Todd A. Jacobs wrote:
On Wed, Jan 21, 2009 at 04:26:27PM -0500, Jorey Bump wrote:
Logically, it doesn't make sense to perform recipient checks before
you know the recipient.
Okay, I'll buy that. But this still doesn't work:
smtpd_delay_reject = yes
smtpd_recipient_restrictions =
check_recipient_mx_access hash:/etc/postfix/mx_access
check_recipient_access hash:/etc/postfix/recipient_access
check_sender_access hash:/etc/postfix/sender_access
check_client_access hash:/etc/postfix/domain_access
check_helo_access hash:/etc/postfix/helo_access
reject_invalid_helo_hostname
reject_non_fqdn_helo_hostname
reject_unknown_helo_hostname
reject_unknown_sender_domain
reject_rbl_client zen.spamhaus.org
permit_mynetworks
reject_unauth_destination
check_policy_service inet:127.0.0.1:60000
# /etc/postfix/mx_access
secureserver.net REJECT
smtp.secureserver.net REJECT
If it's the first check, shouldn't all mail destined to the
secureserver.net MX be bounced? Why is it still going through?
Show us an example or two of what's being missed.
Show us "postconf -n" output so we know you haven't
fat-fingered the config somewhere.
Note this will not affect mail already in the queue, nor will
it affect mail submitted via the sendmail(1) command.
Showing logging of mail that you think should have been
rejected will help.
http://www.postfix.org/DEBUG_README.html#mail
--
Noel Jones
