Hi, this is pretty much pure postfix rather than ispconfig. but since the server is configured with whatever default settings ispconfig puts in main.cf, i figured i'd ask here. we have a mail client, whose externally hosted site also uses another provider to manage bookings, which sends mail to the client, i'm not sure what domain it's trying to send those mails as, the 3rd party providers own domain or the clients domain. but it's using mandrill#.secure-booking-email.net for the helo command when connecting to our server, where the # can be any number. our mail server is running on ispconfig3.2.1, so it's running all the helo verification checks: Code: smtpd_helo_required = yes smtpd_helo_restrictions = reject_invalid_helo_hostname, permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, check_helo_access regexp:/e tc/postfix/blacklist_helo, ,reject_unknown_helo_hostname, permit running nslookup, or dig -x, directly on the mailserver that's rejecting these connections, the mandrill hosts appear to have valid PTR records, but no valid A record. the client has contacted them, and they're blaming my servers. stating: which is just plain weird considering it's their server trying to connect to ours. so their the ones supposed to be providing the HELO greeting. these are important emails for the client, so he needs them working asap, and it looks like it's going to take a while to resolve. in the meantime i thought i'd try adding the hosts into helo_access and try to whitelist them anyway, i've tried adding the hostname(s) to the helo_access file, but that doesn't seem to work either. i've found answers saying to use ACCEPT, PERMIT, or OK, so i have no idea which one is correct, or if any will work. i've put 3 entries in helo_access, using /^mandrill*\.secure-booking-email\.net$/ and ending in OK, PERMIT, and ACCEPT. and it still gets rejected. how can i allow servers using this helo domain to connect without opening up helo to every misconfigured server out there?
Use DUNNO as the response, I think OK may be ignored there because it's easily spoofable and bypasses lots of other checks.
i changed (simplified) the regex, just using '/(.*)\.secure-booking-email\.net$/ OK' now as i don't know how many mandrill## servers they have. i tried it with DUNNO, but it was still getting rejected, with OK it still gives warnings that the hostname doesn't resolve to the address it's connecting from, but the mail is at least making it through. would still be nicer if the sending org would sort out their configuration though...
Hi, i will try to continue this topic which regards to Helo command rejected becouse im start to getting "Helo command rejected: Generic / dynamic helo/ehlo is not allowed here" from instagram once user wants to reset their password. Normally i did not have any problem witch postfix, apart quite a lot of spam to some of the users but im lost to fix this issue - please for some help.
