smtpd_client_restrictions =
check_client_access regexp:$config_directory/access.d/whitelist
check_client_access regexp:$config_directory/access.d/sasl-monitor
check_client_access regexp:$config_directory/access.d/spam-monitor
check_client_access regexp:$config_directory/access.d/client
warn_if_reject reject_unknown_client
permit_mynetworks
permit_sasl_authenticated
reject_unauth_pipelining
reject_non_fqdn_recipient
reject_unknown_recipient_domain
normally what happens is that if the ip is listed in sasl-monitor and
the client tries to connect it is sent a 554 error code and is
disconnected. over the past couple of weeks there have been certain ip
addresses that this is somehow not being applied to. i have checked
the ip addresses and they are not in whitelist nor do they appear in
mynetworks. i really don't understand how this is happening. let's say
the ip address is 1.1.1.1. i know that the regex is working because
when i test it with postmap -q "1.1.1.1" regexp:/etc/postfix/access.d/
sasl-monitor i get:
"554 Authenticated SMTP Abuse Detected", the message that is supposed
to be sent to the client. also, like i said, this is working for some
ip addresses but not others.
i am wondering if anyone else has come across a similar issue. i doubt
that there is a bug or vulnerability in postfix that the spammers are
exploiting. it is more likely that i am doing something wrong, but i
can't figure out what. btw my postfix version is 2.4.5.