How to whitelist some IP's?

hape

Verified User
Joined
Jul 22, 2010
Messages
80
Location
Poland
Hello,

I've a server with exim and dovecot, easy_spam_fighter, spamassassin, blockcracking. I've created a backup mail server (backup MX) and I've a small problem, because e-mails send from this backup to primary mail server are rejected.

Reason:
550-SPF: IP_OF_BACKUP_MX is not allowed to send mail from DOMAIN.TLD:

How to whitelist IP of backup MX from checking SPF?

Thank you.
 
Spamexperts and spf whitelist

A patch (works with cb1.x and 2.0):

Code:
#PATCH FOR SPAMEXPERTS
echo -e "IP1\nIP2\nIP3\nIP4\n" | tee /etc/virtual/esf_skip_hosts /etc/virtual/whitelist_hosts_ip /etc/virtual/whitelist_hosts
chown mail.mail /etc/virtual/esf_skip_hosts /etc/virtual/whitelist_hosts_ip /etc/virtual/whitelist_hosts
chmod 644 /etc/virtual/esf_skip_hosts /etc/virtual/whitelist_hosts_ip /etc/virtual/whitelist_hosts
service exim restart

We use it for Spamexperts. When a sender domain has set in DNS zone spf record with -all, e-mails forwarded by spamexperts cloud has been dropped. Only change IP1-4 with IPs of your spamexperts servers.
ALL ENTRIES FROM FILES WILL BE REMOVED!!! Make a backup or modify a script.
 
It was a quick and dirty solution. If you want to do it really correct you have to whitelist them.
I like the Cpanel WHM option more if you adjust it to this:
Code:
     deny
    hosts = ! +backupmx_hosts
    message = SPF: $sender_host_address is not allowed to send mail from $sender_address_domain
    spf = fail
And then just add your backup-mx in the backupmx_hosts list. Just 1 file needed instead of all those whitelist files.

Your script is fine too, however DA does not have a esf_skip_hosts so I wonder why you are creating them with that script.
 
Hello,

Code:
EASY_SKIP_HOSTS = /etc/virtual/esf_skip_hosts                        - file to hold hostlist that ESF should skip checks for.

is a part of Easy Spam Fighter supported by Directadmin and Custombuild.
 
Oh then I maybe have to make those files? I have Easy Spam Fighter running, but those files are not present in my /etc/virtual directory.
 
Hello,

I've a server with exim and dovecot, easy_spam_fighter, spamassassin, blockcracking. I've created a backup mail server (backup MX) and I've a small problem, because e-mails send from this backup to primary mail server are rejected.

Reason:


How to whitelist IP of backup MX from checking SPF?

Thank you.
hi Dear @Richard G and @hape,

Can you please tell me this, i am using mailchannels inbound filtering and on my server i have a problem with receiving emails that were filtered through mailchannels inbound to my server, i tried adding them through CSF to allowed whitelisted IPs but nothing they were again blocked with SPF 550 rejected...

But after i added to etc/virtual/whitelist_hosts_ip file there mailchannels ips than it works see log below, can you please tell me why it wasnt worked when i added normally through CSF ip whitelist, and now it works when i added thrgouh this etc/virtual/whitelist_hosts_ip on my server ?! what is the difference why it works here now and dont work when i just whiltiested them in csf...?!.. please can you explain me exactly why it works only when added in this file....for this filtering via maiclahnensl that sends me ..filtered emails..

I dont understand why the mailchannels ips wasnt whilitested when i added them normally to CSF allow ips, but when i added them to this file mentioned above everything works normally i started receviing filtered emails...

Thanks a lot in advance!
 
Oh then I maybe have to make those files? I have Easy Spam Fighter running, but those files are not present in my /etc/virtual directory.
@zEitEr The same i dont see that like Richard told, i only see in etc/virtuals files like: whitelist_hosts_ip and similar...
 
@tarik In fact tou have another question, please try to not "up" ancient posts, this is 7 years old.

But to answer you... the difference:
The CSF ip whitelist is whitelist for the firewall, this does not effect spam filtering or SPF, that's part of the mail system. But it can take care something (also external mail server) will not be blocked by the firewall.

The /etc/virtual/whitelist_hosts_ip belongs to the /etc/virtual so to the mail system, which will take care it's not blocked by the mail server.
 
@tarik In fact tou have another question, please try to not "up" ancient posts, this is 7 years old.

But to answer you... the difference:
The CSF ip whitelist is whitelist for the firewall, this does not effect spam filtering or SPF, that's part of the mail system. But it can take care something (also external mail server) will not be blocked by the firewall.

The /etc/virtual/whitelist_hosts_ip belongs to the /etc/virtual so to the mail system, which will take care it's not blocked by the mail server.
thanks a lot :)
 
Back
Top