Note that returning "OK" in "helo" restrictions DOES NOT short-cut "sender", "recipient" or "data" restrictions.
That is so true. I was focusing on helo checks so much that I have forgotten that I added similar checks in other restrictions. Thanks!!!! On Thu, Oct 1, 2015, at 04:59 PM, Viktor Dukhovni wrote: > On Thu, Oct 01, 2015 at 10:59:03AM +0200, Peter wrote: > > > smtpd_helo_restrictions = > > permit_mynetworks, > > check_client_access hash:/etc/postfix/helo_override, > > check_helo_access hash:/etc/postfix/helo_access, > > reject_unauth_pipelining, > > reject_invalid_helo_hostname, > > reject_non_fqdn_hostname, > > reject_invalid_hostname, > > permit > > The "reject_invalid_hostname" restriction is a legacy alias for > "reject_invalid_helo_hostname", no need to do it twice. > > http://www.postfix.org/postconf.5.html#reject_invalid_helo_hostname > > Have you checked your logs??? > > http://www.postfix.org/DEBUG_README.html#logging > > In addition to any warnings, etc, what is logged when a client is > not permitted? Note that returning "OK" in "helo" restrictions > DOES NOT short-cut "sender", "recipient" or "data" restrictions. > > -- > Viktor.
