> >One thing it will not get past is where I check for forged HELOs that use > >my IP as the HELO. But the above seems to be using my IP as the HELO and > >still getting through. > > Run the 4tuple filter so you can see the HELO logged by postfix rather than > pick it up later in the Received headers.
My problem with my postmaster address acting as if it was whitelisted happened again. So I did some more testing to see if I could nail down the why, and then sent the results into the Postfix list to see if anyone else had some ideas. Vi[ck]tor answered, and I finally got some information I was missing. Now I know why the spam came in, and why the 4tuple did not give me any added logs about the problem. For those of you that do not read the Postfix list, here is the summary: SAV/RAV uses [EMAIL PROTECTED] as the default sender for tests. Part of this process is to whitelist this address from all checks. This is why I never saw rejects for [EMAIL PROTECTED], and why I never got 4tuple logging for it either. The solution I am trying at the moment is this: address_verify_sender = [EMAIL PROTECTED] That will change the whitelisted address for me to [EMAIL PROTECTED] which is hopefully not getting spam. --Eric
