Lonely Wolf a écrit :
> (now seems that things works :P)
> Well, in my conf i've:
> smtpd_delay_reject = yes
> smtpd_helo_required = yes
> smtpd_helo_restrictions =
> check_helo_access hash:/etc/postfix/helo_access
> this morning, watching maillog file i saw something like this
> Dec 29 09:54:34 smtp postfix/smtpd: connect from
> Dec 29 09:54:34 smtp postfix/smtpd: NOQUEUE: reject: RCPT from
> 1-2-3-4.ip.address.it[22.214.171.124]: 450 <allmi03.$domainName.priv>: Helo
> command rejected: Host not found; from=<$name.$surname@$domainName.it>
> to=<user@...> proto=ESMTP helo=<allmi03.$domainName.priv>
helo doesn't resolve (.priv doesn't resolve), so is blocked by
> Well, basically that user name is a REAL contact of my user NOT a
> spammer but i suppose che the problem is due to their mailserver conf.
> I've interpreted these lines as the follows: "postfix helo restrictions
> rejected this message because HELO presented to my mailserver as
> (where $domainName obviously is the remote domain name) DIFFERS from
> $domainName.it obtained from dns lookup.
> Have i correctly interpreted this line and reason of rejecting?
> At this point however, i wanna permit to that KNOWN user to send email
> to user@... so i suppose to use the check_helo_access in this
> way (to permit or reject esplicitly someone):
> allmi03.$domainName.priv OK
Do not use OK in a helo access map. Use DUNNO instead of OK. This
changes nothing in your current setup, but may be a problem if you add
other restrictions after the helo check.
> is this the correct use/purpose of helo_access?
> mmm this lead me to some question: what differences there are between OK
> and PERMIT here?
none. but DUNNO is preferable when you just want to avoid a REJECT. with
OK, the connection is permitted. with DUNNO, the following checks will
be performed. look at this