Hello Ernie, yes, the clients log in via SALS (you have to do this to send something) and then you get the rejection. In the error message is also the name that was transmitted and if you google once after that, you will find something in the first place. After I set the hook in the GUI and thus removed the corresponding points from main.cf, it worked again.
Best regards, Dirk blackpoint GmbH – Friedberger Straße 106b – 61118 Bad Vilbel -----Ursprüngliche Nachricht----- Von: Blueonyx <[email protected]> Im Auftrag von Ernie Gesendet: Freitag, 13. November 2020 11:53 An: BlueOnyx General Mailing List <[email protected]> Betreff: [BlueOnyx:24503] Re: Postfix config Are these clients SASL authenticated? This is what's in my main.cf smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks permit_sasl_authenticated reject_invalid_helo_hostname reject_non_fqdn_helo_hostname reject_unknown_helo_hostname Because permit_sasl_authenticated should let them send, unless they don't have a login on your server in which case rejecting a bad FQDN is to be expected in this day and age. I am not sure how postfiix prioritized it's rules, I would asume the first match and it stops looking, permit_sasl_authenticated comes before reject_non_fqdn_helo_hostname so to get that HELO rejection you posted, the client must be failing both the permit_mynetworks and permit_sasl_authenticated tests first. -Ernie. [ Charset ISO-8859-1 converted... ] > Hello Michael, > > generally a good thing. > But can you please check the box "Accept from unresolvable domains" by > default instead of not checking it by default? > Because mail clients do not always send an FQDN. I just had this with a > customer who had several users with Outlook who could no longer send > because: > > Nov 13 10:17:23 web1 postfix/submission/smtpd[1469325]: NOQUEUE: reject: > RCPT from unknown[1.2.3.4]: 504 5.5.2 <GLCAHAUS01>: Helo command rejected: > need fully-qualified hostname; from=<[email protected]> > to=<[email protected]> proto=ESMTP helo=<GLCAHAUS01> > > I have set the check. Now it's working again. > Not everyone has a local mail server or uses o365. > Therefore it would be good to have this limitation optional and not per > default. > > Best regards, > Dirk > > > blackpoint GmbH – Friedberger Straße 106b – 61118 Bad Vilbel > > > -----Ursprüngliche Nachricht----- > Von: Blueonyx <[email protected]> Im Auftrag von Michael > Stauber > Gesendet: Donnerstag, 12. November 2020 22:09 > An: [email protected] > Betreff: [BlueOnyx:24498] Re: Postfix config > > Hi Ernie, > > Earlier I wrote: > > That way you could create your own /root/custom-postfix-confgen file > > and could put all the "postconf -e" commands into it that you want to > > apply to the Postfix configuration *after* the auto-configure has run. > > That would allow you to override any Postfix setting and make it stick > > through updates and other changes. > > I just published YUM updates for 5210R that introduce this change to > Postfix: > > smtpd_sender_restrictions is set to either ... > > postconf -e 'smtpd_sender_restrictions = permit_mynetworks, > check_sender_access hash:/etc/postfix/access' > > ... or ... > > postconf -e 'smtpd_sender_restrictions = permit_mynetworks, > reject_unknown_sender_domain, reject_non_fqdn_sender, > reject_non_fqdn_hostname, reject_unknown_reverse_client_hostname, > reject_unknown_client_hostname, check_sender_access > hash:/etc/postfix/access' > > ... depending if "Accept from unresolvable domains" is enabled or disabled > in the GUI. > > The second set of parameters is the new default. Means: We do strict > checking. > > Additionally a new script was added: > > /usr/sausalito/bin/custom-postfix-confgen.sh > > This script will never be changed during YUM updates and you can put into it > your own "postconf -e" config changes to Postfix. These will be executed > automatically on Postfix restarts *after* the GUI has finished its > auto-configuration of Postfix. > > Essentially /usr/sausalito/bin/custom-postfix-confgen.sh allows you to > reconfigure Postfix entirely - if you wish. So use it with caution. An > example is included in the script itself. > > -- > With best regards > > Michael Stauber > _______________________________________________ > Blueonyx mailing list > [email protected] > http://mail.blueonyx.it/mailman/listinfo/blueonyx > _______________________________________________ > Blueonyx mailing list > [email protected] > http://mail.blueonyx.it/mailman/listinfo/blueonyx _______________________________________________ Blueonyx mailing list [email protected] http://mail.blueonyx.it/mailman/listinfo/blueonyx
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Blueonyx mailing list [email protected] http://mail.blueonyx.it/mailman/listinfo/blueonyx
