Hello there,

I've integrated into my main.cf an RBL full control to avoid spam to flood into our system, a whitelist hash table to bypass RBL and a spam lover table to enable all flood for single domains with this syntax (i'll put some more for an overview idea on it)

smtpd_recipient_restrictions = reject_non_fqdn_recipient,
reject_invalid_hostname,
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination,
reject_unauth_pipelining,
check_recipient_access hash:/opt/zimbra/conf/spam_lovers,
check_sender_access hash:/opt/zimbra/conf/sender_blacklist,
reject_unlisted_recipient,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_rbl_client dyna.spamrats.com,
reject_rbl_client noptr.spamrats.com,
reject_rbl_client spam.spamrats.com,
reject_rbl_client bl.spamcop.net,
reject_rbl_client dnsbl.sorbs.net,
permit

smtpd_relay_restrictions = permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination

smtpd_data_restrictions = reject_unauth_pipelining

smtpd_sender_restrictions = check_sender_access hash:/opt/zimbra/conf/sender_blacklist,
reject_unknown_sender_domain,
reject_non_fqdn_sender,
check_sender_access regexp:/opt/zimbra/postfix/conf/tag_as_originating.re,
permit_mynetworks,
permit_sasl_authenticated,
permit_tls_clientcerts,
check_sender_access regexp:/opt/zimbra/postfix/conf/tag_as_foreign.re

smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_unauth_pipelining,
reject_non_fqdn_hostname,
reject_invalid_helo_hostname,
reject_invalid_hostname,
permit

strict_rfc821_envelopes = yes

smtpd_etrn_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject

There is any way to integrate something on single user control panel to specify who is a trusted sender (whitelist) single name or domain, or blacklist it, by integrating this actual configuration? This is not simple becouse we're speaking about a "Global configuration" and a "per domain / per user" whitelisting/blacklisting app. It could be appreciable to level spam tagging % too, but probably this is another question and maybe require a milter server instead.

PS: whitelist/blacklist under user's preference could be the way... but no, it isn't becouse it regards only attachment emails , not RBLs ...

Any advice to integrate something usefull?

Many thanks, this is an important question to me.