Hi Rob Thanks for your reply - that's certainly cleared a few things up!
>> check_recipient_access hash:/usr/pkg/etc/postfix/access, > > "access" is a bad name for this. Since you're checking recipient > addresses, I would suggest a name of "rcpt_access", or similar. I've renamed this to sender_access (see below). >> reject_unauth_pipelining, >> reject_non_fqdn_recipient, reject_unknown_recipient_domain, > > These two will do nothing useful. They don't hurt, but it might be > useful for you to consider what they are. Spammers are going to be > hitting you with addresses@your.actual.domains. They are probably not > trying to hit "addresses@localhost" and the like. Removed. >> I have also set smtpd_delay_reject = yes > > There is no need to set that, as "yes" is the default value. Removed. >> However my access file does not appear to be being used (specifies >> an address to be rejected, but it isn't). My access file actually listed senders, so that's why that obviously didn't work. > I don't suppose we can help with that without the relevant logs and > portions of /usr/pkg/etc/postfix/access that you think should have > matched. But before you post again, note again that it is called as a > *recipient* address lookup. It will not be searched for client, helo, > nor sender addresses. I guess what I'm after is a way to whitelist certain senders. ie. if they're okay, then no further processing is needed - just deliver. Is this possible? If so, presumably smtpd_sender_restrictions = check_sender_access hash:/sender_access is the place to put it? > This check_helo_access file, /usr/pkg/etc/postfix/helo_access, has a > better name. You are using the old syntax for > reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, and > reject_unknown_helo_hostname, but that is not a problem. I have replaced these with up-to-date syntax. Fresh postconf -n attached.