Re: Helo rejected
>> >> >On 10 November 2017 at 14:08, Enrico Morelli >> >> > wrote: >> >> >> my user don't receive mail from a real sender cause our mail >> >> >> server reject the Helo command: >> >> >> >> >> >> NOQUEUE: reject: RCPT from >> >> >> rrcs-70-60-37-220.central.biz.rr.com[70.60.37.220]: 450 4.7.1 >> >> >> : Helo command rejected: Host not >> >> >> found; from= to= proto=ESMTP >> >> >> helo= >> >> >> Nov 8 17:55:46 genio postfix/smtpd[3667]: disconnect from >> >> >> rrcs-70-60-37-220.central.biz.rr.com[70.60.37.220] ehlo=1 >> >> >> mail=1 rcpt=0/1 rset=1 quit=1 commands=4/5 >> >> >> >> >> >> Is there a way to receive these mails? >> >> >On Fri, 10 Nov 2017 15:42:16 +0100 >> >Matus UHLAR - fantomas wrote: >> >> you can whitelist particular IP by using "check_client_access" >> >> and you most probably want to have such directive in main.cf. On 10.11.17 16:37, Enrico Morelli wrote: To better understand, have I to put check_client_access here? smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, check_client_access hash:/etc/postfix/client_access, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname yes, that's good way where to put it. Note that if you have any directives in smtpd_client_restrictions as blackliets etc, you can put check_client_access before those, so you can whitelist multiple reasons at once -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. The early bird may get the worm, but the second mouse gets the cheese.
Re: Helo rejected
On Fri, Nov 10, 2017 at 04:08:02PM +0100, Matus UHLAR - fantomas wrote:
> > > >On 10 November 2017 at 14:08, Enrico Morelli
> > > > wrote:
> > > >> my user don't receive mail from a real sender cause our
> > > >> mail server reject the Helo command:
> > > >>
> > > >> NOQUEUE: reject: RCPT from
> > > >> rrcs-70-60-37-220.central.biz.rr.com[70.60.37.220]: 450
> > > >> 4.7.1 : Helo command rejected:
> > > >> Host not found; from= to=
> > > >> proto=ESMTP helo=
> > > >> Nov 8 17:55:46 genio postfix/smtpd[3667]: disconnect from
> > > >> rrcs-70-60-37-220.central.biz.rr.com[70.60.37.220] ehlo=1
> > > >> mail=1 rcpt=0/1 rset=1 quit=1 commands=4/5
> > > >>
> > > >> Is there a way to receive these mails?
>
> > On Fri, 10 Nov 2017 15:42:16 +0100
> > Matus UHLAR - fantomas wrote:
> > > you can whitelist particular IP by using "check_client_access"
> > > and you most probably want to have such directive in main.cf.
>
> On 10.11.17 15:45, Enrico Morelli wrote:
> > I have a check_sender_access, can I use that?
>
> depends on where you have the reject_unknown_helo_hostname.
Well, mainly no. A check_sender_access looks up the SENDER address
("MAIL FROM "), and that is generally a bad idea,
both for whitelisting and blacklisting. Do not do that unless there
would be no other option.
> client access is evaluated before sender access, so if you have the
No. ANY access(5) lookup takes place exactly when you specify that
restriction. You cannot say this categorically. It is quite
possible to mix restrictions such that "earlier" SMTP parts are
checked after RCPT TO, or even after DATA.
> reject_unknown_helo_hostname in smtpd_client_restrictions, you
> must either use check_client_access or move the
> reject_unknown_helo_hostname (and possibly other checks) to
> check_sender_access.
Much is confused in this sentence.
You can do check_mumble_access in pretty much any of the smtpd
restrictions stages.
The OP needs to do a CLIENT access lookup, but that lookup must
precede the reject_unknown_helo_hostname restriction in whichever
restriction stage it is being used.
