> For name-based rejection (verified rDNS or HELO/EHLO) that you don't > want/need exempted by anything else, use check_client_access in > smtpd_client_restrictions and check_helo_access in > smtpd_helo_restrictions (and/or their arcane variants, see the > postconf(5) man page) >
Hmm..have in main.cf: smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_hostname, reject_invalid_hostname, check_helo_access pcre:/usr/local/etc/postfix/helo_checks with inside the file: /\.cn$/ REJECT But still this is not rejected: Aug 12 11:23:01 <mail.info> marvin postfix/smtpd[54347]: NOQUEUE: reject: RCPT from unknown[60.167.113.164]: 550 5.1.1 <verkauf@ example.com>: Recipient address rejected: User unknown in virtual alias table; from=<o...@zeovr.com.cn> to=<verk...@example.com> proto=ESMTP helo=<zeovr.com.cn> Aug 12 11:23:02 <mail.info> marvin postfix/smtpd[54347]: disconnect from unknown[60.167.113.164] Also modified the blacklist that is now part of mynetworks: mynetworks = cidr:/usr/local/etc/postfix/blacklist.cidr And of course the prefix above is also not rejected: 127.0.0.0/8 OK 60.166.0.0/15 REJECT cheers richard
