Whitelisting Mailservers From SPF

This is an old script I made while setting up whitelists on mailservers to speed up postscreen greylisting for known domains.

It can also be useful for permenantly blacklisting servers.

More info on how these scripts work and why they are needed can be found in my previous article Extracting Mailserver List From SPF.

Some example domains you might want to whitelist:

  • google.com (services like gmail)
  • microsoft.com (hosted exchange email)
  • amazonses.com (used for aws servers for automated emails)
  • alibaba.com (notifications from sellers)

Postscreen

The Postfix postscreen daemon provides additional protection against mail server overload.
One postscreen process handles multiple inbound SMTP connections, and decides which clients may talk to a Postfix SMTP server process.
By keeping spambots away postscreen leaves more SMTP server processes available for legitimate clients and delays the onset of server overload conditions.

Postfix Config

Whitelisting / Blacklisting domains based on SPF

You can permit or reject entries in cidr lists set in postscreen_access_list setting. (cidr allows for IP ranges to be added)

Classless Inter-Domain Routing (CIDR) is an expansion of the IP addressing system that allows for a more efficient and appropriate allocation of addresses.

Most installs have a single cidr file set in the main.cf config.

        postscreen_access_list = permit_mynetworks,
            cidr:/etc/postfix/postscreen_access.cidr

You can also extend this by creating seperate whitelist and blacklist files if needed.

Script Usage Example

Add domain to whitelist

./spf_permit.sh google.com >> /etc/postfix/postscreen_access.cidr

Download

The project can be viewed and downloaded from github.

Download