Overriding (whitelisting) RBL blocks in Postfix on Plesk

Here’s the scenario; you’re using Plesk, you have it configured with Postfix, you have the mail server settings configured to query Spamcop, Spamhaus or whatever RBL you chose.  Inevitably, “high paying customer” will come along and say “Hey, my important client John Doe is trying to send me a super uber critical l33t business deal email and it’s being rejected by this Spamcop thing; fix it or I’m taking my hosting elsewhere.”  You do the reserach, find out their client hosts his mail with some spam  happy hosting provider that doesn’t do anything with abuse reports so their whole network is blacklisted.  You can’t tell high paying customer too bad, but you also don’t want to stop using your RBL’s and expose your other customers to the excess spam, so best option is to whitelist the sender’s blacklisted IP.  Here’s how:

  1. Create the plain text file /etc/postfix/rbl_override with your favorite text editor.
  2. Add a comment line first for why you’re adding the respective IP’s your adding, then add one IP address per line that you want to whitelist followed by an OK.  It will look something like this:
    # Whitelisting the following - customer domain.com - 11/15/2013 OK
  3. From the /etc/postfix/ directory, run: postmap hash:rbl_override
  4. Edit /etc/postfix/main.cf and make the following line:
    smtpd_recipient_restrictions = permit_mynetworks, check_client_access pcre:/var/spool/postfix/plesk/no_relay.re, permit_sasl_authenticated, reject_unauth_destination

    Look like:

    smtpd_recipient_restrictions = permit_mynetworks, check_client_access hash:/etc/postfix/rbl_override, check_client_access pcre:/var/spool/postfix/plesk/no_relay.re, permit_sasl_authenticated, reject_unauth_destination
  5. Now restart postfix; typically “/etc/rc.d/init.d/postfix restart” if you’re on CentOS/RHEL/Scientific, or perhaps “postfix restart” if you’re on another distro.

2 Replies to “Overriding (whitelisting) RBL blocks in Postfix on Plesk”

  1. Nathan

    I was looking for a solution to this problem. but as you mentioning the IP added to the override file, means the incoming ‘spam’ IP gets whitelisted right?
    but one of my customer want the rbl been removed for his domain. in other words. he want his mailboxes receive all emails by-passing the rbl lists.
    how do I do that?



    • Your Mom Post author

      Hi Nathan, unfortunately I don’t think there’s a way to accomplish what you’re wanting. The incoming SMTP connections are handled server-wide by the ‘smtp’ service defined in your Postfix master.cf file, which calls the smtpd command to handle the connection. Your RBL’s are going to be inserted via the smtpd_client_restrictions directive in the Postfix main.cf file, for any connection.

      I think the only way you could work around this for the one specific customer would be to put up a relay server for just their domain that accepts email for their domain and forwards it to the real server. Then the incoming connections are always from the relay server and not the real remote service.

      Maybe there’s some other fancy way of working around it like adding an IP to the server, instructing Postfix to not listen on it, then use something like iptables or similar to proxy the connections to Postfix from a local IP.


Leave a Reply

Your email address will not be published. Required fields are marked *