On Mon, Apr 11, 2011 at 10:18:34AM -0400, Alex wrote:
> > Sounds as if the mail is being rejected by reject_unknown_sender_domain.
> > ?Your check_sender_access whitelist needs to be before
> > ?reject_unknown_sender_domain in the same smtpd_*_restrictions section.
>
> Okay, I've even put the sender_access map first and it is still
> rejected. Below is the output from postconf:
NEVER put sender whitelists first in smtpd_recipient_restrictions,
do put them after "reject_unauth_destination", but before any
sender-specific restrictions that require a whitelist.
> smtpd_recipient_restrictions =
> # DO NOT DO THIS: Open Relay!
> check_sender_access hash:/etc/postfix/sender_checks,
> reject_non_fqdn_sender,
> reject_non_fqdn_recipient,
> reject_unknown_sender_domain,
> reject_unknown_recipient_domain,
> reject_unauth_pipelining,
> permit_mynetworks,
> permit_sasl_authenticated,
> reject_invalid_hostname,
> reject_non_fqdn_hostname,
> reject_unauth_destination,
> check_recipient_access pcre:/etc/postfix/recip_map,
> check_recipient_access pcre:/etc/postfix/relay_recips_access,
> check_helo_access hash:/etc/postfix/helo_checks,
> check_sender_access hash:/etc/postfix/sender_checks,
> check_sender_access hash:/etc/postfix/disallow_my_domain,
> check_client_access hash:/etc/postfix/client_access,
> check_client_access pcre:/etc/postfix/client_checks.pcre,
> reject_rbl_client zen.spamhaus.org,
> reject_rbl_client bl.spamcop.net,
> permit
>
> smtpd_sender_restrictions =
> permit_sasl_authenticated,
> permit_mynetworks,
> reject_non_fqdn_sender,
> reject_unknown_sender_domain,
> reject_unauth_pipelining,
> permit
Remove the sender checks from the recipient restrictions, and apply
the whitelist in the sender checks.
--
Viktor.
