Ahhh, is this one of the reasons some folks put 'all' of their restrictions
under smtpd_recipient_restrictions (only have to list things once)?
Thanks Noel.
--
Stan
Noel Jones put forth on 9/15/2009 9:27 AM:
> On 9/15/2009 8:58 AM, Stan Hoeppner wrote:
>> I'd like to keep copies of all the spam coming into the address
>> mentioned below. I thought all that I needed was an "OK" in the
>> access file to force acceptance of all mail to this address. My
>> attempt at whitelisting the address is not working. All my anti-spam
>> measures are still whacking spam to the address. Suggestions?
>>
>> relevant /etc/postfix/main.cf entries
>>
>> smtpd_client_restrictions =
>> hash:/etc/postfix/access,
>
> This checks the access table for a client IP. You need
> check_recipient_access hash:/etc/postfix/access
>
> While postfix allows bare map names, it's far better to always
> explicitly use check_{client,helo,sender,recipient}_access to specify
> what you're checking.
>
>> pcre:/etc/postfix/access.pcre,
>> pcre:/etc/postfix/check_client_fqdn.pcre,
>> reject_unknown_reverse_client_hostname
>>
>> smtpd_helo_restrictions =
>
> You need your check_recipient_access whitelist here too.
>
>> reject_non_fqdn_helo_hostname,
>> reject_invalid_helo_hostname,
>> reject_unknown_helo_hostname
>>
>> smtpd_recipient_restrictions =
>> permit_mynetworks,
>> reject_unauth_destination,
>
> You need your check_recipient_access whitelist here too.
>
>> reject_rbl_client zen.spamhaus.org,
>> reject_rbl_client dnsbl.sorbs.net,
>> reject_rbl_client bl.spamcop.net,
>> reject_rbl_client psbl.surriel.com,
>> reject_rbl_client ix.dnsbl.manitu.net,
>> check_policy_service inet:127.0.0.1:60000
>>
>>
>
> -- Noel Jones
