Sahil, et.al: >Use an access(5) or transport(5) map:
It appears that using an access map would best meet my need. I do not currently use an access map. Can you/anyone assist me with the proper placement of check_client_access hash:/etc/postfix/access in my setup? I don't want to screw up my restrictions which otherwise work properly. I *think* putting it last, after my greylisting line (see comment in postconf output below) would be appropriate. I think I'd want them to pass all other spam checks before rejecting semi-legitimate mail to this particular address with my specific reject message. Thanks, Scott postconf -n: alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 daemon_directory = /usr/libexec/postfix debug_peer_level = 2 disable_vrfy_command = yes html_directory = no inet_interfaces = $myhostname, localhost local_recipient_maps = hash:/etc/postfix/local_recipient mail_owner = postfix mail_spool_directory = /var/spool/mail mailbox_size_limit = 483886080 mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man message_size_limit = 10485760 mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mydomain = companypostoffice.com myhostname = tn1.companypostoffice.com mynetworks = localhost,$localdomain, xx.xx.xx.xx/32, xx.xx.xx.xx/32 myorigin = $myhostname newaliases_path = /usr/bin/newaliases.postfix parent_domain_matches_subdomains = smtpd_access_maps queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES recipient_bcc_maps = hash:/etc/postfix/recipient_bcc relay_domains = differentdomain.com relay_recipient_maps = hash:/etc/postfix/relay_recipients sample_directory = /usr/share/doc/postfix-2.2.10/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_data_restrictions = reject_unauth_pipelining, permit smtpd_helo_required = yes smtpd_recipient_limit = 1500 smtpd_recipient_restrictions = reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, permit_mynetworks, reject_unauth_destination, check_recipient_mx_access hash:/etc/postfix/mx_access, check_sender_mx_access hash:/etc/postfix/mx_access, reject_unknown_sender_domain, check_recipient_access pcre:/etc/postfix/recipient_checks.pcre, check_helo_access hash:/etc/postfix/helo_checks, check_sender_access hash:/etc/postfix/sender_checks, check_client_access hash:/etc/postfix/client_checks, check_client_access pcre:/etc/postfix/client_checks.pcre, reject_rbl_client list.dsbl.org, reject_rbl_client zen.spamhaus.org, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client psbl.surriel.com, reject_rbl_client bl.spamcop.net, check_policy_service unix:postgrey/socket, permit ## access map check here ?? smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous smtpd_tls_CAfile = /etc/postfix/certs/cacert.pem smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/postfix/certs/postfix_public_cert.pem smtpd_tls_key_file = /etc/postfix/certs/postfix_private_key.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes soft_bounce = no tls_random_source = dev:/dev/urandom transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550 virtual_alias_domains = hash:/etc/postfix/virtual_domains virtual_alias_maps = hash:/etc/postfix/virtual_users