On 12/21/2015 12:13 PM, Alex wrote: >> For hash: access tables, the correct line is (assuming the default >> value of parent_domain_matches_subdomains): >> >> invalid.example.com OK >> >> See the access table documentation, pattern search order section for >> details. >> http://www.postfix.org/access.5.html > > I've been confused by that man page in the past, but I'm not sure > that's the problem here. I actually had that in the file already, and > it just stopped working about a week ago. I just added the > sender_access file to smtpd_recipient_access and now it's working: > > smtpd_recipient_restrictions = > reject_non_fqdn_recipient, > check_sender_access hash:/etc/postfix/sender_checks, > reject_non_fqdn_sender, > reject_unlisted_recipient, > reject_unknown_recipient_domain, > permit_mynetworks, > reject_unauth_destination, > reject_unknown_sender_domain, > > I can't imagine that's the right way to do it, but don't understand > why recipient_restrictions is consulted and generally why it's now > working with the same pattern. > > Thanks, > Alex >
It's perfectly valid to do sender checks in smtpd_recipient_restrictions. Many people put all their restrictions in smtpd_recipient_restrictions to make whitelisting easier and to have all the rules in one place. http://www.postfix.org/postconf.5.html#smtpd_recipient_restrictions see the part near the bottom about "other restrictions valid in this context". Is this client listed in $mynetworks? If so, that's why it didn't work before, and works now. -- Noel Jones
