MRob:
> I use reject_unknown_helo_hostname even though it rejects legitimate
> mail, it also catches a reasonable amount of bad things.
>
> I want to whitelist some clients of course. I thought it should be easy:
>
> /etc/postfix/main.cf
> smtpd_helo_restrictions =
> reject_invalid_helo_hostname
> reject_non_fqdn_helo_hostname
> reject_unknown_helo_hostname
> smtpd_client_restrictions =
> reject_unauth_pipelining
> check_client_access hash:/etc/postfix/ok_clients
>
> /etc/postfix/ok_clients
> 999.999.999.999 OK
> fqdn.exmaple.com OK
>
> postmap /etc/postfix/ok_clients
>
> postmap -q 999.999.999.999 /etc/postfix/ok_clients
> OK
>
> postmap -q fqdn.exmaple.com /etc/postfix/ok_clients
> OK
>
> Yet, from this client I still get this:
> NOQUEUE: reject: RCPT from fqdn.example.com[999.999.999.999]: 450 4.7.1
> <not.existing.host.name>: Helo command rejected: Host not found;
>
> I test by hand and get rejected after RCPT TO (delayed restrictions as
> postfix default):
> HELO not.existing.host.name
> MAIL FROM: <...>
> RCPT TO: <...>
> **REJECTED HERE**
>
> Tried restarting postfix to be sure. What have I missed?
You specified reject_XXX before ok_clients.
Wietse
