From 6c5d82c4df2cf24be38608e45b4e1e6bed6e61b2 Mon Sep 17 00:00:00 2001 From: DerLinkman Date: Thu, 28 Aug 2025 14:06:17 +0200 Subject: [PATCH] expanded postscreen whitelist with modern freemailers + included checks.mailcow.email --- data/conf/postfix/postscreen_access.cidr | 98 +++++++++++++++---- helper-scripts/update_postscreen_whitelist.sh | 5 +- 2 files changed, 82 insertions(+), 21 deletions(-) diff --git a/data/conf/postfix/postscreen_access.cidr b/data/conf/postfix/postscreen_access.cidr index 4453feca3..1783620dd 100644 --- a/data/conf/postfix/postscreen_access.cidr +++ b/data/conf/postfix/postscreen_access.cidr @@ -1,13 +1,25 @@ -# Whitelist generated by Postwhite v3.4 on Fri Aug 1 00:24:14 UTC 2025 +# Whitelist generated by Postwhite v3.4 on Do 28. Aug 14:05:16 CEST 2025 # https://github.com/stevejenkins/postwhite/ -# 2166 total rules +# 2225 total rules 2a00:1450:4000::/36 permit 2a01:111:f400::/48 permit +2a01:111:f403::/49 permit 2a01:111:f403:8000::/50 permit 2a01:111:f403:8000::/51 permit -2a01:111:f403::/49 permit 2a01:111:f403:c000::/51 permit 2a01:111:f403:f000::/52 permit +2a01:238:20a:202:5370::1 permit +2a01:238:20a:202:5372::1 permit +2a01:238:20a:202:5373::1 permit +2a01:238:400:101:53::1 permit +2a01:238:400:102:53::1 permit +2a01:238:400:103:53::1 permit +2a01:238:400:301:53::1 permit +2a01:238:400:302:53::1 permit +2a01:238:400:303:53::1 permit +2a01:238:400:470:53::1 permit +2a01:238:400:471:53::1 permit +2a01:238:400:472:53::1 permit 2a01:b747:3000:200::/56 permit 2a01:b747:3001:200::/56 permit 2a01:b747:3002:200::/56 permit @@ -17,16 +29,17 @@ 2a01:b747:3006:200::/56 permit 2a02:a60:0:5::/64 permit 2c0f:fb50:4000::/36 permit -2.207.151.53 permit 2.207.217.30 permit 3.64.237.68 permit 3.65.3.180 permit 3.70.123.177 permit 3.72.182.33 permit 3.74.81.189 permit +3.74.125.228 permit 3.75.33.185 permit 3.93.157.0/24 permit 3.94.40.108 permit +3.121.107.214 permit 3.129.120.190 permit 3.210.190.0/24 permit 3.211.80.218 permit @@ -42,7 +55,7 @@ 8.40.222.0/23 permit 8.40.222.250/31 permit 12.130.86.238 permit -13.107.253.40 permit +13.107.253.44 permit 13.110.208.0/21 permit 13.110.209.0/24 permit 13.110.216.0/22 permit @@ -64,6 +77,8 @@ 18.97.2.64/26 permit 18.156.89.250 permit 18.156.205.64 permit +18.157.70.148 permit +18.157.114.255 permit 18.157.243.190 permit 18.158.153.154 permit 18.194.95.56 permit @@ -75,9 +90,7 @@ 18.216.232.154 permit 18.235.27.253 permit 18.236.40.242 permit -18.236.56.161 permit 20.51.6.32/30 permit -20.51.98.61 permit 20.52.52.2 permit 20.52.128.133 permit 20.59.80.4/30 permit @@ -153,7 +166,6 @@ 34.212.163.75 permit 34.215.104.144 permit 34.218.115.239 permit -34.218.116.3 permit 34.225.212.172 permit 34.241.242.183 permit 35.83.148.184 permit @@ -171,6 +183,7 @@ 37.218.249.47 permit 37.218.251.62 permit 39.156.163.64/29 permit +40.90.65.81 permit 40.92.0.0/15 permit 40.92.0.0/16 permit 