On Fri, 20 Sep 2013, Craig Sanders <cas@taz.net.au> wrote:
On Fri, Sep 20, 2013 at 02:50:55PM +1000, Russell Coker wrote:
<- 220 mx0.example.com ESMTP Postfix (Debian/GNU)
-> EHLO example.com
[...] <** 554 5.7.1 <logcheck@server0.example.com>: Sender address rejected: forged mail
-> QUIT
some questions that might lead you in the right direction:
does mx0 have server0.example.com in its my_destination?
is there a check_sender_access map in main.cf listing server0.example.com?
No. "grep server /etc/postfix/*" returns no matches.
is there a check_helo_access map listing example.com? if it does exist, does it come *AFTER* or *BEFORE* permit_mynetworks, permit_tls_clientcerts, and permit_sasl_authenticated? the order of rules is extremely significant in postfix.
smtpd_helo_restrictions = permit_mynetworks,reject_invalid_hostname,reject_unknown_sender_domain, reject_non_fqdn_hostname, reject_unknown_sender_domain Above is my only helo rule on that system. Thanks for the suggestions. James Harper's idea is interesting, is there any similar feature of Postfix for debugging these things? -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/