On Fri, Mar 16, 2012 at 2:22 PM, Jack <jacklistm...@gmail.com> wrote:
> Hello All,**** > > ** ** > > I’m having a problem where I am rejecting messages from one of our > servers, but I’m not clear as to why.**** > > ** ** > > We are using:**** > > check_helo_access hash:/etc/postfix/helo_access**** > > ** ** > > We have in helo_access the following:**** > > ** ** > > ourdomain.com REJECT Helo Check helo_access**** > > ourdomain.net REJECT Helo Check helo_access**** > > x.x.x.x REJECT Helo Check helo_access**** > > localhost REJECT Helo Check helo_access**** > > ** ** > > I thought this would reject messages from someone saying they are our IP, > saying they are localhost, or saying they are ourdomain.com and > ourdomain.net, however it looks like we are rejecting the messages coming > from server.ourdomain.net**** > > ** ** > > Exact error:**** > > 554 5.7.1 < server7.ourdomain.net >: Helo command rejected: Helo Check > helo_access;**** > > ** ** > > Do I need to specify the subdomain otherwise it will consider this to be *. > ourdomain.net?**** > > Is this rule not beneficiary ? I know SPF can handle this as well and we > do use it.**** > > ** ** > > ** ** > > ** ** > > ** ** > > Thanks!**** > > ** ** > Hi Jack, You have N mail servers on your domain and for sure they will exchange messages between them. I would not use the check_helo_access the way you are, I would only list for each server its own name AND ip address. For example, I would use /etc/postfix/helo_access for server5.ourdomain.net as below: server5.ourdomain.net REJECT Get out spammer 200.210.75.12 REJECT Get out spammer For server7, it would be: server7.ourdomain.net REJECT Get out spammer 200.210.75.11 REJECT Get out spammer Also, you may not include checking IP address, but I believe it is a good idea, if you can. And remember, the instructions on the Internet - in general - reflects the one-server-only domain, not a multi-server domain, as you have. Best regards!
