Whitelisting on a per domain basis

Matthew Richardson matthew-ln@itconsult.co.uk
Tue Dec 14 20:10:47 UTC 2010

>From: Vernon Schryver
>> From: Matthew Richardson 
>> I have a server which acts as a terminating MX server for a number of
>> domains and which then relays the mail to the server holding the mailboxes.
>> In doing so, it performs a number of checks, including address vaildation,
>> DCC including greylisting, and anti-virus.
>> Setting user specific whitelist entries with per-user whiteclnt files
>> (obviously!) works well.
>> My question is whether it is possible to have a whiteclnt file (or
>> something similar) which would allow whitelisting on a per destination
>> domain basis.  For example rather than having an entry for
>> user@example.com, having an entry which would apply to all email sent to
>> example.com.
>There is no directly equivalent to the mail_host name for whitelisting 
>recipient domain names.  However, there solutions.  Which DCC client
>program (dccm, dccifd, or dccproc) is used and how is it connected
>to the SMTP MX server?
>  - If dccm is used, then sendmail.cf/mc rules (perhaps in LOCAL_RULESETS
>     or local_check_relay) that set the ${dcc_notspam} macro should
>     be effective.
>  - If SpamAssassin with dccifd or dccproc is used, then it would probably
>     be easiest to add to SpamAssassin itself or to the DCC.pm plugin
>     to ignore DCC answers.
>  - Another strategy would be to add a locally invented SMTP header like 
>     "X-no-dcc:ok" or "x-no-check:dcc" to the message before dccm, dccifd,
>      or dccproc see the message, and then use -Sx-no-dcc in /var/dcc/dcc_conf
>      and a line like "ok substitute x-no-dcc ok" in /var/dcc/whiteclnt

Thank you very much for your prompt and detailed response!  :-)

I realised after sending it, that I had omitted to mention that I am using
dccm as a milter with Postfix.

>From what I have read (being new-ish to both Postfix & DCC), Postfix's
milter macro support is somewhat limited, and I am not sure whether it is
possible to set a macro as you suggest in your first option.

Your third option looks most workable.  It looks as if it would have an
unwanted side-effect, namely that the "X-DCC-nnn-Metrics:" would say
"whitelist".  The same issue would also exist with whiteclnt however.

What I think I am really after would be a method on a per-domain basis to
either set or cancel or adjust DCCM_REJECT_AT, whilst leaving the
"X-DCC-nnn-Metrics:" in place for accepted mail so that the user's client
software could filter on it.

If you could think of any appropriately cunning method to achieve that, it
would also be most appreciated.  Otherwise, your third option would be
sufficiently splendid!

With many thanks.

Best wishes,

More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.