# postgrey whitelist_clients

## Pittiplatsch

I installed postgrey-1.24 on my mailserver and basically it works.

Now i want to whitelist some sender domains using the /etc/postfix/postgrey_whitelist_clients or /etc/postfix/postgrey_whitelist_clients.local files. For testing I created a hotmail account, put hotmail.de and hotmail.com in postgrey_whitelist_clients.local. I also tried /^*\.de$/ in postgrey_whitelist_clients. But no success, all mails are still greylisted.

I played with the config, leaving default settings or specifying on or more files using the --whitelist_clients=FILE option. Still no success.

It seems, the --whitelist_clients option does not work.

Any ideas what´s wrong?

Thanks Piti

----------

## steveb

The regex is wrong. Should be:

```
/^.*\.de$/
```

cheers

SteveB

----------

## Pittiplatsch

I changed the regex as suggested, still geylisted.

And why the entries in the .local file(hotmail.de and hotmail.com) don´t work?

----------

## steveb

It has been a long time since I played with postgrey. I personaly use SQLGrey, wich is based on postgrey but offers me much much more flexibility then postgrey. Together with SGWI (SQLGrey Web Interface) I can easy add, remove, modify, etc whatever domain or email I like from greylisting. If you are open to a new greylisting solution, then I would suggest you to look at SQLGrey.

cheers

SteveB

----------

## Pittiplatsch

Thank you for your suggestion. Maybe I will try  SQLgrey later. 

For now, it would be enough, if I could get the simple postgrey solution working.  :Sad: 

----------

## steveb

Okay. Let me install this beast. Will post soon an answer....

----------

## steveb

Okay. You need to do this:

```
mkdir -p /etc/postfix

touch /etc/postfix/postgrey_whitelist_clients.local

chown root:postgrey /etc/postfix/postgrey_whitelist_clients.local

chmod 640 /etc/postfix/postgrey_whitelist_clients.local
```

Then you need to add to /etc/postfix/postgrey_whitelist_clients.local the following content:

```
# Do NOT greylist hotmail.com MX servers (see dig in mx hotmail.com)

/^mx[1-4]\.hotmail\.com$/

# Do NOT greylist ANY host from hotmail.com

/^.*\.hotmail\.com$/

# Do NOT greylist hotmail.de MX servers (see dig in mx hotmail.de)

pamx1.hotmail.com
```

Actualy the MX record for the german Hotmail is pamx1.hotmail.com and if you add "/^.*\.hotmail\.com$/" into the local file, then the german AND the other Hotmail servers will not be greylisted.

cheers / Gruss (ja, ja... bin ein Schweizer)

Steve

----------

## Pittiplatsch

I have done this. (all lines you suggested in .local)

And this is from maillog:

```

May  2 07:30:50 ronlux postfix/smtpd[23421]: NOQUEUE: reject: RCPT from unknown[65.54.185.20]: 450 <i@mydomain.net>: Recipient address rejected: "Greylisted; from=<blabla127@hotmail.de> to=<i@mydomain.net> proto=ESMTP helo=<hotmail.com>

```

Maybe it is a problem in dns because of the "unknown[65.54.185.20]". A nslookup gives me

```

ronlux ~ # nslookup 65.54.185.20

Server:         127.0.0.1

Address:        127.0.0.1#53

Non-authoritative answer:

20.185.54.65.in-addr.arpa       name = bay15-f20.bay15.hotmail.com.

Authoritative answers can be found from:

```

and I think, the second regex should catch this.

----------

## steveb

Yes. The regex should catch that.

Could you post your config file from postgrey? And maybe the relevant part from Postfix (in main.cf and master.cf).

cheers

Steve

----------

## Pittiplatsch

Here is the config:

```

ronlux ~ # cat /etc/conf.d/postgrey 

POSTGREY_TYPE="inet"

POSTGREY_HOST="127.0.0.1"

POSTGREY_PORT="10030"

POSTGREY_SOCKET="/var/spool/postfix/private/postgrey"

POSTGREY_PID="/var/run/postgrey.pid"

POSTGREY_DELAY=300

POSTGREY_TEXT="Greylisted for %s seconds"

POSTGREY_OPTS=""

```

```

ronlux ~ # cat /etc/postfix/main.cf

smtpd_client_restrictions =

        permit_mynetworks,

#       reject_unknown_client,

        reject_rbl_client relays.ordb.org,

        reject_rbl_client dnsbl.njabl.org,

        reject_rbl_client list.dsbl.org,

        reject_rbl_client sbl.spamhaus.org,

        reject_rbl_client cbl.abuseat.org,

        check_client_access hash:/etc/postfix/client_restrict

smtpd_helo_required = yes

smtpd_helo_restrictions=

        permit_mynetworks,

        reject_invalid_hostname,

#       reject_unknown_hostname,

#       reject_non_fqdn_hostname,

        check_helo_access hash:/etc/postfix/helo_restrict

smtpd_sender_restrictions =

        permit_mynetworks,

#       reject_unknown_sender_domain,

        reject_non_fqdn_sender,

        reject_rhsbl_sender blackhole.securitysage.com,

        check_sender_access hash:/etc/postfix/sender_restrict

smtpd_recipient_restrictions =

        permit_mynetworks,

        reject_unauth_destination,

        reject_unauth_pipelining,

        reject_unknown_recipient_domain,

        reject_non_fqdn_recipient,

#       reject_rhsbl_recipient domain.tld,

       check_policy_service inet:127.0.0.1:10030,

       check_recipient_access hash:/etc/postfix/recipient_restrict

```

```

ronlux ~ # cat /etc/postfix/master.cf

# 127.0.0.1:100024 antivir

smtp      inet  n       -       y       -       -       smtpd

        -o content_filter=smtp:127.0.0.1:10024

# backdoor antivir

127.0.0.1:10025 inet n  -       n       -       -       smtpd

        -o content_filter=spamfilter:

        -o local_recipient_maps=

        -o relay_recipient_maps=

        -o smtpd_restriction_classes=

        -o smtp_client_restrictions=

        -o smtp_helo_restrictions=

        -o smtp_sender_restrictions=

        -o smtp_recipient_restrictons=reject_unauth_destinations

# bogofilter

spamfilter unix -       n       n       -       -       pipe

        flags=R user=spam argv=/var/spool/spam/filter.sh -f ${sender} -- ${recipient}

```

And how do you think about the "unknown[65.54.185.20]"?

----------

## Pittiplatsch

Hi Steve,

I found it. Uff!

The problem was, that the smtpd is chrooted.

I forgot to set up dns for the chroot jail, as provided with /usr/share/doc/postfix-2.2.5/examples/chroot-setup/LINUX2.

After doing that, the log entry has changed from unknown[65.54.185.13] to bay15-f13.bay15.hotmail.com[65.54.185.13] and whitlisting works fine.

Thank you for your help.

Piti

(Und viele Gruesse aus Sachsen in die Schweiz)

----------

## steveb

 :Smile: 

----------

## mariourk

What I'm missing is, where do I tell Postfix/Postgrey to actually use

```

/etc/postfix/postgrey_whitelist_clients.local

```

Can someone tell me? I would like to greylist some MX-servers to.

Thanks  :Smile: 

----------

