Whitelist Hosts or IP addresses in Postfix.

To prevent a mail server in your own network (e.g. for sending alerts) from being blocked by the mail scanners/filters on your main Postfix mail server it is best to whitelist it

Create a new file “rbl_override”.

#vi /etc/postfix/rbl_override

Add the IP addresses and host names you want to whitelist.

1.2.3.4 OK
1.2.3.5 OK
[2a02:c123:1234:5a88::1] OK
mail.exampledomain.com OK
example.net OK
email@example.org OK
email@ OK

Make a database file for Postfix using the Postmap command.

# postmap /etc/postfix/rbl_override

Now open “/etc/postfix/main.cf” and search for the “smtpd_recipient_restrictions” parameter.

# vi /etc/postfix/main.cf

Add “check_client_access hash:/etc/postfix/rbl_override” to that parameter, after “reject_unauth_destination”, but before the first blacklist.

smtpd_recipient_restrictions =
   reject_invalid_hostname,
   reject_non_fqdn_hostname,
   reject_non_fqdn_sender,
   reject_non_fqdn_recipient,
   reject_unknown_sender_domain,
   reject_unknown_recipient_domain,
   permit_mynetworks,
   reject_unauth_destination,
   check_policy_service inet:127.0.0.1:10023,
   check_sender_access hash:/etc/postfix/sender_access,
   check_client_access hash:/etc/postfix/rbl_override,
   reject_rbl_client zen.spamhaus.org,
   reject_rbl_client cbl.abuseat.org,
   reject_rbl_client psbl.surriel.com,
   reject_rbl_client dul.dnsbl.sorbs.net,
   reject_rbl_client bl.spamcop.net,
   permit

If you are using RBL with other Postfix “restriction lists” such as “smtpd_client_restrictions” you obviously need to apply the “rbl_override” rule there as well.

smtpd_client_restrictions =
   permit_mynetworks,
   reject_unauth_pipelining,
   check_client_access hash:/etc/postfix/rbl_override,
   reject_rbl_client zen.spamhaus.org,
   reject_rbl_client bl.spamcop.net,
   reject_rbl_client cbl.abuseat.org,
   permit

Restart Postfix for the changes to take effect.

# systemctl restart postfix