On Fri, Aug 26, 2016 at 03:09:17PM +0300, Aggelos wrote: > On 26/08/2016 02:53 μμ, Kiss Gabor (Bitman) wrote: > >>smtpd_helo_restrictions = permit_mynetworks, > >> reject_invalid_helo_hostname, > >> reject_unknown_helo_hostname > > > > > >>Yet, in the logs I still get these reports (sample on one line): > >> > >>Aug 26 03:37:52 <my hostname> postfix/smtpd[27675]: NOQUEUE: > >>reject: RCPT from spam1.vodafone.gr[213.249.16.2]: 450 4.7.1 > >><spam1.panafonet.gr>: Helo command rejected: Host not found; > >>from=<onl...@vodafone.gr> to=<my email> proto=ESMTP > >>helo=<spam1.panafonet.gr> > >> > >>What am I missing and/or doing wrong? > > > >See the config snippet above. > > Are you saying that it goes on with checking and fails later on? If > so, how can I make postfix accept those IPs after it checks the > file /etc/postfix/maps/whitelisted_clients?
You seem to think that a permit action in client restrictions applies globally to all other restriction stages. This is wrong, and not according to documentation. Each set of restrictions is evaluated independently, and ANY reject or defer result applies to the mail. Many users find it simpler to keep all antispam restrictions in a single stage, usually recipient restrictions, for this reason. See: http://www.postfix.org/SMTPD_ACCESS_README.html which explains the process better. Now let's back up a bit: any time someone mentions "whitelisting" it's almost a sure bet that their restrictions are unreasonable. In your case they certainly are. You followed an ancient, unmaintained and relatively clueless HOWTO online. Some of your DNSBLs have been gone for many years. At least one (spamcop) is best for scoring; not safe for outright blocking of mail. The restriction that caused this problem is unsafe. You will encounter many unknown HELO hostnames delivering real mail. In short, YDIW. -- http://rob0.nodns4.us/ Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
