This is kinda a pet peeve with me. I hate spam. I have my own email servers hosted locally at my shop because I dislike other entities contacting me without my explicit permission. If I suddenly get spam from some entity I want to ensure I have full control to block everything from their domain. That is what I thought I had done and it seemed to work for some time, however, I started getting spam from several entities that I thought I had blocked, and after checking found that I had blocked them.
I went looking for answers and found the answers were in the details. I read posts pretty fast and sometimes just exclude them from the solution due to how little detail or how much detail they have. In my case, in this case, that was the wrong thing to do. I was able to learn a lot in the process so having had to wait this long for a solution wasn’t a total loss.
What I found was that the order in which rules are listed in the main.cf (/etc/postfix/main.cf) file matters. Though I had it mostly right I had a permit rule listed before all the deny rules were acted upon. I’ve rearranged the rules and restarted the postfix service and am now testing to see if that solves the issue.
This section of the “main.cf” file:
smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/sender_access,
reject_unauth_pipelining,
permit_mynetworks,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_unauth_destination,
reject_rbl_client zen.spamhaus.org,
check_policy_service inet:127.0.0.1:10023,
permit_sasl_authenticated,
permit
# warn_if_reject check_policy_service inet:127.0.0.1:10023,
is the section that shows the rules in the order they are executed on my server. I moved the permit_sasl_authenticated, to after all the reject rules. Let’s hope this is the solution. We’ll see soon enough. Spam seems to come from some companies like a sieve.
Bear in mind that sender_access is only one way to stop spam. There are other services connected to postfix that are used to stop spam such as spamassassin. In my searching for answers someone said that it is best to block domains in postfix before spamassassin gets it, which I believe is right, but after it passes from postfix to spamassassin that service should have caught these email domains as well and stopped the emails from getting to the inbox. That didn’t happen, so that means more research to find out why that also failed.