I also receive a fair amount of spam where the HELO is either my domain name or my public-facing IP address. I block this as an additional precaution.
smtpd_helo_restrictions = permit_mynetworks, check_helo_access hash:/volume1/Config/postfix/helo_access, . . . /volume1/Config/postfix/helo_access: example.com REJECT 12.34.56.78 REJECT . . . Allen C On 17/11/16 16:25, Phil Stracchino wrote: > On 11/17/16 09:16, Sebastian Nielsen wrote: >> You have your permit_sasl_authenticated inside smtpd_sender_restrictions >> right? >> Replace that with "check_sender_access hash:/path/to/file" > > ...Right, never mind, reading too early in the morning. > > >> Inside the file /path/to/file, you add the following: >> mydomain.com permit_sasl_authenticated, reject >> >> Essentially, you move your "permit_sasl_authenticated" to the /path/to/file >> file. >> >> Or do you already have a check_sender_access containing >> permit_sasl_authenticated? > > I'm actually achieving the same end a different way: > > > smtpd_recipient_restrictions = ... > ... > check_sender_access btree:/etc/postfix/block-local-sender > > /etc/postfix/block-local-sender: > caerllewys.net REJECT Local sender address is not allowed > >