This is check_CLIENT_access, which rejects a CLIENT.
That is blocked by check_SENDER_access, which rejects a SENDER.

Wietse

Thanks Wietse...

yes, i have a check_sender_access - after-  the check_client_access, buti must be doing something wrong because the reject should have been done bythe check_client_access:
                check_client_access hash:/etc/postfix/special_clients        
                check_sender_access regexp:/etc/postfix/special_senders
Postfix does not complain at all about files fomat but...Wietse, is the syntax correct? (for special_clients file)
205.201.128.108    REJECT You are blacklisted
i have also tried...

205.201.128.0/24     REJECT You are blacklisted
how do i reject  from that IP with that text???

Thanks!
Pedreter.

From: Wietse Venema <***@porcupine.org>
To: Postfix users <postfix-***@postfix.org>
Sent: Tuesday, July 26, 2016 12:03 PM
Subject: Re: REJECT and "optional text" question...
This is check_CLIENT_access, which rejects a CLIENT.
That is blocked by check_SENDER_access, which rejects a SENDER.

    Wietse

Since those directives must be in one or more smtpd restriction lists,
which are run in a strict order, just knowing hat you have hem somewhere
in that order isn't enough information. This is why the subscription
message for this list includes the same instructions as the last section
of Postfix's DEBUG_README: provide the output of 'postconf -n' not just
fragments of main.cf.
That should work. Did you run 'postmap
hash:/etc/postfix/special_clients' after adding that line? Maps in
'hash' format must be converted from text to binary format using postmap
for Postfix to use them.
That would be suitable in a 'cidr' table but in a 'hash' table it would
not work. To get the same effect in 'hash' format, you could use this:

205.201.128     REJECT You are blacklisted
Correct your configuration :)

What *exactly* is wrong with your configuration is not obvious without
more information. My *guesses* about the most likely causes for your
problem are:

1. You need to postmap your special_clients file to create the binary
form.
2. Your check_client_access and check_sender_access directives are in
different restriction lists such that check_sender_access is being hit
first, despite being later in main.cf.
3. There's some other more complex problem which is entirely invisible
to us because we don't know enough about your configuration yet.

Thanks Bill...
this is my restrictions config:


From: Bill Cole <postfixlists-***@billmail.scconsult.com>
To: Postfix users <postfix-***@postfix.org>
Sent: Tuesday, July 26, 2016 3:00 PM
Subject: Re: REJECT and "optional text" question...
Since those directives must be in one or more smtpd restriction lists,
which are run in a strict order, just knowing hat you have hem somewhere
in that order isn't enough information. This is why the subscription
message for this list includes the same instructions as the last section
of Postfix's DEBUG_README: provide the output of 'postconf -n' not just
fragments of main.cf.
That should work. Did you run 'postmap
hash:/etc/postfix/special_clients' after adding that line? Maps in
'hash' format must be converted from text to binary format using postmap
for Postfix to use them.
That would be suitable in a 'cidr' table but in a 'hash' table it would
not work. To get the same effect in 'hash' format, you could use this:

205.201.128     REJECT You are blacklisted
Correct your configuration :)

What *exactly* is wrong with your configuration is not obvious without
more information. My *guesses* about the most likely causes for your
problem are:

1. You need to postmap your special_clients file to create the binary
form.
2. Your check_client_access and check_sender_access directives are in
different restriction lists such that check_sender_access is being hit
first, despite being later in main.cf.
3. There's some other more complex problem which is entirely invisible
to us because we don't know enough about your configuration yet.

[remainder of quoted text removed]

I think something went wrong with your copy/paste, since there's no
restrictions config to be found in that message.

Thanks Bill...
these are my restrictions...

smtpd_restriction_classes =
                clase_spamtrap-spam

clase_spamtrap-spam =
                check_client_access regexp:/etc/postfix/spamtrap-spam,
                permit

smtpd_sender_restrictions =
                permit_mynetworks,
                check_sender_access hash:/etc/postfix/wl_senders,
                check_sender_access hash:/etc/postfix/wl_recipients,
                check_client_access hash:/etc/postfix/bl_clients,                check_client_access hash:/etc/postfix/special_clients,
                reject_unknown_reverse_client_hostname,
                reject_unknown_sender_domain,
                check_sender_access regexp:/etc/postfix/special_senders,
               
smtpd_recipient_restrictions =
                permit_mynetworks,
                reject_unauth_destination,
                reject_unknown_recipient_domain,
                reject_unauth_pipelining,
               

My understading is that order is ok...

and yes, i use postmap for files that need it...
Thanks!
Pedreter.

From: Bill Cole <postfixlists-***@billmail.scconsult.com>
To: Postfix users <postfix-***@postfix.org>
Sent: Tuesday, July 26, 2016 3:00 PM
Subject: Re: REJECT and "optional text" question...
Since those directives must be in one or more smtpd restriction lists,
which are run in a strict order, just knowing hat you have hem somewhere
in that order isn't enough information. This is why the subscription
message for this list includes the same instructions as the last section
of Postfix's DEBUG_README: provide the output of 'postconf -n' not just
fragments of main.cf.
That should work. Did you run 'postmap
hash:/etc/postfix/special_clients' after adding that line? Maps in
'hash' format must be converted from text to binary format using postmap
for Postfix to use them.
That would be suitable in a 'cidr' table but in a 'hash' table it would
not work. To get the same effect in 'hash' format, you could use this:

205.201.128     REJECT You are blacklisted
Correct your configuration :)

What *exactly* is wrong with your configuration is not obvious without
more information. My *guesses* about the most likely causes for your
problem are:

1. You need to postmap your special_clients file to create the binary
form.
2. Your check_client_access and check_sender_access directives are in
different restriction lists such that check_sender_access is being hit
first, despite being later in main.cf.
3. There's some other more complex problem which is entirely invisible
to us because we don't know enough about your configuration yet.

Sorry, my fault...

From: Bill Cole <postfixlists-***@billmail.scconsult.com>
To: Postfix users <postfix-***@postfix.org>
Sent: Tuesday, July 26, 2016 3:28 PM
Subject: Re: REJECT and "optional text" question...
[remainder of quoted text removed]

I think something went wrong with your copy/paste, since there's no
restrictions config to be found in that message.

You have been asked to provide the output of "postconf -n", not random
snippets. Also please learn how to quote.

Bastian

Quite right. With complete information as DEBUG_README.html#mail
recommends, this would have been cleared up by now.

But I'm going to shift the focus a bit. Here was the log from the
That's Mailchimp, not just some random spammer. No, I'm not a chimp
fanboy nor an apologist for ESPs, but this is one ESP which does take
complaints seriously.

Have you [Pedreter] tried complaining to them? If the sender is
truly spamming you without a valid signup, Mailchimp are likely to
terminate the account.