Sometimes we need to do manual whitelisting for mail users whose customers’ admins don’t respond to your complaints about their server settings.
Another option to consider ist automatic whitelisting by using the hand-crafted DNSWL ( http://www.dnswl.org/ ). We should also consider requesting to get added to DNSWL.
dnswl-update.sh
#!/bin/sh rsync --times rsync1.dnswl.org::dnswl/postfix-* /some/path/
In /etc/postfix/main.cf add this line within the smtpd_recipient_restrictions :
smtpd_recipient_restrictions = ...
reject_unauth_destination,
...
check_client_access cidr:/etc/postfix/postfix-dnswl-permit,
...
Note that reject_unauth_destination must should come before the check_client_access to ensure you do not become an open relay for the whitelisted networks.
After that reload postfix
# postfix reload
we can also put dnswl-update.sh in cronjob/crontab for autmatically updating dnswl db.
01 * * * * root /path-to/dnswl-update.sh > /dev/null 2>&1