So for spam control, I want postfix to reject mail coming across
connections that give certain domain names in the HELO command. It
seemed to me that all I needed to do was add a copy of my
smtpd_client_restrictions as smtpd_helo_restrions to my main.cf:

smtpd_helo_restrictions = reject_maps_rbl,
        check_client_access hash:/etc/postfix/ipreject

and do a postfix refresh. (Despite the name, ipreject also contains domain
names.) This has, for example, bay9.com in it with a 554 message. Yet,
when I telnet to my smtp port from a machine from which I do not permit
relaying, and give it "HELO bay9.com", it still lets the mail through.

I get the feeling I'm getting something very simple wrong here, but I
don't know what. Anybody got a clue for me?

cjs
-- 
Curt Sampson  <cjs@cynic.net>   +81 3 5778 0123   http://www.netbsd.org
    Don't you know, in this new Dark Age, we're all light.  --XTC