On 5/7/2011 12:52 PM, Dennis Carr wrote:
On Sat, 7 May 2011, Reindl Harald wrote:
in your case you have to place the check_sender_access
policy in
"smtpd_recipient_restrictions" AFTER "permit_mynetworks" and
"permit_sasl_authenticated"
so only internal hosts and authenticated users are allowed to
use in this policy listed domains
Being that the issue seems to be stemming from an issue in
HELO, wouldn't it be more logical to work with
smtpd_helo_restrictions? The problem is that HELO comes up as
chez-vrolet.net - and while they aren't relaying (the machine
is recognizing somewhere that there is a mismatch), I need to
tune that so that it recognizes that the IP from the client is
NOT chez-vrolet.net.
-Dennis
It's safe to reject outside hosts using your domain as a HELO,
this is unlikely to reject any legit mail. Using the target
domain as HELO is a fairly common spammer tactic -- apparently
some mail systems use that for whitelisting, but postfix doesn't.
Something like:
smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
check_helo_access hash:/etc/postfix/helo_access
... other local checks ...
# helo_access
mydomain.tld REJECT HELO not allowed outside mynetwork
-- Noel Jones
