postwhite icon indicating copy to clipboard operation
postwhite copied to clipboard

Published 20 hours ago verified publisher icon stevejenkins

Suggested Additions to Whitelist

Open stevejenkins opened this issue 9 years ago • 19 comments

If you know of a high-volume mailer with a valid SPF record that deserves to be included in Postwhite's whitelist, please comment on this issue. Thanks!

stevejenkins avatar Nov 28 '15 03:11 stevejenkins

How about Yahoo (yahoo.com)?

ghost avatar Dec 02 '15 19:12 ghost

Hi, @davidcarollo. I'd love to be able to include yahoo.com - but check the first "Known Issue" in the README: https://github.com/stevejenkins/postwhite/blob/master/README.md :(

stevejenkins avatar Dec 02 '15 21:12 stevejenkins

Oops! Now that you mention it again I do recall reading that the other day. My bad.

ghost avatar Dec 02 '15 23:12 ghost

No biggie. I wish Yahoo! would get on the bandwagon. But their mailers have marched to the beat of their own drum for a long time now. :)

stevejenkins avatar Dec 02 '15 23:12 stevejenkins

Hi,been useing postwhite for a few day now thanks for the very useful project

Here's a few Suggestions mailgun.com transactional email from rackspace mailjet.com a other transactional email provider github.com

K2rool avatar Dec 13 '15 01:12 K2rool

Thanks, @K2rool. I like those suggestions, and have added options for them to 1.22 (they are enabled by default).

stevejenkins avatar Dec 13 '15 16:12 stevejenkins

Thanks for the project!

I'd like to suggest fastmail.com

6qw avatar Jun 01 '16 17:06 6qw

Hi, @6qw. I've added fastmail.com and it's now included as of v1.33. See commit 9a1ada3.

Thanks for the suggestion.

stevejenkins avatar Jun 13 '16 17:06 stevejenkins

Great tool. Thank you! Please consider allowing custom/local lists be put in a local conf file for options like simplify= and the *_hosts= to allow for easy updating of the main postwhite script. I have added to the *_hosts= lists so updates are difficult. Something like a postwhite.conf file would be very helpful so I could keep my local *_hosts= lists that would be appended to the default lists.

dajones70 avatar Feb 12 '17 20:02 dajones70

Consider adding facebookmail.com to social_hosts= list.

dajones70 avatar Feb 12 '17 20:02 dajones70

Done and done! Please see new version. Thanks for the suggestion, @dajones70 :)

stevejenkins avatar Feb 12 '17 23:02 stevejenkins

How about Sparkpost and parent company Momentum/MessageSystems?

qskousen avatar Feb 15 '17 22:02 qskousen

comcast.net centurylink.net embarqmail.com rr.com to webmail_hosts amazonses.com mxlogic.net messagelabs.com messagegears.net authsmtp.com to bulk_hosts

dajones70 avatar Mar 14 '18 17:03 dajones70

Thanks for the suggestions, @dajones70!

Those bulk hosts all appear like good potential candidates, but I'm hesitant to include ISPs like Comcast, CenturyLink, and RoadRunner since they are much more than simple webmail hosts. Those residential networks are teaming with botspam from soccer moms' computers who downloaded some toolbar or app or cute game. Postwhite doesn't create a whitelist for Postfix, just for Postscreen. And since the primary purpose of Postscreen is to be a quick frontline defense against botspam, I feel like forcing everyone who uses Postwhite to skip Postscreen analysis of connections from botspam-heavy networks is a bit too aggressive for the average Postfix admin. As far as I know, the webmail hosts you suggested don't do outbound screening for botspam. The "mega" webmail hosts like Google, Yahoo, and Microsoft do.

The ability to easily include custom hosts is there for users like you who are comfortable with more aggressive whitelisting.

Again, thank you for the suggestions. I'll take a closer look at those bulk hosts to make sure, but at first glance I don't see anything wrong with including them. :)

stevejenkins avatar Mar 26 '18 00:03 stevejenkins

Biggest RU-Net bulk mailers: mail.ru yandex.ru qip.ru rambler.ru

toslan avatar May 14 '18 15:05 toslan

I'd suggest Steam: smtp-62.steampowered.com[208.64.202.62] and various others, apparently all in 208.64.202.0/24 I know of at least: smtp-59.steampowered.com 208.64.202.59 smtp-62.steampowered.com 208.64.202.62 smtp-01-tuk1.steampowered.com 208.64.202.37 smtp-02-tuk1.steampowered.com 208.64.202.47

incase avatar Mar 21 '20 17:03 incase

https://dmarcian.com/spf-survey/?domain=yahoo.com sadly no ips at all is valid https://dmarcian.com/spf-survey/?domain=gmail.com do we trust to many ips ? :/

i use sqlgrey with 3600 sec delay time, but not for known maillists that is not spaming ips, is postwhite possible to make sqlgrey local skip files ? eq no greylist for known maillists, postfix maillist have no spf, just to be fun :=)

xpunkt avatar Jun 01 '21 22:06 xpunkt

Office365, which is used for outlook.com and all private businesses that use Office365 business email has a page with links to their IPs here: https://docs.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-worldwide The page has links to a json file that lists all IPs and their use cases (including non-mail sending IPs such as imap migration) as well as an RSS feed for automatic updates. In my opinion Office365 is extra important to whitelist because they do not follow the resend policy in rfc5321. They attempt resends from a random different IP in their pool each time so mail is never delivered and after enough failures they will blacklist the receiving mail server from sending to Office365 domains.

skipperblue avatar Jun 08 '22 17:06 skipperblue

Tutanota should be added if it wasn't.

Domain list:

w1.tutanota.de - v=spf1 ip4:81.3.6.160/28 -all
w2.tutanota.de - v=spf1 ip4:81.3.6.160/28 -all
w3.tutanota.de - v=spf1 ip4:81.3.6.160/28 -all
w4.tutanota.de - v=spf1 ip4:81.3.6.160/28 -all

Generally, should I write a PR to the postwhite script, patching the webmail_hosts section for this to work?

6r1d avatar Sep 16 '23 13:09 6r1d