Many users find it easier to put all restrictions in a single stage,
so everything can be seen in a linear way. For more details and
exceptions,
http:://www.postfix.org/SMTPD_ACCESS_README.html
--
http://rob0.nodns4.us/
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
Re: Helo rejected
On Fri, 10 Nov 2017 16:24:10 +0100 Matus UHLAR - fantomas wrote: > >On Fri, 10 Nov 2017 16:08:02 +0100 > >Matus UHLAR - fantomas wrote: > > > >> >> >On 10 November 2017 at 14:08, Enrico Morelli > >> >> > wrote: > >> >> >> my user don't receive mail from a real sender cause our mail > >> >> >> server reject the Helo command: > >> >> >> > >> >> >> NOQUEUE: reject: RCPT from > >> >> >> rrcs-70-60-37-220.central.biz.rr.com[70.60.37.220]: 450 4.7.1 > >> >> >> : Helo command rejected: Host not > >> >> >> found; from= to= proto=ESMTP > >> >> >> helo= > >> >> >> Nov 8 17:55:46 genio postfix/smtpd[3667]: disconnect from > >> >> >> rrcs-70-60-37-220.central.biz.rr.com[70.60.37.220] ehlo=1 > >> >> >> mail=1 rcpt=0/1 rset=1 quit=1 commands=4/5 > >> >> >> > >> >> >> Is there a way to receive these mails? > >> > >> >On Fri, 10 Nov 2017 15:42:16 +0100 > >> >Matus UHLAR - fantomas wrote: > >> >> you can whitelist particular IP by using "check_client_access" > >> >> and you most probably want to have such directive in main.cf. > >> > >> On 10.11.17 15:45, Enrico Morelli wrote: > >> >I have a check_sender_access, can I use that? > >> > >> depends on where you have the reject_unknown_helo_hostname. > > On 10.11.17 16:12, Enrico Morelli wrote: > >I've it under smtpd_helo_restrictions. > > this is evaluated after client and before restrictions - > you must whitelist it before. To better understand, have I to put check_client_access here? smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, check_client_access hash:/etc/postfix/client_access, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname > > >> client access is evaluated before sender access, so if you have the > >> reject_unknown_helo_hostname in smtpd_client_restrictions, you must > >> either use check_client_access or move the > >> reject_unknown_helo_hostname (and possibly other checks) to > >> check_sender_access. > > -- --- Enrico Morelli System Administrator | Programmer | Web Developer CERM - Polo Scientifico via Sacconi, 6 - 50019 Sesto Fiorentino (FI) - ITALY
Re: Helo rejected
On Fri, 10 Nov 2017 16:08:02 +0100 Matus UHLAR - fantomas wrote: >> >On 10 November 2017 at 14:08, Enrico Morelli >> > wrote: >> >> my user don't receive mail from a real sender cause our mail >> >> server reject the Helo command: >> >> >> >> NOQUEUE: reject: RCPT from >> >> rrcs-70-60-37-220.central.biz.rr.com[70.60.37.220]: 450 4.7.1 >> >> : Helo command rejected: Host not >> >> found; from= to= proto=ESMTP >> >> helo= >> >> Nov 8 17:55:46 genio postfix/smtpd[3667]: disconnect from >> >> rrcs-70-60-37-220.central.biz.rr.com[70.60.37.220] ehlo=1 mail=1 >> >> rcpt=0/1 rset=1 quit=1 commands=4/5 >> >> >> >> Is there a way to receive these mails? >On Fri, 10 Nov 2017 15:42:16 +0100 >Matus UHLAR - fantomas wrote: >> you can whitelist particular IP by using "check_client_access" and >> you most probably want to have such directive in main.cf. On 10.11.17 15:45, Enrico Morelli wrote: >I have a check_sender_access, can I use that? depends on where you have the reject_unknown_helo_hostname. On 10.11.17 16:12, Enrico Morelli wrote: I've it under smtpd_helo_restrictions. this is evaluated after client and before restrictions - you must whitelist it before. client access is evaluated before sender access, so if you have the reject_unknown_helo_hostname in smtpd_client_restrictions, you must either use check_client_access or move the reject_unknown_helo_hostname (and possibly other checks) to check_sender_access. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Eagles may soar, but weasels don't get sucked into jet engines.
