On 15 Nov 2021, at 15:08, Wietse Venema wrote:
Greg Earle:
[root@isolar postfix]# grep postgrey master.cf
-o { smtpd_recipient_restrictions=
permit_mynetworks,permit_sasl_authenticated,check_policy_service
unix:postgrey/socket,reject_rhsbl_helo
dbl.spamhaus.org,reject_rhsbl_reverse_client
dbl.spamhaus.org,reject_rhsbl_sender
dbl.spamhaus.org,reject_rbl_client
zen.spamhaus.org,reject }
-o { smtpd_recipient_restrictions=
permit_mynetworks,permit_sasl_authenticated,check_policy_service
unix:postgrey/socket,reject_rhsbl_helo
dbl.spamhaus.org,reject_rhsbl_reverse_client
dbl.spamhaus.org,reject_rhsbl_sender
dbl.spamhaus.org,reject_rbl_client
zen.spamhaus.org,reject }
But when a new e-mail comes in (that isn't sent from a whitelisted
domain), an strace shows that the postgrey server doesn't even
twitch,
and an strace on the Postfix listener doesn't show any attempt to
connect to that postgrey socket.
You are not whitelisting domains, instead you are whitelisting
networkd (permit_mynetworks) and SASL-authenticated clients
(permit_sasl_authenticated).
If these two master.cf lines are for "submission" and "smtps", then
those lines won't have any effect on the "smtp" service that spambots
and MTAs connect to.
Thanks Wietse, that makes sense.
I think when I migrated from Courier to Postfix I went by a template
that I found which had put initial values (commented out) for
"smtpd_recipient_restrictions" and other options into the "submission"
and "smtps" clauses, and if I needed to add anything to it after that, I
just blindly added it on to what was there.
Like I said, I knew I was doing something dumb ;-)
I'm still a little confused, however; if these options should go into
"main.cf" instead, what is the use of these "smtp" entries in
"master.cf"?
[root@isolar postfix]# grep -n -w ^smtp master.cf
12:smtp inet n - n - - smtpd
67:smtp unix - - n - - smtp
Thanks,
- Greg
