I also receive a fair amount of spam where the HELO is either my domain
name or my public-facing IP address. I block this as an additional
precaution.
smtpd_helo_restrictions = permit_mynetworks,
check_helo_access hash:/volume1/Config/postfix/helo_access,
. . .
/volume1/Config/postfix/helo_access:
example.com REJECT
12.34.56.78 REJECT
. . .
Allen C
On 17/11/16 16:25, Phil Stracchino wrote:
> On 11/17/16 09:16, Sebastian Nielsen wrote:
>> You have your permit_sasl_authenticated inside smtpd_sender_restrictions
>> right?
>> Replace that with "check_sender_access hash:/path/to/file"
>
> ...Right, never mind, reading too early in the morning.
>
>
>> Inside the file /path/to/file, you add the following:
>> mydomain.com permit_sasl_authenticated, reject
>>
>> Essentially, you move your "permit_sasl_authenticated" to the /path/to/file
>> file.
>>
>> Or do you already have a check_sender_access containing
>> permit_sasl_authenticated?
>
> I'm actually achieving the same end a different way:
>
>
> smtpd_recipient_restrictions = ...
> ...
> check_sender_access btree:/etc/postfix/block-local-sender
>
> /etc/postfix/block-local-sender:
> caerllewys.net REJECT Local sender address is not allowed
>
>
