Charles Marcus:
> > check_recipient_access automatically makes queries for the email
> > address, the domain, and more. See access(5).
> >
> >> # postmap -q exemple.com hash:/etc/postfix/maps/hash/blacklisted_domains
> >> REJECT did you mean 'exAmple.com'?
> >>
> >> # postmap -q recipi...@exemple.com
> >> hash:/etc/postfix/maps/hash/blacklisted_domains
> >>
> >> What am I missing?
> > The postmap command does not automatically make related queries for
> > email address, domain name, and more. You have make the related
> > queries yourself.
> >
> > postmap cannot figure out by itself that you want to query an access
> > map. It needs help. For example, to simulate the queries in
> > header/body_checks, you specify "postmap -mh" or "postmap -mb".
>
> Ok... but... this sounds like you are saying that it is expected that my
> simple postmap -q test would fail, but that someone attempting to relay
I am saying that you should RTFM the access(5) manpage and make the
queries in the order as indicated there.
Wietse
ACCESS(5) ACCESS(5)
NAME
access - Postfix SMTP server access table
...
EMAIL ADDRESS PATTERNS
With lookups from indexed files such as DB or DBM, or from networked
tables such as NIS, LDAP or SQL, patterns are tried in the order as
listed below:
user@domain
Matches the specified mail address.
domain.tld
Matches domain.tld as the domain part of an email address.
.domain.tld
Matches subdomains of domain.tld, but only when the string
smtpd_access_maps is not listed in the Postfix par-
ent_domain_matches_subdomains configuration setting.
user@ Matches all mail addresses with the specified user part.
Note: lookup of the null sender address is not possible with some types
of lookup table. By default, Postfix uses <> as the lookup key for such
addresses. The value is specified with the smtpd_null_access_lookup_key
parameter in the Postfix main.cf file.
