whitelisting poorly configured mail servers

[kilburn]

Well, maybe a bit late but you can use a postfix access map to skip policyd-weight & postgrey for this IP. I also have another access map where I can skip them on a per-recipient basis (when a customer explicitly requests it), and the config looks like this:

/etc/postfix/main.cf

Code:

...
smtpd_recipient_restrictions = reject_non_fqdn_recipient,
                               reject_unknown_recipient_domain,
                               permit_mynetworks,
                               permit_sasl_authenticated,
                               reject_unauth_destination,
                               reject_unlisted_recipient,
+                             check_client_access    hash:/etc/postfix/client_whitelist,
+                             check_recipient_access hash:/etc/postfix/recipient_whitelist,
                               check_policy_service inet:127.0.0.1:12525,
                               check_policy_service inet:127.0.0.1:60000,
                               permit
...

The /etc/postfix/client_whitelist (that must be postmapped everytime you change it) lists IP's or networks of whitelisted external servers, like:

Code:

192.168.0.1             OK
192.168.1.0/24        OK

The /etc/postfix/recipient_whitelist (also needs to be postmapped) lists recipients (single addresses or whole domains) that don't want policyd & postgrey enabled (paranoid customers that think they're loosing mails), like:

Code:

customer@domain.tld
domain.tld

That's it!