I have inherited the management of a postfix mail server. The prior admin
is not available to consult. The server is working fine as he configured
it. Client access checks are used to whitelist by IP address for known mail
clients who would otherwise be rejected due to invalid helo information.
There are some clients who send from multiple IP addresses, and rather than
managing their IP address access, it would be simpler to whitelist their
email addresses. I tried adding check_sender_access, with a table
containing only 2 addresses, e.g.:
User1@domain1 OK
User2@domain2 OK
Immediately after enabling this check, but not discovered until about 24
hours later, all incoming mail from eternal addresses was being rejected.
Immediately after disabling this check, mail queued at external servers
began arriving in user mailboxes.
Below is a chunk of the main.cf file. Again, I inherited this, and this is
my first exposure to postfix. While I've been able to figure out the some
things about how it works, obviously I've not got it all yet! :-) I could
really use some help understanding why my commented line below caused
incoming mail to stop being received, and what I need to do in order to
whitelist specific email addresses.
smtpd_delay_reject = no
header_checks = regexp:/etc/postfix/header_checks.regexp
nested_header_checks =
smtpd_client_restrictions =
smtpd_helo_restrictions =
smtpd_sender_restrictions =
smtpd_recipient_restrictions =
reject_unlisted_recipient,
check_client_access hash:/etc/postfix/GEN000_override,
check_client_access regexp:/etc/postfix/fqrdns.regexp,
check_helo_access hash:/etc/postfix/access,
check_helo_access regexp:/etc/postfix/helo_blacklist.regexp,
check_sender_access hash:/etc/postfix/blacklist,
check_sender_access regexp:/etc/postfix/sender_blacklist.regexp,
check_sender_mx_access cidr:/etc/postfix/mx_access.txt,
# check_sender_access hash:/etc/posfix/mywhitelist <-- this killed
all incoming mail when enabled
check_client_access hash:/etc/postfix/broken_helos,
reject_invalid_hostname,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
check_sender_access regexp:/etc/postfix/filter_10026_catchall,
permit_mynetworks,
reject_non_fqdn_hostname,
reject_non_fqdn_recipient,
reject_unauth_destination,
check_recipient_access hash:/etc/postfix/restricted,
reject_unknown_client,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net,
