misbehaving check_helo_access in smtpd_helo_restrictions

frantisek holop Mon, 09 Nov 2009 06:11:25 -0800

hi there,

i am having difficulties with smtpd_helo_restrictions because
of check_helo_access.


all the entries in my client_checks file seem to be ignored..
i tried debug_peer with the most recent entry in there:

mail.log:

Nov  9 14:49:13 ns postfix/smtpd[11842]: >>> START Helo command RESTRICTIONS <<<
Nov  9 14:49:13 ns postfix/smtpd[11842]: generic_checks: name=permit_mynetworks
...
Nov  9 14:49:13 ns postfix/smtpd[11842]: generic_checks: name=permit_mynetworks 
status=0
Nov  9 14:49:13 ns postfix/smtpd[11842]: generic_checks: name=check_helo_access
Nov  9 14:49:13 ns postfix/smtpd[11842]: check_domain_access: 
mailserver-with-invalid-helo.com
Nov  9 14:49:13 ns postfix/smtpd[11842]: generic_checks: name=check_helo_access 
status=0

the IP of "mailserver-with-invalid-helo.com" is in client_checks.
however it is still being rejected because check_helo_access fails
to let it through.  this setup seemed to work before without problems.


main.cf:

smtpd_client_restrictions =
        check_client_access hash:/etc/postfix/access

smtpd_helo_restrictions =
        permit_mynetworks
        check_helo_access hash:/etc/postfix/client_checks
        reject_unlisted_recipient
        reject_invalid_helo_hostname
        reject_non_fqdn_helo_hostname
        reject_unknown_helo_hostname

smtpd_sender_restrictions =
        reject_non_fqdn_sender
        reject_unknown_sender_domain
        reject_unlisted_sender

smtpd_recipient_restrictions =
        permit_mynetworks
        reject_non_fqdn_recipient
        reject_unauth_destination
        reject_unknown_recipient_domain

smtpd_data_restrictions = reject_unauth_pipelining


client_checks:

# mailserver-with-invalid-helo.com
aaa.bbb.ccc.ddd OK


postconf -n (please note that reject_*_helo_hostname have
been removed already, so mail doesn't get blocked):

alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
biff = no
config_directory = /etc/postfix
disable_vrfy_command = yes
duplicate_filter_limit = 2000
header_checks = regexp:/etc/postfix/header_checks
mailbox_command = /usr/bin/procmail -a "$USER"
mailbox_size_limit = 0
masquerade_domains = $mydomain
message_size_limit = 51200000
mydestination = /etc/postfix/local-host-names
mynetworks = 192.168.0.0/16     195.168.92.0/24         127.0.0.1
myorigin = $mydomain
notify_classes = resource, software
recipient_bcc_maps = hash:/etc/postfix/recipient_bcc
relay_domains = /etc/postfix/relay-domains
smtp_helo_name = mail.$mydomain
smtpd_banner = mail.$mydomain ESMTP
smtpd_client_restrictions = check_client_access hash:/etc/postfix/access
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks     check_helo_access 
hash:/etc/postfix/client_checks       reject_unlisted_recipient
smtpd_recipient_limit = 2000
smtpd_recipient_restrictions = permit_mynetworks        
reject_non_fqdn_recipient       reject_unauth_destination       
reject_unknown_recipient_domain
smtpd_sender_restrictions = reject_non_fqdn_sender      
reject_unknown_sender_domain    reject_unlisted_sender
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual

-f
-- 
doubt is the beginning of wisdom

misbehaving check_helo_access in smtpd_helo_restrictions

Reply via email to