On 3/21/2015 7:42 PM, L. D. James wrote: > I have a service from intuit.com that can't get past my > reject_unknown_helo_hostname configuration. I'm trying to use the > rbl_override to whitelist all the subhost of intuit.com. However, I > can't get it to work.
Consider if reject_unknown_helo_hostname is worth the large number of false positives. Your best course may be to remove the restriction. Some general tips... Restrictions are evaluated in the order listed, so whitelist must come before whatever is causing the unwanted reject. A whitelist in one smtpd_*_restrictions section does not override a reject from another section. That said, without your current "postconf -n" output, further discussion is useless. -- Noel Jones > > I have tried: > > /etc/postfix/rbl_override: > > intuit.com ok > .intuit.com ok > *.intuit.com ok > Without your "postconf -n" > But none of their work. > > The host are coming in this manner: > > helo=qdcapmail[#].data.ie.intuit.net > > The "[#]" is one of several numbers. None of the hostnames resolves > to an ip. I see the IP in the logs which is: > > 206.108.40.[#] > > The "[#]" is one of several numbers. > > I tried combinations of that IP with wild cards to try to override > that way since all of them had the 206.108.40 as part of the ip. > > To receive the notifications, so far I have had to scan the logs and > add each of the IP's individually as they show in the log to the > rbl_override configuration. This works. But if they use a > different IP than the ones currently in the log, the email will > bounce. So what I'm trying to figure out is how to setup one entry > for the whole domain name that would include all the subdomains. I > would like to also know how to do this with the IP addresses. > > Sample output from the mail.log file is: > ----------------------------------------------------------------- > Mar 19 02:52:45 hera5 postfix/smtpd[27331]: disconnect from > mail.customs.gov.kg[212.42.104.110] > Mar 19 02:53:02 hera5 postfix/smtpd[20170]: connect from > mailout1b.intuit.com[206.108.40.7] > Mar 19 02:53:02 hera5 policyd-spf[6517]: None; identity=helo; > client-ip=206.108.40.7; helo=qdcapmail1.data.ie.intuit.net; > envelope-from=u...@mint.com; receiver=u...@apollo3.com > Mar 19 02:53:03 hera5 policyd-spf[6517]: Pass; identity=mailfrom; > client-ip=206.108.40.7; helo=qdcapmail1.data.ie.intuit.net; > envelope-from=u...@mint.com; receiver=u...@apollo3.com > Mar 19 02:53:03 hera5 postfix/smtpd[20170]: NOQUEUE: reject: RCPT > from mailout1b.intuit.com[206.108.40.7]: 450 4.7.1 > <qdcapmail1.data.ie.intuit.net>: Helo command rejected: Host not > found; from=<u...@mint.com> to=<u...@apollo3.com> proto=ESMTP > helo=<qdcapmail1.data.ie.intuit.net> > Mar 19 02:53:08 hera5 postfix/smtpd[27331]: connect from > unknown[58.186.33.188] > Mar 19 02:53:08 hera5 postfix/smtpd[20170]: disconnect from > mailout1b.intuit.com[206.108.40.7] > Mar 19 02:53:09 hera5 policyd-spf[12592]: None; identity=helo; > client-ip=58.186.33.188; helo=[58.186.33.188]; > envelope-from=u...@eriex.com; receiver=u...@apollo3.com > ----------------------------------------------------------------- > > Thanks in advance for any input on this. > > -- L. James >
