On Thu, Dec 6, 2012 at 5:09 PM, Noel Jones <njo...@megan.vbhcs.org> wrote:
> On 12/6/2012 4:29 PM, Dan Lists wrote:
>> We relay email for our customers. They had some accounts Phished. I
>> wanted to hold email from those users so I could see the spam that was
>> going out and requeue the valid email.
>>
>> In main.cf I have:
>>
>> smtpd_sender_restrictions =
>> check_sender_access hash:$config_directory/sender_domains,
>> reject
>>
>> sender_domains has:
>>
>> u...@domain.tld HOLD
>> domain.tld OK
>>
>> What u...@domain.tld sends email I get:
>>
>> Dec 6 16:14:26 mailserver postfix/smtpd[47661]: NOQUEUE: hold: RCPT
>> from clientserv[12.34.56.78]: <u...@domain.tld>: Sender address
>> triggers HOLD action; from=<u...@domain.tld> to=<re...@other.dom>
>> proto=ESMTP helo=<clientserv>
>> Dec 6 16:14:26 mailserver postfix/smtpd[47661]: NOQUEUE: reject: RCPT
>> from clientserv[12.34.56.78]: 554 5.7.1 <u...@domain.tld>: Sender
>> address rejected: Access denied; from=<u...@domain.tld>
>> to=<re...@other.dom> proto=ESMTP helo=<clientserv>
>>
>> What am I doing wrong?
>
> Just a misconception... HOLD does not immediately freeze the
> message, nor does it instruct postfix to accept the message.
> Processing continues and a later restriction can still reject the
> message.
Interesting. It worked when I did something similar in
smtpd_client_restrictions.
smtpd_client_restrictions =
check_client_access hash:$config_directory/client_access
client_access:
12.34.56.78 HOLD
Is that because the smtpd_client_restrictions does not have reject listed?
> Probably the easiest solution here it to create your own HOLD_OK
> action so it works as you expect.
>
> # main.cf
> smtpd_restriction_classes =
> HOLD_OK
>
> HOLD_OK =
> reject_unauth_destination
> check_client_access static:hold
> permit
We are relaying for them, so I assume I would want to leave out
reject_unauth_destinaion.
>
> Then, in your sender_domain file,
> u...@domain.tld HOLD_OK
> domain.tld OK
>
>
> -- Noel Jones
