postfix whitelist when PTR is delegated by ISP

Discussion in 'ISPConfig 3 Priority Support' started by DantePasquale, Aug 8, 2018.

  1. DantePasquale

    DantePasquale Member HowtoForge Supporter

    Hi, I have a weird situation where Nagios alerts are sent to me from a customer and all are rejected because of
    Helo command rejected: Host not found​
    Or is it because the reverse DNS goes to some other name (default road-runner name) instead of the 'server' name?
    Would it work if I actually whitelist the IP in postconf even if the PTR is delegated by road runner?
    Thanks!
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    You can try to put the Ip of that server into /etc/postfix/helo_access file.
     
  3. DantePasquale

    DantePasquale Member HowtoForge Supporter

    Hi Till,
    Here's what I have that is not working :)
    Code:
    smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, reject_invalid_hostname, reject_non_fqdn_hostname, reject_invalid_helo_hostname, reject_unknown_helo_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo
    
    And here's what is in /etc/postfix/helo_access:
    Code:
    # helo_access - before permit_sasl
    # be sure to list your own hostname(s), domain(s) and IP address(es) here
    
    # Reject others identifying with this machine's hostnames and IP addresses
    #/^inferno\.cocoanet\.us$/  REJECT
    #/^((smtp|mx|mail)\.domain1\.com$/	REJECT
    #/^mail\.domain2\.com$/		REJECT
    
    # TODO: this server's ip addr loop here
    #/^\[?1\.2\.3\.4\]?$/	REJECT
    #/^\[?12\.34\.56\.78\]?$/	REJECT
    #/^\[?123\.234\.123\.234\]?$/	REJECT
    
    # Reject others identifying as domains we host
    # TODO: this server's hosted mail domains loop here
    #/^domain1\.com$/	REJECT
    #/^domain2\.com$/	REJECT
    #/^domain3\.net$/	REJECT
    
    /\[?70\.62\.212\.82\]?/	PERMIT
    
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Try to add the hostname which this customer uses as helo name there too.
     
  5. DantePasquale

    DantePasquale Member HowtoForge Supporter

    Adding the hostname from the 'helo' seems to be working! Here's what I added to

    /etc/postfix/helo_acces
    Code:
    /^\[?70\.62\.212\.82\]?$/    PERMIT
    /^it\-workstation\-host\.ad\.sfpi\.com$/    PERMIT
    
    
     
    Last edited: Aug 16, 2018
    till likes this.
  6. DantePasquale

    DantePasquale Member HowtoForge Supporter

Share This Page