Stan Hoeppner a écrit :
> I can't figure out why my whitelist entry for 204.238.179.0/24 is being
> ignored. If not for a transient DNS failure this afternoon I'd not have
> known this was broken. The check_client_access whitelist entry _should_
> have triggered before reject_unknown_client_hostname. Any ideas why is
> doesn't/didn't?
>
> [snip]
> smtpd_helo_restrictions =
> check_recipient_access hash:/etc/postfix/access
> reject_non_fqdn_helo_hostname
> reject_invalid_helo_hostname
Look at this one:
> reject_unknown_helo_hostname
> [snip]
> ...
>
> Dec 4 13:39:15 greer postfix/smtpd[7124]: NOQUEUE: reject: RCPT from
> unknown[204.238.179.8]: 450 4.7.1 <mx1.mfn.org>: Helo command rejected:
> Host not found; from=<spam-l-boun...@spam-l.com>
> to=<s...@hardwarefreak.com> proto=ESMTP helo=<mx1.mfn.org>
>
> Any clues as to what's wrong?
>
there is no check_client_access wihtelist in your
smtpd_helo_restrictions, (before reject_unknown_helo_hostname).
to avoid having to repeat your whitelists under every
smtpd_mumble_restrictions, consider putting all your anti-spam checks
under smtpd_recipient_restrictions.
Also, avoid using a single /etc/postfix/access for different
check_mumble_access. use one file per check (the checks are not looking
for the same thing. so mixing the maps is not clean, and makes
troubleshooting harder).
smtpd_recipient_restrictions =
reject_non_fqdn_sender
reject_non_fqdn_recipient
permit_mynetworks
reject_unauth_destination
#
reject_unlisted_recipient
reject_unlisted_sender
#
check_recipient_access hash:/etc/postfix/access_recipient
check_client_access hash:/etc/postfix/access_client
check_helo_access hash:/etc/postfix/access_helo
check_sender_access hash:/etc/postfix/access_sender
...
reject_unknown_client_hostname
reject_non_fqdn_helo_hostname
reject_invalid_helo_hostname
reject_unknown_helo_hostname
#
reject_rbl_client zen.spamhaus.org
check_policy_service inet:127.0.0.1:60000
