I have.
smtpd_helo_restrictions =
permit_mynetworks
check_helo_access hash:/etc/postfix/helo_access
reject_invalid_helo_hostname
# reject_unknown_helo_hostname
permit
And this file, helo_access has.
localhost.localdomain PERMIT
65.100.117.244 PERMIT
60.189.57.253 REJECT
> From: Durwin De La Rue/Mgtsciences/US
> To: Postfix users <postfix-users@postfix.org>
> Date: 07/23/2018 02:17 PM
> Subject: How to white list
>
> I have whitelisted the ip in postscreen_access.cidr. I can see the
> 'whitelisted' for postscreen in log.
> But it does not get past smtpd.
>
> I do not want to remove reject_invalid_helo_hostname as this really
> opens up more spam. So how
> do I white list the ip for smtpd?
>
> Jul 23 13:53:32 postfix/smtpd[16279]: Anonymous TLS connection
> established from unknown[65.100.117.244]: TLSv1.2 with cipher AECDH-
> AES256-SHA (256/256 bits)
> Jul 23 13:53:32 postfix/smtpd[16279]: NOQUEUE: reject: RCPT from
> unknown[65.100.117.244]: 450 4.7.1 Client host rejected: cannot find
> your reverse hostname, [65.100.117.244]; from=<useren...@slfcu.org>
> to=<dur...@mycompany.com> proto=ESMTP helo=<barracuda.slfcu.org>
> Jul 23 13:53:33 postfix/smtpd[16279]: disconnect from unknown[65.
> 100.117.244] ehlo=2 starttls=1 mail=1 rcpt=0/1 data=0/1 rset=1
> quit=1 commands=6/8
>
> Thank you,
>
> Durwin
>
> === main.cf ===
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/postfix/aliases
> command_directory = /usr/sbin
> compatibility_level = 2
> daemon_directory = /usr/libexec/postfix
> data_directory = /var/lib/postfix
> debug_peer_level = 1
> debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
> ddd $daemon_directory/$process_name $process_id & sleep 5
> header_checks = regexp:/etc/postfix/header_checks
> html_directory = no
> inet_interfaces = all
> inet_protocols = all
> local_recipient_maps = $alias_maps
> mail_owner = postfix
> mailq_path = /usr/bin/mailq.postfix
> manpage_directory = /usr/share/man
> meta_directory = /etc/postfix
> mydestination = $mydomain, $myhostname, localhost.$mydomain, localhost
> mydomain = mycompany.com
> myhostname = postfix.mycompany.com
> mynetworks = 172.23.93.0/24
> mynetworks_style = subnet
> myorigin = $myhostname
> newaliases_path = /usr/bin/newaliases.postfix
> postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/
> postscreen_access.cidr
> postscreen_blacklist_action = drop
> postscreen_dnsbl_sites = zen.spamhaus.org*2 bl.spamcop.net*1
> b.barracudacentral.org*2
> postscreen_dnsbl_threshold = 2
> queue_directory = /var/spool/postfix
> readme_directory = /usr/share/doc/postfix/README_FILES
> relay_domains = $mydomain
> relay_transport = relay:$mydomain
> sample_directory = /usr/share/doc/postfix/samples
> sendmail_path = /usr/sbin/sendmail.postfix
> setgid_group = postdrop
> shlib_directory = /usr/lib64/postfix
> smtp_helo_name = mail.mycompany.com
> smtpd_authorized_xclient_hosts = 172.23.93.0/24
> smtpd_banner = mail.mycompany.com ESMTP $mail_name ($mail_version)
> smtpd_client_restrictions = reject_unknown_reverse_client_hostname
> smtpd_delay_reject = yes
> smtpd_helo_required = yes
> smtpd_helo_restrictions = permit_mynetworks check_helo_access hash:/
> etc/postfix/helo_access reject_invalid_helo_hostname permit
> smtpd_recipient_restrictions = permit_mynetworks
reject_unauth_destination
> smtpd_relay_restrictions = permit_mynetworks reject_unauth_destination
> smtpd_tls_CAfile = /etc/pki/tls/certs/mycompany-chain3.crt
> smtpd_tls_cert_file = /etc/pki/tls/certs/mycompany3.crt
> smtpd_tls_key_file = /etc/pki/tls/private/mycompany3.key
> smtpd_tls_loglevel = 3
> smtpd_tls_received_header = yes
> smtpd_tls_session_cache_timeout = 3600s
> smtpd_use_tls = yes
> tls_random_source = dev:/dev/urandom
> transport_maps = hash:/etc/postfix/transport
> unknown_local_recipient_reject_code = 550
> virtual_alias_domains = hash:/etc/postfix/virtual_domains
> virtual_alias_maps = hash:/etc/postfix/virtual
> === END main.cf ===
>
>
>
> This email message and any attachments are for the sole use of the
> intended recipient(s) and may contain proprietary and/or
> confidential information which may be privileged or otherwise
> protected from disclosure. Any unauthorized review, use, disclosure
> or distribution is prohibited. If you are not the intended recipient
> (s), please contact the sender by reply email and destroy the
> original message and any copies of the message as well as any
> attachments to the original message.
This email message and any attachments are for the sole use of the
intended recipient(s) and may contain proprietary and/or confidential
information which may be privileged or otherwise protected from
disclosure. Any unauthorized review, use, disclosure or distribution is
prohibited. If you are not the intended recipient(s), please contact the
sender by reply email and destroy the original message and any copies of
the message as well as any attachments to the original message.
