Hi, I hoped someone could clarify for me the difference between check_sender_access and check_client_access? I don't know why the docs are unclear to me.
When is a sender_access restriction used and when is a client_access restriction used? I thought the client_access was based on the envelope information (MAIL FROM:), but I've read so much contradictory information that I'm confused. If I wanted to block mail from a specific remote user, as we normally think of the "From:" field, it would go in client_access, I believe. sender_access would be based on the RCPT TO: information, then? I'm not sure how the flow works; whether it's the client_access first or sender_access, or vice-versa. Would it be better to put check_sender_access in the sender_restrictions instead? I currently have no sender_restrictions. I have the following in my logs from yesterday that I'm concerned about: Nov 10 00:06:33 smtp01 postfix_1/qmgr[12340]: 24A2B5603A6: from=<i...@compensation.com>, size=3082, nrcpt=50 (qu eue active) Nov 10 00:06:33 smtp01 postfix_1/qmgr[12340]: 24A2B5603A6: to=<mac...@yahoo.com>, relay=none, delay=14656, sta tus=deferred (connect to b.mx.mail.yahoo.com[66.196.82.7]: server refused mail service) I removed all the active, defer'd and deferred files from the second instance so they would no longer try to be delivered. This is not good. We are not responsible for the compensation.com domain. It also looks like there's 50 recipients, and the data from the queue file is obvious spam. It also looks like yahoo has now greylisted this server because it's refusing service, and other mail servers have blocked us outright. I know this mail came from 81.169.130.185, h1372645.stratoserver.net, based on the information in the queue data, but the first occurrence I can find of this IP address in the logs is embedded in the message-id. There is no occurrence of this IP address in the pop-before-smtp logs, so it didn't come from an authorized user there. Below is my smtpd_recipient_restrictions again. Hopefully someone has some ideas while I work on upgrading to a more recent version? smtpd_recipient_restrictions = reject_non_fqdn_sender reject_non_fqdn_recipient permit_mynetworks check_client_access hash:/etc/postfix/pop-before-smtp reject_unauth_destination reject_invalid_hostname reject_non_fqdn_hostname reject_unknown_sender_domain # reject_unknown_recipient_domain # reject_unauth_pipelining check_client_access hash:/etc/postfix/client_checks check_client_access pcre:/etc/postfix/client_checks.pcre check_recipient_access pcre:/etc/postfix/recipient_checks check_helo_access hash:/etc/postfix/helo_checks check_sender_access hash:/etc/postfix/sender_checks check_sender_access hash:/etc/postfix/disallow_my_domain check_recipient_access pcre:/etc/postfix/recipient_checks.pcre Below is the other relevant information from main.cf. Please excuse the obscuring of my real domain with 'exxample.com' in its place. mydestination = $myhostname, localhost.$mydomain, smtp0.exxample.com mydomain = exxample.com myhostname = smtp0.exxample.com Thanks so much. Best regards, Alex On Wed, Nov 11, 2009 at 12:05 PM, Alex <mysqlstud...@gmail.com> wrote: > Hi, > >>> I'm still using postfix-1.x, >> >> Most people here would stop reading there and press/click delete (or >> some might simply click 'Reply' and add the words 'upgrade'). >> >> So... UPGRADE. It is time. > > Thanks for hitting me with the well-deserved clue-bat. Advice well taken. > > Now, what if I said I was still using bind-4? Heh, just joking :-) > > Thanks again, > Alex >