To prevent a mail server in your own network (e.g. for sending alerts) from being blocked by the mail scanners/filters on your main Postfix mail server it is best to whitelist it
Create a new file “rbl_override”.
Add the IP addresses and host names you want to whitelist.
18.104.22.168 OK 22.214.171.124 OK [2a02:c123:1234:5a88::1] OK mail.exampledomain.com OK example.net OK email@example.com OK email@ OK
Make a database file for Postfix using the Postmap command.
# postmap /etc/postfix/rbl_override
Now open “/etc/postfix/main.cf” and search for the “smtpd_recipient_restrictions” parameter.
# vi /etc/postfix/main.cf
Add “check_client_access hash:/etc/postfix/rbl_override” to that parameter, after “reject_unauth_destination”, but before the first blacklist.
smtpd_recipient_restrictions = reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_mynetworks, reject_unauth_destination, check_policy_service inet:127.0.0.1:10023, check_sender_access hash:/etc/postfix/sender_access, check_client_access hash:/etc/postfix/rbl_override, reject_rbl_client zen.spamhaus.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client psbl.surriel.com, reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client bl.spamcop.net, permit
If you are using RBL with other Postfix “restriction lists” such as “smtpd_client_restrictions” you obviously need to apply the “rbl_override” rule there as well.
smtpd_client_restrictions = permit_mynetworks, reject_unauth_pipelining, check_client_access hash:/etc/postfix/rbl_override, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client cbl.abuseat.org, permit
Restart Postfix for the changes to take effect.
# systemctl restart postfix