Re: understanding smtpd mumble restrictions - more questions

[pf at alt-ctrl-del.org]

On 10/13/2010 10:08 PM, pf at alt-ctrl-del.org wrote:

I've used postfix as an incoming anti-spam gateway for several
years. Now, I'm experimenting with an additional postfix'n +
policydV2 as an outbound gateway for another mail server.

mynetworks = 127.0.0.0/8, PO.ST.FIX.IP, MAIL.SER.VER.IP
smtpd_helo_restrictions = permit_mynetworks
smtpd_client_restrictions = permit_mynetworks,reject
smtpd_sender_restrictions = check_policy_service
inet:127.0.0.1:10031,permit_mynetworks
# smtpd_recipient_restrictions =

Everything appears to work as expected.

But if I add,
smtpd_delay_reject = no
The MAIL.SER.VER.IP is rejected with "Access denied"

I've also tried it with only the following defined,
smtpd_client_restrictions = permit_mynetworks,reject
smtpd_sender_restrictions = check_policy_service
inet:127.0.0.1:10031

Why is the mynetworks address rejected, when
smtpd_delay_reject = no, but not rejected when
smtpd_delay_reject = yes?

"Noel Jones", October 13, 2010 11:51 PM:

What version of postfix is this?

Postfix 2.7.1 Ubuntu\Debian package

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
bounce_queue_lifetime = 6h
config_directory = /etc/postfix
inet_interfaces = all
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
maximal_queue_lifetime = 1d
message_size_limit = 30720000
mydestination = mailout.domain.com
mydomain = domain.com
myhostname = outbound.authenticated.smtp.domain.com
mynetworks = 127.0.0.0/8, 67.xx.yyy.xx, 67.xx.yyy.xy
myorigin = domain.com
readme_directory = no
relay_domains = $mynetworks
show_user_unknown_table_name = no
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_restrictions = permit_mynetworks,reject
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks
smtpd_recipient_limit = 50
smtpd_sender_restrictions = check_policy_service 
inet:127.0.0.1:10031,permit_mynetworks
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes