On 2022-01-20 at 14:04:36 UTC-0500 (Thu, 20 Jan 2022 19:04:36 +0000) Glowfish Domainadministrator via mailop <doma...@glowfish.de> is rumored to have said:
> Hi, > > Emails from united are getting rejected by our postfix mailserver. The mails > seem to be from United Airlines (Mileage Plus). [...] > Jan 20 19:16:47 mta01 postfix/smtpd[126747]: NOQUEUE: reject: RCPT from > unknown[50.31.61.242]: 450 4.7.1 <o1.email.smallbusiness.mileageplus.com>: > Helo command rejected: Host not found; > from=<bounces+6242581-cfae-recei...@domain.tld@em7341.united.com<mailto:bounces+6242581-cfae-recei...@domain.tld@em7341.united.com>> > to=<recei...@domain.tld<mailto:recei...@domain.tld>> proto=ESMTP > helo=<o1.email.smallbusiness.mileageplus.com> > Jan 20 19:16:47 mta01 postfix/smtpd[126747]: disconnect from > unknown[50.31.61.242] ehlo=2 starttls=1 mail=1 rcpt=0/1 quit=1 commands=5/6 > > Anyone here from united ? Or anyone has an idea what I can do to make them > pass without opening my mailserver to all other wrongly configured domains ? That is probably better asked on the Postfix Users list, but the simplest answer is to stop requiring the HELO name to have symmetric DNS and/or requiring the client IP to have a PTR to a name that resolves back to the client IP. So: remove reject_unknown_helo_hostname, reject_unknown_reverse_client_hostname, and/or reject_unknown_client_hostname from your smtpd_helo_restrictions list. Note that reject_unknown_helo_hostname is a direct violation of RFC5321 (https://datatracker.ietf.org/doc/html/rfc5321#page-45) and its predecessors, if RFC compliance means anything to you. If you are determined to operate on a basis of an over-strict rule with exemptions for individual "good" transgressors, you can use a check_helo_access or check_client_access map before any instance of reject_unknown_*_hostname in any of your smtpd_*_restrictions lists and map the exempted client IPs and/or hostnames to "OK" _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
