Noel, first of all thanks for your patience :-)
> you must have smtpd_delay_reject=yes is set default so YES > and parent_domain_matches_subdomains must contain smtpd_access_maps checked that too, looks like the defaults $ postconf -d|grep parent_domain_matches parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps I checked with postconf -n that the smtpd_sender_restrictions are okay and as expected $ postconf -n|grep smtpd_sender smtpd_sender_restrictions = reject_unknown_sender_domain, reject_non_fqdn_sender, check_sender_access hash:/etc/postfix/do_callahead, ..... Will set postfix to debug as described this evening and see if I can get more information about this issue. Thanks a lot tobi Am 13.11.18 um 18:22 schrieb Noel Jones: > On 11/13/2018 10:46 AM, Tobi wrote: >>> Postfix supports what you've described. You must have made some >>> other mistake. >> >> believe me that's what I thought first :-) But the only reason this >> would not fire is that a prior restriction already OK the mail. To test >> I commented all client restrictions and placed my check_sender access on >> (almost) top of sender_restrictions >> >> smtpd_sender_restrictions = reject_unknown_sender_domain, >> reject_non_fqdn_sender, >> check_sender_access hash:/etc/postfix/do_callahead, >> [....] >> >> so the restriction is well before any restriction that could ACCEPT the >> mail. >> >> postmap tells me that it gets the correct value from the map >> >> $ postmap -q 'example.com' /etc/postfix/do_callahead >> reject_unverified_recipient >> >> >> > > Two things that come to mind... > > you must have smtpd_delay_reject=yes > > and parent_domain_matches_subdomains must contain smtpd_access_maps > > check your "postconf -n" output to make sure it shows what you expect. > > If you have more trouble, please see > http://www.postfix.org/DEBUG_README.html#mail > > > -- Noel Jones >
