Thanks Bill for the clarification as well as the offered solution 😊 -----Ursprüngliche Nachricht----- Von: mailop <mailop-boun...@mailop.org> Im Auftrag von Bill Cole via mailop Gesendet: Donnerstag, 20. Januar 2022 21:17 An: Glowfish Domainadministrator via mailop <mailop@mailop.org> Cc: Bill Cole <mailop-20160...@billmail.scconsult.com> Betreff: Re: [mailop] Anyone from United Airlines ?
On 2022-01-20 at 14:04:36 UTC-0500 (Thu, 20 Jan 2022 19:04:36 +0000) Glowfish Domainadministrator via mailop <doma...@glowfish.de> is rumored to have said: > Hi, > > Emails from united are getting rejected by our postfix mailserver. The mails > seem to be from United Airlines (Mileage Plus). [...] > Jan 20 19:16:47 mta01 postfix/smtpd[126747]: NOQUEUE: reject: RCPT > from unknown[50.31.61.242]: 450 4.7.1 > <o1.email.smallbusiness.mileageplus.com>: Helo command rejected: Host > not found; > from=<bounces+6242581-cfae-recei...@domain.tld@em7341.united.com<mailt > o:bounces+6242581-cfae-recei...@domain.tld@em7341.united.com>> > to=<recei...@domain.tld<mailto:recei...@domain.tld>> proto=ESMTP > helo=<o1.email.smallbusiness.mileageplus.com> > Jan 20 19:16:47 mta01 postfix/smtpd[126747]: disconnect from > unknown[50.31.61.242] ehlo=2 starttls=1 mail=1 rcpt=0/1 quit=1 > commands=5/6 > > Anyone here from united ? Or anyone has an idea what I can do to make them > pass without opening my mailserver to all other wrongly configured domains ? That is probably better asked on the Postfix Users list, but the simplest answer is to stop requiring the HELO name to have symmetric DNS and/or requiring the client IP to have a PTR to a name that resolves back to the client IP. So: remove reject_unknown_helo_hostname, reject_unknown_reverse_client_hostname, and/or reject_unknown_client_hostname from your smtpd_helo_restrictions list. Note that reject_unknown_helo_hostname is a direct violation of RFC5321 (https://datatracker.ietf.org/doc/html/rfc5321#page-45) and its predecessors, if RFC compliance means anything to you. If you are determined to operate on a basis of an over-strict rule with exemptions for individual "good" transgressors, you can use a check_helo_access or check_client_access map before any instance of reject_unknown_*_hostname in any of your smtpd_*_restrictions lists and map the exempted client IPs and/or hostnames to "OK" _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
