Greg Earle:
> [root@isolar postfix]# grep postgrey master.cf
> -o { smtpd_recipient_restrictions=
> permit_mynetworks,permit_sasl_authenticated,check_policy_service
> unix:postgrey/socket,reject_rhsbl_helo
> dbl.spamhaus.org,reject_rhsbl_reverse_client
> dbl.spamhaus.org,reject_rhsbl_sender dbl.spamhaus.org,reject_rbl_client
> zen.spamhaus.org,reject }
> -o { smtpd_recipient_restrictions=
> permit_mynetworks,permit_sasl_authenticated,check_policy_service
> unix:postgrey/socket,reject_rhsbl_helo
> dbl.spamhaus.org,reject_rhsbl_reverse_client
> dbl.spamhaus.org,reject_rhsbl_sender dbl.spamhaus.org,reject_rbl_client
> zen.spamhaus.org,reject }
>
> But when a new e-mail comes in (that isn't sent from a whitelisted
> domain), an strace shows that the postgrey server doesn't even twitch,
> and an strace on the Postfix listener doesn't show any attempt to
> connect to that postgrey socket.
You are not witelisting domains, instead you are whitelisting
networkd (permit_mynetworks) and SASL-authenticated clients
(permit_sasl_authenticated).
If these two master.cf lines are for "submission" and "smtps", then
those lines won't have any effect on the "smtp" service that spambots
and MTAs connect to.
Wietse
