>
>
> > This appears to indicate that generalatlantic.com is using the workday
> > service to send email, but the generalatlantic.com SPF record does not
> > include myworkday.com on the list of authorized senders.
> >
> > I've added the following to my sqlgrey FQDN whitelisting entries, but
> > somehow it's still being rejected:
> > *.myworkday.com
> > generalatlantic.com
> >
> > And the IP range to the IP whitelist:
> > 209.177.165.0/24
> >
> > Here is my smtpd_recipient_restrictions:
> >
> > smtpd_recipient_restrictions =
> > reject_non_fqdn_recipient,
> > reject_non_fqdn_sender,
> > reject_unlisted_recipient,
> > reject_unknown_recipient_domain,
> > permit_mynetworks,
> > reject_unauth_destination,
>
> With Postfix, between reject_unauth_destination and policy-spf,
> insert:
>
> check_sender_access inline:{{workday_supp...@generalatlantic.com =
> permit}}
>
> or
>
> cleck_client_access inline:{{myworkday.com = permit}}
>
> to exclude such email from further restrictions.
>
Thank you so much for your help.
In my rush between projects, I not only confused sqlgrey with postscreen,
but I also forgot that I already have a postscreen section as well:
postscreen_access_list =
permit_mynetworks,
cidr:/etc/postfix/postscreen_access.cidr,
cidr:/etc/postfix/gmail_whitelist.cidr,
cidr:/etc/postfix/postscreen_spf_whitelist.cidr,
cidr:/etc/postfix/bec-ranges.cidr,
cidr:/etc/postfix/serverion-bec.cidr
I've added it there as well, but I'm not sure I understand the priorities.
Adding the check_client_access or check_sender_access would be consulted
before postscreen? Is the postscreen_access_list just another way of
segmenting the checks?
Thanks again.
>
