This is a low priority question. First off: thank you for postfix, it's wonderful. Its common-sense spam-stopping capabilities are serious overkill for my very modest needs but, boy, is that overkill ever nice to have.
I guess my basic question here is "does check_helo_access, or check_helo_a_access, play nicely with cidr:table's when the helo/ehlo command presents an address literal?" My cidr table includes: [127.0.0.0/8] REJECT [192.168.0.0/16] REJECT plus the other usual suspects. (Originally, I didn't have the square brackets so I added but that didn't seem to make any difference.) Using this first with check_helo_access and then, separately, with check_helo_a_access reliably catches: helo=<192.168.0.132> but never: helo=<[127.0.0.1]> FYI: I *do* have "smtpd_helo_required = yes", and the various other helo checks (e.g., reject_non_fqdn_helo_hostname and reject_invalid_helo_hostname) do work reliably. So, my experience is that check_helo(_a)?_access against this cidr table works with non-address-literals but not with address literals. Am I trying to do something unsupported? Or am I going about it the wrong way? Also FYI: any spam that gets by this does reliably get stopped by some further part of the config so this is definitely *not* a case of "postfix is broken!" Comments? Complaints? Screams of pain? Thanks. - James
