I use reject_unknown_helo_hostname even though it rejects legitimate
mail, it also catches a reasonable amount of bad things.
I want to whitelist some clients of course. I thought it should be easy:
/etc/postfix/main.cf
smtpd_helo_restrictions =
reject_invalid_helo_hostname
reject_non_fqdn_helo_hostname
reject_unknown_helo_hostname
smtpd_client_restrictions =
reject_unauth_pipelining
check_client_access hash:/etc/postfix/ok_clients
/etc/postfix/ok_clients
999.999.999.999 OK
fqdn.exmaple.com OK
postmap /etc/postfix/ok_clients
postmap -q 999.999.999.999 /etc/postfix/ok_clients
OK
postmap -q fqdn.exmaple.com /etc/postfix/ok_clients
OK
Yet, from this client I still get this:
NOQUEUE: reject: RCPT from fqdn.example.com[999.999.999.999]: 450 4.7.1
<not.existing.host.name>: Helo command rejected: Host not found;
I test by hand and get rejected after RCPT TO (delayed restrictions as
postfix default):
HELO not.existing.host.name
MAIL FROM: <...>
RCPT TO: <...>
**REJECTED HERE**
Tried restarting postfix to be sure. What have I missed?
