This is an old script I made while setting up whitelists on mailservers to speed up postscreen greylisting for known domains.
It can also be useful for permenantly blacklisting servers.
More info on how these scripts work and why they are needed can be found in my previous article Extracting Mailserver List From SPF.
Some example domains you might want to whitelist:
google.com(services like gmail)microsoft.com(hosted exchange email)amazonses.com(used for aws servers for automated emails)alibaba.com(notifications from sellers)
Postscreen #
The Postfix postscreen daemon provides additional protection against mail server overload.
One postscreen process handles multiple inbound SMTP connections, and decides which clients may talk to a Postfix SMTP server process.
By keeping spambots away postscreen leaves more SMTP server processes available for legitimate clients and delays the onset of server overload conditions.
Postfix Config #
Whitelisting / Blacklisting domains based on SPF #
You can permit or reject entries in cidr lists set in postscreen_access_list setting. (cidr allows for IP ranges to be added)
Classless Inter-Domain Routing (CIDR) is an expansion of the IP addressing system that allows for a more efficient and appropriate allocation of addresses.
Most installs have a single cidr file set in the main.cf config.
postscreen_access_list = permit_mynetworks,
cidr:/etc/postfix/postscreen_access.cidrYou can also extend this by creating seperate whitelist and blacklist files if needed.
Script Usage Example #
Add domain to whitelist
./spf_permit.sh google.com >> /etc/postfix/postscreen_access.cidrDownload #
The project can be viewed and downloaded from github.
Webmentions
No Comments Yet