On Mon, Aug 8, 2011 at 4:13 PM, Ansgar Wiechers <li...@planetcobalt.net> wrote: > On 2011-08-08 Christopher Adams wrote: >> I have attempted to block a domain from sending through my mail >> system. The result of my efforts is that this domain can still send >> mail. Here is what I have done. >> >> Created a sender_access file in /etc/postfix. The content: >> >> zeusmail.org REJECT >> apotmail.org REJECT >> >> postmap /etc/postfix/sender_access >> >> I added this to main.cf: >> smtpd_sender_restrictions = check_sender_access >> hash:/etc/postfix/sender_access >> >> I restarted Postfix. >> >> As I said above, mail from the apotmail.org domain continues to come >> through. What have I missed? > > To show evidence. Please post > > a) output of "postconf -n" > b) output of "postmap -q apotmail.org hash:/etc/postfix/sender_access" > c) a log excerpt demonstrating the issue (from submission to delivery of > the mail in question) > > Regards > Ansgar Wiechers
Thank you for your reply. The system that Postix is running on has a Mailman installation and the mail in question is related to mailing lists. 1) postconf -n alias_database = hash:/etc/postfix/aliases alias_maps = hash:/etc/postfix/aliases, hash:/usr/local/mailman/data/aliases command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 2 default_privs = nobody default_verp_delimiters = += header_checks = regexp:/etc/postfix/header_checks html_directory = no mail_owner = postfix mail_spool_directory = /var/spool/mail mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man message_size_limit = 10145728 mime_header_checks = regexp:/etc/postfix/mime_header_checks mydestination = $myhostname, localhost.$mydomain, localhost.localdomain, listsmart.$mydomain, swiki.$mydomain mydomain = osl.state.or.us mynetworks = 159.121.122.0/24, 127.0.0.0/8, 159.121.109.0/24 mynetworks_style = subnet newaliases_path = /usr/bin/newaliases queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.0.16/README_FILES recipient_delimiter = + sample_directory = /usr/share/doc/postfix-2.0.16/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_helo_required = yes smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination check_client_access hash:/etc/postfix/client_whitelist reject_rbl_client bl.spamcop.net reject_rbl_client cbl.abuseat.org reject_invalid_hostname reject_non_fqdn_hostname reject_non_fqdn_sender reject_non_fqdn_recipient reject_unknown_sender_domain reject_unknown_recipient_domain permit smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access unknown_local_recipient_reject_code = 450 2) /usr/sbin/postmap -q apotmail.com hash:/etc/postfix/sender_access (I had mistyped in my initial posting. It is apotmail.com, not .org) REJECT 3) Logs This is a mailman subscribe.log that shows a subscription being approved by a mail administrator Aug 08 09:24:50 2011 (21056) lhdaccreditation: new albina.rit...@apotmail.com, via admin approval This is from the maillog that shows the message for the pending subscription request being sent back to the sender. Aug 8 09:24:52 swiki postfix/smtp[20686]: 2B075199855F: to=<albina.rit...@apotmail.com>, relay=mail.apotmail.com[209.190.19.68]:25, delay=0.9, delays=0.01/0/0.75/0.14, dsn=2.0.0, status=sent (250 OK id=1QqTB1-0005jv-1K) Thank you, Christopher Adams adam...@gmail.com