Stan Hoeppner a écrit : > I can't figure out why my whitelist entry for 204.238.179.0/24 is being > ignored. If not for a transient DNS failure this afternoon I'd not have > known this was broken. The check_client_access whitelist entry _should_ > have triggered before reject_unknown_client_hostname. Any ideas why is > doesn't/didn't? > > [snip] > smtpd_helo_restrictions = > check_recipient_access hash:/etc/postfix/access > reject_non_fqdn_helo_hostname > reject_invalid_helo_hostname
Look at this one: > reject_unknown_helo_hostname > [snip] > ... > > Dec 4 13:39:15 greer postfix/smtpd[7124]: NOQUEUE: reject: RCPT from > unknown[204.238.179.8]: 450 4.7.1 <mx1.mfn.org>: Helo command rejected: > Host not found; from=<spam-l-boun...@spam-l.com> > to=<s...@hardwarefreak.com> proto=ESMTP helo=<mx1.mfn.org> > > Any clues as to what's wrong? > there is no check_client_access wihtelist in your smtpd_helo_restrictions, (before reject_unknown_helo_hostname). to avoid having to repeat your whitelists under every smtpd_mumble_restrictions, consider putting all your anti-spam checks under smtpd_recipient_restrictions. Also, avoid using a single /etc/postfix/access for different check_mumble_access. use one file per check (the checks are not looking for the same thing. so mixing the maps is not clean, and makes troubleshooting harder). smtpd_recipient_restrictions = reject_non_fqdn_sender reject_non_fqdn_recipient permit_mynetworks reject_unauth_destination # reject_unlisted_recipient reject_unlisted_sender # check_recipient_access hash:/etc/postfix/access_recipient check_client_access hash:/etc/postfix/access_client check_helo_access hash:/etc/postfix/access_helo check_sender_access hash:/etc/postfix/access_sender ... reject_unknown_client_hostname reject_non_fqdn_helo_hostname reject_invalid_helo_hostname reject_unknown_helo_hostname # reject_rbl_client zen.spamhaus.org check_policy_service inet:127.0.0.1:60000