1

Topic: Exempt Authenticated Users from RBL Checks

Greetings;

I have users, in a few of my hosted domains, that travel regularly and or primarily. These users use aircards, wifi hotspots, and other public internet access. From time to time, these users are not allowed to send mail through my iredmail server, even though they are authenticated, due to the barracuda RBL check that I have configured in the main.cf in my postfix config.

My question is; is there a way to omit authenticated users from RBL checks ?

I can provide versions and a copy of my main.cf if necessary.

I appreciate any and all suggestions.

2

Re: Exempt Authenticated Users from RBL Checks

With iRedMail, you should config postfix main.cf with below settings in "smtpd_recipient_restrictions =":

smtpd_recipient_restrictions =
    ... [SKIP OTHER SETTINGS] ...,
    permit_sasl_authenticated,
    ... [SKIP OTHERS] ...,
    __RBL_SETTINGS__,

I mean, put "permit_sasl_authenticated" BEFORE your RBL settings.

3

Re: Exempt Authenticated Users from RBL Checks

ZhangHuangbin wrote:

With iRedMail, you should config postfix main.cf with below settings in "smtpd_recipient_restrictions =":

smtpd_recipient_restrictions =
    ... [SKIP OTHER SETTINGS] ...,
    permit_sasl_authenticated,
    ... [SKIP OTHERS] ...,
    __RBL_SETTINGS__,

I mean, put "permit_sasl_authenticated" BEFORE your RBL settings.

Thank you so much for your input. I moved the "permit_sasl_authenticated statement" very first in line before the "reject_rbl_client" statement below, did a postfix reload, and was unable to send mail because the "server doesnt allow relaying". So I moved my backup main.conf back into place. I wonder, because I move the "permit_mynetworks" statement with it, if that's what broke it.

I have included the line as it appears in main.cf for your approval.

[CURRENT]

smtpd_recipient_restrictions = reject_rbl_client b.barracudacentral.org,reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_policy_service inet:127.0.0.1:10031

[PROPOSED]

smtpd_recipient_restrictions = permit_sasl_authenticated,reject_rbl_client b.barracudacentral.org,reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, permit_mynetworks,  reject_unauth_destination, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_policy_service inet:127.0.0.1:10031

Is my "proposed" statement in congruence with your instructions ? I thank you again so much.

4

Re: Exempt Authenticated Users from RBL Checks

Move all your rbl settings after 'reject_invalid_helo_hostname' should be ok.