Well, Some email servers are not well configured and are using some old style naming, like : Code: srv-mouv-exchxx.identity-town.local So Postfix reject their emails as HELO can't be resolved. I tried to allow some domains in /etc/postfix/helo_access but it doesn't work (emails are still rejected). Code: /^town\.local$/ OK Here is the postconf -n | grep helo Code: smtpd_helo_required = yes smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, reject_invalid_hostname, reject_non_fqdn_hostname, reject_invalid_helo_hostname, reject_unknown_helo_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo Postfix has been restarted. Thanks for your time and any track !
Your regex is wrong. You are searching for a string starting with "town.local". Test here: https://regex101.com/ If you do not want to block legitimate mail, you should consider being less stringent on your helo requirement and leave that to rspamd
Thanks for your answer ! You're right, I didn't check the regex Code: /(.*)identity-town\.local$/ OK Did the trick. BTW : I don't see why adding an exception in helo_access can prevent legit emails from coming in, but I keep in mind your rspamd suggestion.
Glad it worked! I mean that your "smtpd_helo_restrictions" are very strict, like "reject_unknown_helo_hostname". There are many misconfigured mailservers out there that sill send mails you (or your users?) want to receive. For sure it would be better, if the other side could configure their mail servers properly, but we (I assume) are just so small, that they don't care. Only if Google starts to reject their mail they will do something. And until now, Google/gmail does not block servers with unknown helo hostname (unfortunately)
