How to whitelist some IP's?

hape

Verified User
Joined
Jul 22, 2010
Messages
79
Location
Poland
Hello,

I've a server with exim and dovecot, easy_spam_fighter, spamassassin, blockcracking. I've created a backup mail server (backup MX) and I've a small problem, because e-mails send from this backup to primary mail server are rejected.

Reason:
550-SPF: IP_OF_BACKUP_MX is not allowed to send mail from DOMAIN.TLD:
How to whitelist IP of backup MX from checking SPF?

Thank you.
 

hape

Verified User
Joined
Jul 22, 2010
Messages
79
Location
Poland
Spamexperts and spf whitelist

A patch (works with cb1.x and 2.0):

Code:
#PATCH FOR SPAMEXPERTS
echo -e "IP1\nIP2\nIP3\nIP4\n" | tee /etc/virtual/esf_skip_hosts /etc/virtual/whitelist_hosts_ip /etc/virtual/whitelist_hosts
chown mail.mail /etc/virtual/esf_skip_hosts /etc/virtual/whitelist_hosts_ip /etc/virtual/whitelist_hosts
chmod 644 /etc/virtual/esf_skip_hosts /etc/virtual/whitelist_hosts_ip /etc/virtual/whitelist_hosts
service exim restart
We use it for Spamexperts. When a sender domain has set in DNS zone spf record with -all, e-mails forwarded by spamexperts cloud has been dropped. Only change IP1-4 with IPs of your spamexperts servers.
ALL ENTRIES FROM FILES WILL BE REMOVED!!! Make a backup or modify a script.
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
4,221
Location
Maastricht
It was a quick and dirty solution. If you want to do it really correct you have to whitelist them.
I like the Cpanel WHM option more if you adjust it to this:
Code:
     deny
    hosts = ! +backupmx_hosts
    message = SPF: $sender_host_address is not allowed to send mail from $sender_address_domain
    spf = fail
And then just add your backup-mx in the backupmx_hosts list. Just 1 file needed instead of all those whitelist files.

Your script is fine too, however DA does not have a esf_skip_hosts so I wonder why you are creating them with that script.
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,902
Location
GMT +7.00
Hello,

Code:
EASY_SKIP_HOSTS = /etc/virtual/esf_skip_hosts                        - file to hold hostlist that ESF should skip checks for.
is a part of Easy Spam Fighter supported by Directadmin and Custombuild.
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
4,221
Location
Maastricht
Oh then I maybe have to make those files? I have Easy Spam Fighter running, but those files are not present in my /etc/virtual directory.
 
Top