DevHeads.net

Postings by lists

Defer mail instead of bounce

I have email relays that relay/filter email between the internet and our
internal network. I must use the DNS servers we maintain and those
servers use a DNS blacklisting service. The problem I'm having is that
when a legitimate domain is blacklisted, I see log messages like the
ones below and the email is bounced. In the situation that brought this
up, both the sender and recipient domain were blocked so the bounce went
nowhere. Since these blacklistings are temporary, maybe several hours,
I'd like to defer this mail and have postfix try again later.

Enforced inbound TLS ciphers

I'm enforcing inbound TLS from my internal network with these settings:

main.cf
smtpd_tls_security_level = may

smtpd_sender_restrictions =
check_client_access cidr:/etc/postfix/enforced_inbound_tls.cidr

enforced_inbound_tls.cidr
10.0.0.0/8 reject_plaintext_session

My question is, does the following setting in main.cf apply to tls
connections that are enforced with check_client_access? If yes, then is
there a way to set this to low for a particular IP or subnet, and leave
it to medium for everybody else?

smtpd_tls_mandatory_ciphers = low

Postscreen: whitelist domain

I have postscreen setup according to the how-to. I use the following
configuration for the access list. As I understand it, I can only add IP
addresses or ranges to this list. Is it possible to whitelist the domain
name in the from address?

postscreen_access_list = permit_mynetworks,
cidr:/etc/postfix/postscreen_access.cidr