On Wed, 21 Jan 2009, Todd A. Jacobs wrote:
On Wed, Jan 21, 2009 at 04:26:27PM -0500, Jorey Bump wrote:
Logically, it doesn't make sense to perform recipient checks before
you know the recipient.
Okay, I'll buy that. But this still doesn't work:
smtpd_delay_reject = yes
smtpd_recipient_restrictions =
check_recipient_mx_access hash:/etc/postfix/mx_access
check_recipient_access hash:/etc/postfix/recipient_access
check_sender_access hash:/etc/postfix/sender_access
check_client_access hash:/etc/postfix/domain_access
check_helo_access hash:/etc/postfix/helo_access
reject_invalid_helo_hostname
reject_non_fqdn_helo_hostname
reject_unknown_helo_hostname
reject_unknown_sender_domain
reject_rbl_client zen.spamhaus.org
permit_mynetworks
reject_unauth_destination
check_policy_service inet:127.0.0.1:60000
# /etc/postfix/mx_access
secureserver.net REJECT
smtp.secureserver.net REJECT
If it's the first check, shouldn't all mail destined to the
secureserver.net MX be bounced? Why is it still going through?
check_recipient_mx_access type:table
Search the specified access(5) database for the MX hosts for the
RCPT TO domain, and execute the corresponding action.
Are you sure 'secureserver.net' and/or 'smtp.secureserver.net' are MX
records for the RCPT TO domain of the message you think should be getting
rejected?
