> >One thing it will not get past is where I check for forged HELOs that use > >my IP as the HELO. But the above seems to be using my IP as the HELO and > >still getting through. > > Run the 4tuple filter so you can see the HELO logged by postfix rather than > pick it up later in the Received headers.
Well, one problem with that that I did not think of till I tried it myself. Order of operations. The tests you did were not logged, but since you did not send any email it is no huge surprise. So I went to my postmaster account, and checked the spam, and there was one from today. But it is not logged with the 4tuple. Why? Because the postmaster@ OK happens before the 4tuple. So I will have to move the 4tuple up above my OK checks for a while and see what happens. Boy that sure is going to make some huge logs for a while, but... imgate01# df Filesystem 1K-blocks Used Avail Capacity Mounted on /dev/ad0s1a 2064302 67728 1831430 4% / /dev/ad0s1f 912206 4 839226 0% /tmp /dev/ad0s1g 8258718 197100 7400922 3% /usr /dev/ad0s1e 8257742 358522 7238602 5% /var procfs 4 4 0 100% /proc ...I have space. --Eric
