I'm such a giddy goat. Thanks Wietse for your hint.
The check_recipient_access acts as whitelist for policyd.
Mabye, when setting smtpd_restriction_classes I can restrict the
allowed Domains and use policy_service the same time.
Quoting wie...@porcupine.org:
Marc B:
I've got a small issue with our Postfix Relay which doesn't use the
Policyd-Weight daemon or Tumgreyspf which it should. The Policy-Weight
daemon is running and listen if I test it and the config has no errors
but still Postfix just ignores the policy service and proceeds the
mail to Amavis.
smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks, reject_unauth_destination,
check_recipient_access hash:/etc/postfix/relaydomains,
check_policy_service unix:private/tumgreyspf, check_policy_service
inet:127.0.0.1:12525
According to this configuration, the policy servers are not queried
for requests that match permit_sasl_authenticated, permit_mynetworks,
reject_unauth_destination, and "check_recipient_access
hash:/etc/postfix/relaydomains".
Wietse