40.107.0.0/16 permit @@ -178,6 +191,7 @@ 40.233.64.216 permit 40.233.83.78 permit 40.233.88.28 permit +43.239.212.33 permit 44.206.138.57 permit 44.210.169.44 permit 44.217.45.156 permit @@ -188,7 +202,10 @@ 44.246.68.102 permit 44.246.77.92 permit 45.14.148.0/22 permit -46.19.170.16 permit +45.143.132.0/24 permit +45.143.133.0/24 permit +45.143.134.0/24 permit +45.143.135.0/24 permit 46.226.48.0/21 permit 46.228.36.37 permit 46.228.36.38/31 permit @@ -254,6 +271,9 @@ 50.56.130.221 permit 50.56.130.222 permit 50.112.246.219 permit +51.77.79.158 permit +51.83.17.38 permit +51.89.119.103 permit 52.1.14.157 permit 52.5.230.59 permit 52.6.74.205 permit @@ -304,6 +324,8 @@ 52.234.172.96/28 permit 52.235.253.128 permit 52.236.28.240/28 permit +54.36.149.183 permit +54.38.221.122 permit 54.90.148.255 permit 54.165.19.38 permit 54.174.52.0/24 permit @@ -324,6 +346,7 @@ 54.255.61.23 permit 56.124.6.228 permit 57.103.64.0/18 permit +57.129.93.249 permit 62.13.128.0/24 permit 62.13.129.128/25 permit 62.13.136.0/21 permit @@ -643,6 +666,11 @@ 77.238.189.142 permit 77.238.189.146/31 permit 77.238.189.148/30 permit +79.135.106.0/24 permit +79.135.107.0/24 permit +81.169.146.243 permit +81.169.146.245 permit +81.169.146.246 permit 81.223.46.0/27 permit 82.165.159.2 permit 82.165.159.3 permit @@ -658,7 +686,17 @@ 82.165.159.45 permit 82.165.159.130 permit 82.165.159.131 permit +85.9.206.169 permit +85.9.210.45 permit 85.158.136.0/21 permit +85.215.255.39 permit +85.215.255.40 permit +85.215.255.41 permit +85.215.255.45 permit +85.215.255.46 permit +85.215.255.47 permit +85.215.255.48 permit +85.215.255.49 permit 86.61.88.25 permit 87.238.80.0/21 permit 87.248.103.12 permit @@ -698,6 +736,7 @@ 87.248.117.205 permit 87.253.232.0/21 permit 89.22.108.0/24 permit +91.134.188.129 permit 91.198.2.0/24 permit 91.211.240.0/22 permit 94.236.119.0/26 permit @@ -1342,9 +1381,9 @@ 108.174.6.215 permit 108.175.18.45 permit 108.175.30.45 permit -108.177.8.0/22 permit -108.177.96.0/19 permit +108.177.96.0/20 permit 108.179.144.0/20 permit +109.224.244.0/24 permit 109.237.142.0/24 permit 111.221.23.128/25 permit 111.221.26.0/27 permit @@ -1508,7 +1547,6 @@ 148.105.0.0/16 permit 148.105.8.0/21 permit 149.72.0.0/16 permit -149.72.223.204 permit 149.72.248.236 permit 149.97.173.180 permit 150.230.98.160 permit @@ -1623,7 +1661,6 @@ 169.148.144.0/25 permit 169.148.144.10 permit 169.148.146.0/23 permit -169.148.174.33 permit 169.148.175.3 permit 169.148.188.0/24 permit 169.148.188.182 permit @@ -1671,6 +1708,9 @@ 185.12.80.0/22 permit 185.28.196.0/22 permit 185.58.84.93 permit +185.70.40.0/24 permit +185.70.41.0/24 permit +185.70.43.0/24 permit 185.80.93.204 permit 185.80.93.227 permit 185.80.95.31 permit @@ -1732,6 +1772,7 @@ 188.125.85.234/31 permit 188.125.85.236/31 permit 188.125.85.238 permit +188.165.51.139 permit 188.172.128.0/20 permit 192.0.64.0/18 permit 