Hi,
>> We have set up an application using the amazon cloud service, and
>> having a problem with relaying. How do I properly authorize the amazon
>> servers to relay mail through our server?
>>
>> Aug 11 17:06:39 portal postfix/smtpd[13792]: NOQUEUE: reject: RCPT
>> from ec2-184-72-46-254.us-west-1.compute.amazonaws.com[184.72.46.254]:
>> 554 5.7.1 <mail.example.com>: Helo command rejected: You are not in
>> example.com; from=<helpd...@example.com> to=<r...@example.com>
>> proto=ESMTP helo=<mail.example.com>
>
> 1) Remove all the "extra" rules that you have added to main.cf. These
> rules are causing the above error.
>
> 2) Start at http://www.postfix.org/BASIC_CONFIGURATION_README.html.
I see that this error is being produced by my helo_checks file, but it
also catching a lot of malicious mail as well.
I really thought I had a better understanding of my configuration than
I apparently do. Can you help me to consider more specifically which
options contain my mistake? This is postfix v2.5.5.
alias_maps = hash:/etc/postfix/aliases
bounce_queue_lifetime = $maximal_queue_lifetime
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = $myhostname
local_recipient_maps =
mail_owner = postfix
mailbox_size_limit = 821200000
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maximal_queue_lifetime = 50d
message_size_limit = 50240000
mydestination = $myhostname, localhost.$mydomain
mydomain = example.com
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /etc/postfix/README_FILES
receive_override_options = no_address_mappings
relay_domains = $mydestination, example.com
sample_directory = /etc/postfix/samples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp_sasl_mechanism_filter = plain, login
smtpd_client_restrictions = check_client_access cidr:/etc/postfix/sinokorea.cidr
check_client_access cidr:/etc/postfix/asian-ip5.txt
smtpd_recipient_restrictions = reject_non_fqdn_sender
reject_non_fqdn_recipient
permit_mynetworks permit_sasl_authenticated
check_client_access hash:/etc/postfix/pop-before-smtp
check_client_access hash:/etc/postfix/client_checks
reject_unauth_destination
reject_invalid_hostname
reject_non_fqdn_hostname
reject_unknown_sender_domain
check_client_access hash:/etc/postfix/client_checks
check_client_access pcre:/etc/postfix/client_checks.pcre
check_helo_access hash:/etc/postfix/helo_checks
check_sender_access hash:/etc/postfix/sender_checks
check_sender_access hash:/etc/postfix/disallow_my_domain
check_recipient_access pcre:/etc/postfix/recipient_checks.pcre
reject_rbl_client zen.spamhaus.org
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = cyrus
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks,
reject_non_fqdn_sender, reject_unknown_sender_domain,
reject_unauth_pipelining
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = cyrus
Thanks,
Alex
