Dnia 3.12.2021 o godz. 09:14:23 Fourhundred Thecat pisze:
> I have strict helo checks:
>
> smtpd_helo_required = yes
> smtpd_helo_restrictions = reject_non_fqdn_helo_hostname,
> reject_invalid_helo_hostname,
> reject_unknown_helo_hostname
>
> now I have noticed mails being rejected:
>
> Helo command rejected: Host not found
>
> warning: hostname mail-eopbgr80085.outbound.protection.outlook.com
> does not resolve to address 40.107.8.85: Name or service not known
On Fri, Dec 03, 2021 at 11:08:52AM +0100, Jaroslaw Rafa <[email protected]>
wrote:
reject_unknown_helo_hostname is known to produce quite a lot of false
positives, and it is not recommended to use this restriction.
On 05.12.21 11:38, raf wrote:
If you do want to use it, you can add exceptions for any
false positives that you care about. You can change it to
this:
/etc/postfix/main.cf:
smtpd_helo_restrictions =
check_helo_access hash:/etc/postfix/helo-access
reject_non_fqdn_helo_hostname,
reject_invalid_helo_hostname,
reject_unknown_helo_hostname
/etc/postfix/helo-access:
.outbound.protection.outlook.com OK
I also have permit_mynetworks and permit_sasl_authenticated
at the start of smtpd_helo_restrictions.
i would recommend using check_client_access instead of check_helo_access to
allow anything, so you will whitelist client IP addresses, not helo strings
they provide.
--
Matus UHLAR - fantomas, [email protected] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
How does cat play with mouse? cat /dev/mouse
