On Fri, Nov 10, 2017 at 04:08:02PM +0100, Matus UHLAR - fantomas wrote:
> > > >On 10 November 2017 at 14:08, Enrico Morelli
> > > ><more...@cerm.unifi.it> wrote:
> > > >> my user don't receive mail from a real sender cause our
> > > >> mail server reject the Helo command:
> > > >>
> > > >> NOQUEUE: reject: RCPT from
> > > >> rrcs-70-60-37-220.central.biz.rr.com[70.60.37.220]: 450
> > > >> 4.7.1 <NTFYOHSrvNLES05.ntfy.local>: Helo command rejected:
> > > >> Host not found; from=<x...@xxx.xxx.xx> to=<x...@xxx.xxx.xx>
> > > >> proto=ESMTP helo=<NTFYOHSrvNLES05.ntfy.local>
> > > >> Nov 8 17:55:46 genio postfix/smtpd[3667]: disconnect from
> > > >> rrcs-70-60-37-220.central.biz.rr.com[70.60.37.220] ehlo=1
> > > >> mail=1 rcpt=0/1 rset=1 quit=1 commands=4/5
> > > >>
> > > >> Is there a way to receive these mails?
>
> > On Fri, 10 Nov 2017 15:42:16 +0100
> > Matus UHLAR - fantomas <uh...@fantomas.sk> wrote:
> > > you can whitelist particular IP by using "check_client_access"
> > > and you most probably want to have such directive in main.cf.
>
> On 10.11.17 15:45, Enrico Morelli wrote:
> > I have a check_sender_access, can I use that?
>
> depends on where you have the reject_unknown_helo_hostname.
Well, mainly no. A check_sender_access looks up the SENDER address
("MAIL FROM <sender@address>"), and that is generally a bad idea,
both for whitelisting and blacklisting. Do not do that unless there
would be no other option.
> client access is evaluated before sender access, so if you have the
No. ANY access(5) lookup takes place exactly when you specify that
restriction. You cannot say this categorically. It is quite
possible to mix restrictions such that "earlier" SMTP parts are
checked after RCPT TO, or even after DATA.
> reject_unknown_helo_hostname in smtpd_client_restrictions, you
> must either use check_client_access or move the
> reject_unknown_helo_hostname (and possibly other checks) to
> check_sender_access.
Much is confused in this sentence.
You can do check_mumble_access in pretty much any of the smtpd
restrictions stages.
The OP needs to do a CLIENT access lookup, but that lookup must
precede the reject_unknown_helo_hostname restriction in whichever
restriction stage it is being used.
Many users find it easier to put all restrictions in a single stage,
so everything can be seen in a linear way. For more details and
exceptions,
http:://www.postfix.org/SMTPD_ACCESS_README.html
--
http://rob0.nodns4.us/
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
