sender_access doesn't reject email address.

bumping the question.

no one have idea?

Post your relevant portions of your main.cf (e.g. smtpdreceipientrestrictions, and other client restriction parameters configured), sample from your sender_access file, and log snippet from delivery not blocked.

@skavoovie:

Post your relevant portions of your main.cf (e.g. smtpdreceipientrestrictions, and other client restriction parameters configured), sample from your sender_access file, and log snippet from delivery not blocked.

main.cf

smtpd_delay_reject = yes
smtpd_helo_required = no
smtpd_helo_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    #reject_non_fqdn_helo_hostname,
    #reject_invalid_helo_hostname,
    permit
# Sender restrictions:
smtpd_sender_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    #reject_non_fqdn_sender,
    #reject_unknown_sender_domain,
    permit
# Recipient restrictions:
smtpd_recipient_restrictions =
   permit_mynetworks,
   permit_sasl_authenticated,
   #reject_unauth_pipelining,
   #reject_non_fqdn_recipient,
   #reject_unknown_recipient_domain,
   reject_unauth_destination,
   check_sender_access hash:/etc/postfix/sender_access,
   reject_rbl_client zen.spamhaus.org,
#   reject_rbl_client bl.spamcop.net,
#   check_policy_service unix:postgrey/socket,
   permit

smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous

sender_access:

google.com                          OK
aesha9years@gmail.com               REJECT
lolylol88@gmail.com                 REJECT

Log does not log anything regarding the problem since the email is not blocked at all.

I added one of my email address to the sender_access REJECT and than tryed to send me the email from my external mail address to the one managed from my vps, the email is correctly delivered.

Log excerpt.

Have you run postmap after updating your sender_access file?

# postmap /etc/postfix/sender_access

@skavoovie:

Log excerpt.

Nov 16 18:49:05 netstar postfix/smtpd[14846]: connect from "MY_IP_hided"
Nov 16 18:49:05 netstar postfix/smtpd[14846]: setting up TLS connection from "MY_IP_hided"
Nov 16 18:49:05 netstar postfix/smtpd[14846]: Anonymous TLS connection established from"MY_IP_hided": TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)
Nov 16 18:49:06 netstar postfix/smtpd[14846]: 999078E004: client="MY_IP_hided", sasl_method=PLAIN, sasl_username=myusername
Nov 16 18:49:06 netstar postfix/cleanup[14854]: 999078E004: message-id=<4EC3F75C.5030104@gmail.com>
Nov 16 18:49:06 netstar postfix/qmgr[14837]: 999078E004: from=<email@gmail.com>, size=630, nrcpt=1 (queue active)
Nov 16 18:49:06 netstar postfix/local[14855]: 999078E004: to=<myvpsemail>, orig_to=<myvpsemail>, relay=local, delay=0.44, delays=0.42/0.01/0/0, dsn=2.0.0, status=sent (delivered to maildir)
Nov 16 18:49:06 netstar postfix/qmgr[14837]: 999078E004: removed
Nov 16 18:49:07 netstar postfix/smtpd[14846]: disconnect from "MY_IP_hided"</myvpsemail></myvpsemail></email@gmail.com> 

As you can see the email I sent from gmail to my vps is correctly delivered

@Stever:

Have you run postmap after updating your sender_access file?

# postmap /etc/postfix/sender_access

sure and restarted postfix.

@sblantipodi:

Nov 16 18:49:06 netstar postfix/smtpd[14846]: 999078E004: client="MY_IP_hided", sasl_method=PLAIN, sasl_username=myusername

You have permitsaslauthenticated before your checksenderaccess in smtpdrecipientrestrictions, so if you are connecting with SASL the sender_access restrictions don't get checked.

@Stever:

You have permitsaslauthenticated before your checksenderaccess in smtpdrecipientrestrictions, so if you are connecting with SASL the sender_access restrictions don't get checked.

you good, you got it ;)

many thanks :)