Istvan Prosinger:
>
> On 6/30/20 9:49 PM, Wietse Venema wrote:
> > Istvan Prosinger:
> >> Hi, I hope this letter finds you well,
> >>
> >> I have Postfix behind NAT, and added one failover IP to the main router.
> >>
> >> I wanted to "get by cheaply" by just doing something like
> >>
> >> iptbales -t nat -I POSTROUTING -p tcp --dport 25 -j DNAT --to <backup ip>
> >>
> >> on the firewall machine.
> >>
> >> So, all well, the only problem is that Postfix in this case has a wrong
> >> HELO compared to the rDNS that I have defined
> >> for the <backup IP>
> >> It does throw a warning that the <backup IP> doesn't resolve to it's
> >> hostname, but I'm not sure if I can define some
> >> kind of helo_host_maps ;) to resolve this.
> >> At this point, I wouldn't mind if someone pinpoints me to the right
> >> direction.
> >
> > Postfix does not compare the HELO command argument with forward or
> > reverse DNS information.
>
> Antispam engines on the recipient side do
Thanks for clearing uo that 'It does throw a warning' is not
talking about Postfix.
Every MTA behind a NAT should send HELO to external hists using
the name of the outside NAT IP address. Use smtp_helo_name.
Wietse
