Manually allowing some IPs
Opened this issue · 1 comments
I have some questions on the whitelist generation because my understanding of it is limited.
How do I set up a list of IPs that I'm sure are OK for my server?
I'm using my email server to receive emails from some local and global shops, and while there's a topic for addresses with valid SPF records, it rarely is the case with random online shops. I've also had issues with my friend sending me mail from https://tutanota.com/.
I saw the permit_mynetworks part, but where do I set those up so that I can actually permit networks I want to send me mail?
I've tried writing a configuration part like this in /etc/postwhite.conf:
custom_hosts="out32-77.sg.b.dm.aliyun.com out32-78.sg.b.dm.aliyun.com out32-85.sg.b.dm.aliyun.com"
I've run /usr/local/bin/postwhite/postwhite, and it didn't add the addresses. It may be because of an invalid SPF record or something like that, but the problem here is that I can't ask AliExpress and other large companies to fix it.
Instead, I need a way to add such lines manually; please correct me if my approach is wrong.
Moreover, how do I make the whole process effective?
Currently, my workflow is:
- to cause an email to be sent from some site
- to check
tail -f /var/log/mail.log - to update
/etc/postfix/postscreen_spf_whitelist.cidrmanually and try to add a host in/etc/postwhite.confin hopes it works - to cause another email to be sent
- to check my mail and the log if I don't see the mail
add "aliexpress.com" to custom_hosts if you want postwhite to lookup the nested spf addresses. Similar would be true for whichever @ email domain the tuta mail is coming from
If you are wanting a manual ip permit list for postscreen, that would be a separate manual cidr file defined in postfix main.cf -- not within the postwhite scope.