Greg Earle: > [root@isolar postfix]# grep postgrey master.cf > -o { smtpd_recipient_restrictions= > permit_mynetworks,permit_sasl_authenticated,check_policy_service > unix:postgrey/socket,reject_rhsbl_helo > dbl.spamhaus.org,reject_rhsbl_reverse_client > dbl.spamhaus.org,reject_rhsbl_sender dbl.spamhaus.org,reject_rbl_client > zen.spamhaus.org,reject } > -o { smtpd_recipient_restrictions= > permit_mynetworks,permit_sasl_authenticated,check_policy_service > unix:postgrey/socket,reject_rhsbl_helo > dbl.spamhaus.org,reject_rhsbl_reverse_client > dbl.spamhaus.org,reject_rhsbl_sender dbl.spamhaus.org,reject_rbl_client > zen.spamhaus.org,reject } > > But when a new e-mail comes in (that isn't sent from a whitelisted > domain), an strace shows that the postgrey server doesn't even twitch, > and an strace on the Postfix listener doesn't show any attempt to > connect to that postgrey socket.
You are not witelisting domains, instead you are whitelisting networkd (permit_mynetworks) and SASL-authenticated clients (permit_sasl_authenticated). If these two master.cf lines are for "submission" and "smtps", then those lines won't have any effect on the "smtp" service that spambots and MTAs connect to. Wietse