192.18.139.154 permit @@ -1757,7 +1798,11 @@ 193.142.157.0/24 permit 193.142.157.191 permit 193.142.157.198 permit +193.201.168.38 permit +193.201.168.170/31 permit 194.19.134.0/25 permit +194.25.134.16/28 permit +194.25.134.80/28 permit 194.64.234.129 permit 194.97.196.0/24 permit 194.97.196.3 permit @@ -1957,8 +2002,6 @@ 208.71.42.212/31 permit 208.71.42.214 permit 208.72.249.240/29 permit -208.74.204.5 permit -208.74.204.9 permit 208.75.120.0/22 permit 208.76.62.0/24 permit 208.76.63.0/24 permit @@ -2022,6 +2065,8 @@ 212.227.15.4 permit 212.227.15.5 permit 212.227.15.6 permit +212.227.15.7 permit +212.227.15.8 permit 212.227.15.14 permit 212.227.15.15 permit 212.227.15.18 permit @@ -2038,16 +2083,30 @@ 212.227.15.53 permit 212.227.15.54 permit 212.227.15.55 permit +212.227.17.1 permit +212.227.17.2 permit +212.227.17.7 permit 212.227.17.11 permit 212.227.17.12 permit +212.227.17.16 permit +212.227.17.17 permit 212.227.17.18 permit 212.227.17.19 permit 212.227.17.20 permit 212.227.17.21 permit 212.227.17.22 permit 212.227.17.26 permit +212.227.17.27 permit 212.227.17.28 permit 212.227.17.29 permit +212.227.126.206 permit +212.227.126.207 permit +212.227.126.208 permit +212.227.126.209 permit +212.227.126.220 permit +212.227.126.221 permit +212.227.126.222 permit +212.227.126.223 permit 212.227.126.224 permit 212.227.126.225 permit 212.227.126.226 permit @@ -2155,16 +2214,17 @@ 2607:13c0:0002:0000:0000:0000:0000:1000/116 permit 2607:13c0:0004:0000:0000:0000:0000:0000/116 permit 2607:f8b0:4000::/36 permit -2620:109:c003:104::/64 permit 2620:109:c003:104::215 permit -2620:109:c006:104::/64 permit +2620:109:c003:104::/64 permit 2620:109:c006:104::215 permit +2620:109:c006:104::/64 permit 2620:109:c00d:104::/64 permit 2620:10d:c090:400::8:1 permit 2620:10d:c091:400::8:1 permit 2620:10d:c09b:400::8:1 permit 2620:10d:c09c:400::8:1 permit -2620:119:50c0:207::/64 permit 2620:119:50c0:207::215 permit +2620:119:50c0:207::/64 permit 2800:3f0:4000::/36 permit -194.25.134.0/24 permit # t-online.de +49.12.4.251 permit # checks.mailcow.email +2a01:4f8:c17:7906::10 permit # checks.mailcow.email diff --git a/helper-scripts/update_postscreen_whitelist.sh b/helper-scripts/update_postscreen_whitelist.sh index 04335bda5..dda64b263 100644 --- a/helper-scripts/update_postscreen_whitelist.sh +++ b/helper-scripts/update_postscreen_whitelist.sh @@ -6,9 +6,10 @@ SPFTOOLS_DIR=${WORKING_DIR}/spf-tools POSTWHITE_DIR=${WORKING_DIR}/postwhite POSTWHITE_CONF=${POSTWHITE_DIR}/postwhite.conf -CUSTOM_HOSTS='"web.de gmx.net mail.de freenet.de arcor.de unity-mail.de"' +CUSTOM_HOSTS='"web.de gmx.net mail.de freenet.de arcor.de unity-mail.de protonmail.ch ionos.com strato.com t-online.de"' STATIC_HOSTS=( - "194.25.134.0/24 permit # t-online.de" + "49.12.4.251 permit # checks.mailcow.email" + "2a01:4f8:c17:7906::10 permit # checks.mailcow.email" ) mkdir ${SCRIPT_DIR}/postwhite_tmp