On Fri, 10 Nov 2017 16:24:10 +0100 Matus UHLAR - fantomas <uh...@fantomas.sk> wrote:
> >On Fri, 10 Nov 2017 16:08:02 +0100 > >Matus UHLAR - fantomas <uh...@fantomas.sk> wrote: > > > >> >> >On 10 November 2017 at 14:08, Enrico Morelli > >> >> ><more...@cerm.unifi.it> wrote: > >> >> >> my user don't receive mail from a real sender cause our mail > >> >> >> server reject the Helo command: > >> >> >> > >> >> >> NOQUEUE: reject: RCPT from > >> >> >> rrcs-70-60-37-220.central.biz.rr.com[70.60.37.220]: 450 4.7.1 > >> >> >> <NTFYOHSrvNLES05.ntfy.local>: Helo command rejected: Host not > >> >> >> found; from=<x...@xxx.xxx.xx> to=<x...@xxx.xxx.xx> proto=ESMTP > >> >> >> helo=<NTFYOHSrvNLES05.ntfy.local> > >> >> >> Nov 8 17:55:46 genio postfix/smtpd[3667]: disconnect from > >> >> >> rrcs-70-60-37-220.central.biz.rr.com[70.60.37.220] ehlo=1 > >> >> >> mail=1 rcpt=0/1 rset=1 quit=1 commands=4/5 > >> >> >> > >> >> >> Is there a way to receive these mails? > >> > >> >On Fri, 10 Nov 2017 15:42:16 +0100 > >> >Matus UHLAR - fantomas <uh...@fantomas.sk> wrote: > >> >> you can whitelist particular IP by using "check_client_access" > >> >> and you most probably want to have such directive in main.cf. > >> > >> On 10.11.17 15:45, Enrico Morelli wrote: > >> >I have a check_sender_access, can I use that? > >> > >> depends on where you have the reject_unknown_helo_hostname. > > On 10.11.17 16:12, Enrico Morelli wrote: > >I've it under smtpd_helo_restrictions. > > this is evaluated after client and before restrictions - > you must whitelist it before. To better understand, have I to put check_client_access here? smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, check_client_access hash:/etc/postfix/client_access, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname > > >> client access is evaluated before sender access, so if you have the > >> reject_unknown_helo_hostname in smtpd_client_restrictions, you must > >> either use check_client_access or move the > >> reject_unknown_helo_hostname (and possibly other checks) to > >> check_sender_access. > > -- ----------------------------------------------------------- Enrico Morelli System Administrator | Programmer | Web Developer CERM - Polo Scientifico via Sacconi, 6 - 50019 Sesto Fiorentino (FI) - ITALY ------------------------------------------------------------