[BlueOnyx:24503] Re: Postfix config
Ernie
ernie at info.eis.net.au
Fri Nov 13 05:52:31 -05 2020
Are these clients SASL authenticated?
This is what's in my main.cf
smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_invalid_helo_hostname
reject_non_fqdn_helo_hostname
reject_unknown_helo_hostname
Because permit_sasl_authenticated should let them send, unless they
don't have a login on your server in which case rejecting a bad FQDN is to
be expected in this day and age.
I am not sure how postfiix prioritized it's rules, I would asume the first
match and it stops looking, permit_sasl_authenticated comes before reject_non_fqdn_helo_hostname
so to get that HELO rejection you posted, the client must be failing both
the permit_mynetworks and permit_sasl_authenticated tests first.
-Ernie.
[ Charset ISO-8859-1 converted... ]
> Hello Michael,
>
> generally a good thing.
> But can you please check the box "Accept from unresolvable domains" by
> default instead of not checking it by default?
> Because mail clients do not always send an FQDN. I just had this with a
> customer who had several users with Outlook who could no longer send
> because:
>
> Nov 13 10:17:23 web1 postfix/submission/smtpd[1469325]: NOQUEUE: reject:
> RCPT from unknown[1.2.3.4]: 504 5.5.2 <GLCAHAUS01>: Helo command rejected:
> need fully-qualified hostname; from=<info at senderdomain.de>
> to=<some at recipient.de> proto=ESMTP helo=<GLCAHAUS01>
>
> I have set the check. Now it's working again.
> Not everyone has a local mail server or uses o365.
> Therefore it would be good to have this limitation optional and not per
> default.
>
> Best regards,
> Dirk
>
>
> blackpoint GmbH – Friedberger Straße 106b – 61118 Bad Vilbel
>
>
> -----Ursprüngliche Nachricht-----
> Von: Blueonyx <blueonyx-bounces at mail.blueonyx.it> Im Auftrag von Michael
> Stauber
> Gesendet: Donnerstag, 12. November 2020 22:09
> An: blueonyx at mail.blueonyx.it
> Betreff: [BlueOnyx:24498] Re: Postfix config
>
> Hi Ernie,
>
> Earlier I wrote:
> > That way you could create your own /root/custom-postfix-confgen file
> > and could put all the "postconf -e" commands into it that you want to
> > apply to the Postfix configuration *after* the auto-configure has run.
> > That would allow you to override any Postfix setting and make it stick
> > through updates and other changes.
>
> I just published YUM updates for 5210R that introduce this change to
> Postfix:
>
> smtpd_sender_restrictions is set to either ...
>
> postconf -e 'smtpd_sender_restrictions = permit_mynetworks,
> check_sender_access hash:/etc/postfix/access'
>
> ... or ...
>
> postconf -e 'smtpd_sender_restrictions = permit_mynetworks,
> reject_unknown_sender_domain, reject_non_fqdn_sender,
> reject_non_fqdn_hostname, reject_unknown_reverse_client_hostname,
> reject_unknown_client_hostname, check_sender_access
> hash:/etc/postfix/access'
>
> ... depending if "Accept from unresolvable domains" is enabled or disabled
> in the GUI.
>
> The second set of parameters is the new default. Means: We do strict
> checking.
>
> Additionally a new script was added:
>
> /usr/sausalito/bin/custom-postfix-confgen.sh
>
> This script will never be changed during YUM updates and you can put into it
> your own "postconf -e" config changes to Postfix. These will be executed
> automatically on Postfix restarts *after* the GUI has finished its
> auto-configuration of Postfix.
>
> Essentially /usr/sausalito/bin/custom-postfix-confgen.sh allows you to
> reconfigure Postfix entirely - if you wish. So use it with caution. An
> example is included in the script itself.
>
> --
> With best regards
>
> Michael Stauber
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx
More information about the Blueonyx
mailing list