Re: Helo rejected
On Fri, 10 Nov 2017 16:08:02 +0100 Matus UHLAR - fantomas wrote: > >> >On 10 November 2017 at 14:08, Enrico Morelli > >> > wrote: > >> >> my user don't receive mail from a real sender cause our mail > >> >> server reject the Helo command: > >> >> > >> >> NOQUEUE: reject: RCPT from > >> >> rrcs-70-60-37-220.central.biz.rr.com[70.60.37.220]: 450 4.7.1 > >> >> : Helo command rejected: Host not > >> >> found; from= to= proto=ESMTP > >> >> helo= > >> >> Nov 8 17:55:46 genio postfix/smtpd[3667]: disconnect from > >> >> rrcs-70-60-37-220.central.biz.rr.com[70.60.37.220] ehlo=1 mail=1 > >> >> rcpt=0/1 rset=1 quit=1 commands=4/5 > >> >> > >> >> Is there a way to receive these mails? > > >On Fri, 10 Nov 2017 15:42:16 +0100 > >Matus UHLAR - fantomas wrote: > >> you can whitelist particular IP by using "check_client_access" and > >> you most probably want to have such directive in main.cf. > > On 10.11.17 15:45, Enrico Morelli wrote: > >I have a check_sender_access, can I use that? > > depends on where you have the reject_unknown_helo_hostname. I've it under smtpd_helo_restrictions. > > client access is evaluated before sender access, so if you have the > reject_unknown_helo_hostname in smtpd_client_restrictions, you must > either use check_client_access or move the > reject_unknown_helo_hostname (and possibly other checks) to > check_sender_access. > -- --- Enrico Morelli System Administrator | Programmer | Web Developer CERM - Polo Scientifico via Sacconi, 6 - 50019 Sesto Fiorentino (FI) - ITALY
Re: Helo rejected
>On 10 November 2017 at 14:08, Enrico Morelli >wrote: >> my user don't receive mail from a real sender cause our mail server >> reject the Helo command: >> >> NOQUEUE: reject: RCPT from >> rrcs-70-60-37-220.central.biz.rr.com[70.60.37.220]: 450 4.7.1 >> : Helo command rejected: Host not >> found; from= to= proto=ESMTP >> helo= >> Nov 8 17:55:46 genio postfix/smtpd[3667]: disconnect from >> rrcs-70-60-37-220.central.biz.rr.com[70.60.37.220] ehlo=1 mail=1 >> rcpt=0/1 rset=1 quit=1 commands=4/5 >> >> Is there a way to receive these mails? On Fri, 10 Nov 2017 15:42:16 +0100 Matus UHLAR - fantomas wrote: you can whitelist particular IP by using "check_client_access" and you most probably want to have such directive in main.cf. On 10.11.17 15:45, Enrico Morelli wrote: I have a check_sender_access, can I use that? depends on where you have the reject_unknown_helo_hostname. client access is evaluated before sender access, so if you have the reject_unknown_helo_hostname in smtpd_client_restrictions, you must either use check_client_access or move the reject_unknown_helo_hostname (and possibly other checks) to check_sender_access. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Depression is merely anger without enthusiasm.
RE: Helo rejected
 https://tools.ietf.org/html/rfc5321.html#section-2.3.5 Local aliases MUST NOT appear in any SMTP transaction. So correctly rejected, imo. just tell the other site the mail manager forgot to set the outgoing smtp connector in exchange. Happens so often.. Greetz, Louis Van: domi...@timedicer.co.uk [mailto:owner-postfix-us...@postfix.org] Namens Dominic Raferd Verzonden: vrijdag 10 november 2017 15:30 Aan: Postfix users Onderwerp: Re: Helo rejected On 10 November 2017 at 14:08, Enrico Morelli wrote: my user don't receive mail from a real sender cause our mail server reject the Helo command: NOQUEUE: reject: RCPT from rrcs-70-60-37-220.central.biz.rr.com[70.60.37.220]: 450 4.7.1 : Helo command rejected: Host not found; from= to= proto=ESMTP helo= Nov 8 17:55:46 genio postfix/smtpd[3667]: disconnect from rrcs-70-60-37-220.central.biz.rr.com[70.60.37.220] ehlo=1 mail=1 rcpt=0/1 rset=1 quit=1 commands=4/5 Is there a way to receive these mails? ​You may be using this setting ​in one of your restriction lists: reject_unknown_helo_hostname. Remove this and you should be ok. I think there is not much point worrying about helo hostnames, they are easy to fake in any case. Better to focus on client reverse hostnames.
