Am 28.08.2012 04:06, schrieb /dev/rob0:
[...] Jan said he wanted to reject mail with From: headers of his domain, and that Return-Path: (the envelope sender) was some other address. Your check_sender_access lookup will be applied against the envelope sender address.
I know you are right. But my experience is spammers try to send as u...@yourdomain.tld because many systems accept it. They don't use a From: header. Postfix does it for them. It forms a From: header out of the envelope from.
I would first check this out. I think it would be safer if Jan rejects @hisdomain.tld from outside. I can't predict if his combination of restrictions will do so. Perhaps he wanted but it doesn't work.
It's just a guess! :-)
