
    May 1, 2014 11:49 PM in response to redshift82r

    Anyone know how to get this to work on 10.9? I am having no luck getting OS X server to obey the whitelist.

  • by davidh,

    davidh davidh May 2, 2014 6:27 AM in response to TigerKR
    Level 4 (1,890 points)
    May 2, 2014 6:27 AM in response to TigerKR

    @TigerKR:

     

    This thread is two years old. I'll answer in your other (newer) post at https://discussions.apple.com/thread/4162035?tstart=0

  • by scottl31,

    scottl31 scottl31 May 7, 2014 8:17 PM in response to redshift82r
    Level 1 (13 points)
    Servers Enterprise
    May 7, 2014 8:17 PM in response to redshift82r

    Is the answer to this for the real time black lists?

     

    I have a whole office of workers whose clients are getting snagged in the RTBLs.

     

    I really need to know how to whitelist an IP and a domain from the RTBLs.

     

    Can anybody help?

Page 1 Next