Re: Helo rejected
On Fri, 10 Nov 2017 15:42:16 +0100 Matus UHLAR - fantomas wrote: > >On 10 November 2017 at 14:08, Enrico Morelli > >wrote: > >> my user don't receive mail from a real sender cause our mail server > >> reject the Helo command: > >> > >> NOQUEUE: reject: RCPT from > >> rrcs-70-60-37-220.central.biz.rr.com[70.60.37.220]: 450 4.7.1 > >> : Helo command rejected: Host not > >> found; from= to= proto=ESMTP > >> helo= > >> Nov 8 17:55:46 genio postfix/smtpd[3667]: disconnect from > >> rrcs-70-60-37-220.central.biz.rr.com[70.60.37.220] ehlo=1 mail=1 > >> rcpt=0/1 rset=1 quit=1 commands=4/5 > >> > >> Is there a way to receive these mails? > > On 10.11.17 14:30, Dominic Raferd wrote: > >You may be using this setting in one of your restriction lists: > >reject_unknown_helo_hostname. Remove this and you should be ok. I > >think there is not much point worrying about helo hostnames, they > >are easy to fake in any case. > > That's exactly why we block those fake helo hostnames. > > you can whitelist particular IP by using "check_client_access" and > you most probably want to have such directive in main.cf. > I have a check_sender_access, can I use that? > Enrico: > if possible, try contacting the sender that they are supposed to fix > their helo hostname (you won't be the only one who rejects mail from > them). If not, explain your customer that you have whitelisted the > sender's IP and that the problem is on their side. > THanks -- --- Enrico Morelli System Administrator | Programmer | Web Developer CERM - Polo Scientifico via Sacconi, 6 - 50019 Sesto Fiorentino (FI) - ITALY
Re: Helo rejected
On 10 November 2017 at 14:08, Enrico Morelli wrote: my user don't receive mail from a real sender cause our mail server reject the Helo command: NOQUEUE: reject: RCPT from rrcs-70-60-37-220.central.biz.rr.com[70.60.37.220]: 450 4.7.1 : Helo command rejected: Host not found; from= to= proto=ESMTP helo= Nov 8 17:55:46 genio postfix/smtpd[3667]: disconnect from rrcs-70-60-37-220.central.biz.rr.com[70.60.37.220] ehlo=1 mail=1 rcpt=0/1 rset=1 quit=1 commands=4/5 Is there a way to receive these mails? On 10.11.17 14:30, Dominic Raferd wrote: You may be using this setting in one of your restriction lists: reject_unknown_helo_hostname. Remove this and you should be ok. I think there is not much point worrying about helo hostnames, they are easy to fake in any case. That's exactly why we block those fake helo hostnames. you can whitelist particular IP by using "check_client_access" and you most probably want to have such directive in main.cf. Enrico: if possible, try contacting the sender that they are supposed to fix their helo hostname (you won't be the only one who rejects mail from them). If not, explain your customer that you have whitelisted the sender's IP and that the problem is on their side. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. He who laughs last thinks slowest.
Re: Helo rejected
On 10 November 2017 at 14:08, Enrico Morelli wrote: > my user don't receive mail from a real sender cause our mail server > reject the Helo command: > > NOQUEUE: reject: RCPT from rrcs-70-60-37-220.central.biz.rr.com[70.60.37.220]: > 450 4.7.1 > : Helo command rejected: Host not found; > from= to= proto=ESMTP > helo= > Nov 8 17:55:46 genio postfix/smtpd[3667]: disconnect from > rrcs-70-60-37-220.central.biz.rr.com[70.60.37.220] ehlo=1 mail=1 > rcpt=0/1 rset=1 quit=1 commands=4/5 > > Is there a way to receive these mails? You may be using this setting in one of your restriction lists: reject_unknown_helo_hostname. Remove this and you should be ok. I think there is not much point worrying about helo hostnames, they are easy to fake in any case. Better to focus on client reverse hostnames.
