NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2008-04

RE: whitelist an IP or domain at 'Helo' restrictions

From: James D. Parra (JamespMusicReports.com)
Date: Tue Apr 08 2008 - 17:24:40 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----Original Message-----
From: Noel Jones [mailto:njonesmegan.vbhcs.org]
Sent: Tuesday, April 08, 2008 3:02 PM
To: Posfix. Org (E-mail)
Subject: Re: whitelist an IP or domain at 'Helo' restrictions

James D. Parra wrote:
> Hello,
>
> How can I whitelist a domain or IP address that is being rejected at the
> Helo command?
>
> From the log;
> <snip>
> Apr 8 14:07:17 postfix postfix/smtpd[23973]: NOQUEUE: reject: RCPT from
> intentweb1.emsystem.co.uk[212.49.203.243]: 504 <intentweb1>: Helo command
> rejected: need fully-qualified hostname;
> from=<www-dataintentweb1.emsystem.co.uk> to=<userexample> proto=ESMTP
> helo=<intentweb1>
> <snip>
>
> I have the following in my main.cf
>
> <snip>
> smtpd_helo_restrictions = reject_non_fqdn_hostname,
> reject_invalid_hostname, permit
> <snip>
>
> Thank you in advance,
>
> James

Whitelist the client before the check that would otherwise
reject them.

In this case:
# main.cf
smtpd_helo_restrictions =
   check_client_access hash:/etc/postfix/client_whitelist
   reject_non_fqdn_hostname
   reject_invalid_hostname

# client_whitelist
212.49.203.243 OK

Be sure to "postmap client_whitelist" after editing the
whitelist file, and run "postfix reload" after editing main.cf.

Note this client might be rejected by rules you have in smtpd
sender or recipient restrictions. You may need to put the
same whitelist in those restriction lists also.

If you need further help, please post current log entries and
output of "postconf -n"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Thank you for this Noel. Out of curiosity, would this not be for the sender?
I think of clients as being internal users, but I probably have this
backwards.

Would the following work the same or no?

smtpd_helo_restrictions =
check_sender_access hash:/etc/postfix/sender_whitelist
<snip>

Again, many thanks,

~James

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]