Manually allowing some IPs

[6r1d]

I have some questions on the whitelist generation because my understanding of it is limited.

How do I set up a list of IPs that I'm sure are OK for my server?

I'm using my email server to receive emails from some local and global shops, and while there's a topic for addresses with valid SPF records, it rarely is the case with random online shops. I've also had issues with my friend sending me mail from https://tutanota.com/.

I saw the permit_mynetworks part, but where do I set those up so that I can actually permit networks I want to send me mail?

I've tried writing a configuration part like this in /etc/postwhite.conf:

custom_hosts="out32-77.sg.b.dm.aliyun.com out32-78.sg.b.dm.aliyun.com out32-85.sg.b.dm.aliyun.com"

I've run /usr/local/bin/postwhite/postwhite, and it didn't add the addresses. It may be because of an invalid SPF record or something like that, but the problem here is that I can't ask AliExpress and other large companies to fix it. Instead, I need a way to add such lines manually; please correct me if my approach is wrong.

Moreover, how do I make the whole process effective?

Currently, my workflow is:

• to cause an email to be sent from some site
• to check tail -f /var/log/mail.log
• to update /etc/postfix/postscreen_spf_whitelist.cidr manually and try to add a host in /etc/postwhite.conf in hopes it works
• to cause another email to be sent
• to check my mail and the log if I don't see the mail

[nabbi]

add "aliexpress.com" to custom_hosts if you want postwhite to lookup the nested spf addresses. Similar would be true for whichever @ email domain the tuta mail is coming from

If you are wanting a manual ip permit list for postscreen, that would be a separate manual cidr file defined in postfix main.cf -- not within the postwhite scope.