Thanks,
>> In smtpd_recipient_restrictions I put as first line: >> >> check_sender_access >> proxy:mysql:/etc/postfix/mysql-check-sender-access.cf >> >> The check looks up the database for an address or a domain ad returns an >> action (OK, REJECT, and so on). > > This sounds bad; you should not OK based on sender addresses which are > easily > spoofed. But without more information about your configuration, we can > only > guess. Indeed, I never use OK.. :-) >> Last day my server receives a lot of messages for an email address in >> one >> of the domain maintained by me. Say it "recei...@domain.tld". Even if >> the >> looks up for this email addres is succesfull and returns REJECT, all >> messages was correctly received and then delivered to the postoffice >> server. >> >> Why that messages was not blocked? >> >> What I have missed? > > You missed an important part of this mailing list's welcome message: > > TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail > :-D alias_maps = hash:/etc/aliases anvil_rate_time_unit = 60s body_checks = regexp:/etc/postfix/body_checks bounce_size_limit = 1 broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 daemon_directory = /usr/libexec/postfix debug_peer_level = 2 default_process_limit = 150 header_checks = regexp:/etc/postfix/header_checks html_directory = no inet_interfaces = $myhostname, localhost local_recipient_maps = unix:passwd.byname $alias_maps mail_owner = postfix mail_spool_directory = /var/spool/mail mailq_path = /usr/bin/mailq manpage_directory = /usr/local/man message_size_limit = 35840000 minimal_backoff_time = 1800s mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mydomain = av5.sttspa.it myhostname = av5.sttspa.it mynetworks = /etc/postfix/relayzahra2 myorigin = $mydomain newaliases_path = /usr/bin/newaliases proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks proxy:mysql:/etc/postfix/mysql-check-recipient-access.cf proxy:mysql:/etc/postfix/mysql-check-client-access.cf proxy:mysql:/etc/postfix/mysql-check-sender-access.cf proxy:mysql:/etc/postfix/mysql-relay-recipients.cf proxy:mysql:/etc/postfix/mysql-transport.cf proxy:mysql:/etc/postfix/mysql-check-client-filter-access.cf queue_directory = /var/spool/postfix readme_directory = no relay_domains = proxy:mysql:/etc/postfix/mysql-relay-domains.cf relay_recipient_maps = proxy:mysql:/etc/postfix/mysql-relay-recipients.cf sample_directory = /etc/postfix sendmail_path = /usr/sbin/sendmail setgid_group = postdrop smtp_connect_timeout = 10s smtp_discard_ehlo_keyword_address_maps = hash:/etc/postfix/mta_workarounds smtpd_banner = $myhostname smtpd_client_connection_count_limit = 50 smtpd_client_connection_rate_limit = 100 smtpd_client_message_rate_limit = 60 smtpd_client_recipient_rate_limit = 250 smtpd_client_restrictions = check_client_access proxy:mysql:/etc/postfix/mysql-check-client-filter-access.cf smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031 smtpd_helo_restrictions = smtpd_recipient_restrictions = check_sender_access proxy:mysql:/etc/postfix/mysql-check-sender-access.cf check_recipient_access proxy:mysql:/etc/postfix/mysql-check-recipient-access.cf check_client_access proxy:mysql:/etc/postfix/mysql-check-client-access.cf permit_mynetworks permit_sasl_authenticated check_policy_service inet:127.0.0.1:54000 reject_unauth_destination reject_non_fqdn_sender reject_non_fqdn_recipient reject_unlisted_sender reject_unlisted_recipient reject_unknown_sender_domain reject_invalid_hostname reject_rbl_client zen.spamhaus.org reject_rbl_client list.dsbl.org check_policy_service inet:127.0.0.1:10031 smtpd_sasl_auth_enable = yes smtpd_sender_restrictions = strict_rfc821_envelopes = yes transport_maps = proxy:mysql:/etc/postfix/mysql-transport.cf unknown_local_recipient_reject_code = 550 rocsca
