I have inherited the management of a postfix mail server. The prior admin is not available to consult. The server is working fine as he configured it. Client access checks are used to whitelist by IP address for known mail clients who would otherwise be rejected due to invalid helo information. There are some clients who send from multiple IP addresses, and rather than managing their IP address access, it would be simpler to whitelist their email addresses. I tried adding check_sender_access, with a table containing only 2 addresses, e.g.:
User1@domain1 OK User2@domain2 OK Immediately after enabling this check, but not discovered until about 24 hours later, all incoming mail from eternal addresses was being rejected. Immediately after disabling this check, mail queued at external servers began arriving in user mailboxes. Below is a chunk of the main.cf file. Again, I inherited this, and this is my first exposure to postfix. While I've been able to figure out the some things about how it works, obviously I've not got it all yet! :-) I could really use some help understanding why my commented line below caused incoming mail to stop being received, and what I need to do in order to whitelist specific email addresses. smtpd_delay_reject = no header_checks = regexp:/etc/postfix/header_checks.regexp nested_header_checks = smtpd_client_restrictions = smtpd_helo_restrictions = smtpd_sender_restrictions = smtpd_recipient_restrictions = reject_unlisted_recipient, check_client_access hash:/etc/postfix/GEN000_override, check_client_access regexp:/etc/postfix/fqrdns.regexp, check_helo_access hash:/etc/postfix/access, check_helo_access regexp:/etc/postfix/helo_blacklist.regexp, check_sender_access hash:/etc/postfix/blacklist, check_sender_access regexp:/etc/postfix/sender_blacklist.regexp, check_sender_mx_access cidr:/etc/postfix/mx_access.txt, # check_sender_access hash:/etc/posfix/mywhitelist <-- this killed all incoming mail when enabled check_client_access hash:/etc/postfix/broken_helos, reject_invalid_hostname, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, check_sender_access regexp:/etc/postfix/filter_10026_catchall, permit_mynetworks, reject_non_fqdn_hostname, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access hash:/etc/postfix/restricted, reject_unknown_client, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net,