Addendum. Currently, I get client rejections with the setup shown in my last mail (despite the delay). I don't know if it hits *always*, though. I can't check if it didn't hit for some client where the name matches, there are too many entries.
I expected it to carry out the helo checks before client checks. e.g. in a "natural" order of helo, client, sender, rcpt. Was this assumption wrong? Example: Nov 7 17:35:53 b04 postfix/smtpd[30957]: NOQUEUE: reject: RCPT from com.check-prfofessional.online[185.52.2.216]: 554 5.7.1 <com.check- prfofessional.online[185.52.2.216]>: Client host rejected: Access denied; from=<info@com.check-prfofessional.online> to=<u...@example.com> proto=ESMTP helo=<com.check-prfofessional.online> The helo contains the same name, so a helo check should have hit it. Which means, helo checks are done after the client check? Kai
