[BlueOnyx:24505] Re: Postfix config

Dirk Estenfeld dirk.estenfeld at blackpoint.de
Fri Nov 13 11:16:39 -05 2020 

Hello Ernie,

yes, the clients log in via SALS (you have to do this to send something) and then you get the rejection. In the error message is also the name that was transmitted and if you google once after that, you will find something in the first place.
After I set the hook in the GUI and thus removed the corresponding points from main.cf, it worked again.

Best regards,
Dirk

 

 
blackpoint GmbH – Friedberger Straße 106b – 61118 Bad Vilbel 
-----Ursprüngliche Nachricht-----
Von: Blueonyx <blueonyx-bounces at mail.blueonyx.it> Im Auftrag von Ernie
Gesendet: Freitag, 13. November 2020 11:53
An: BlueOnyx General Mailing List <blueonyx at mail.blueonyx.it>
Betreff: [BlueOnyx:24503] Re: Postfix config

Are these clients SASL authenticated?

This is what's in my main.cf

smtpd_helo_required = yes
smtpd_helo_restrictions =
    permit_mynetworks
    permit_sasl_authenticated
    reject_invalid_helo_hostname
    reject_non_fqdn_helo_hostname
    reject_unknown_helo_hostname




Because permit_sasl_authenticated  should let them send, unless they don't have a login on your server in which case rejecting a bad FQDN is to be expected in this day and age.

I am not sure how postfiix prioritized it's rules, I would asume the first match and it stops looking, permit_sasl_authenticated comes before reject_non_fqdn_helo_hostname so to get that HELO rejection you posted, the client must be failing both the permit_mynetworks and permit_sasl_authenticated tests first.


-Ernie.




[ Charset ISO-8859-1 converted... ]
> Hello Michael,
> 
> generally a good thing.
> But can you please check the box "Accept from unresolvable domains" by
> default instead of not checking it by default?
> Because mail clients do not always send an FQDN. I just had this with a
> customer who had several users with Outlook who could no longer send
> because:
> 
> Nov 13 10:17:23 web1 postfix/submission/smtpd[1469325]: NOQUEUE: reject:
> RCPT from unknown[1.2.3.4]: 504 5.5.2 <GLCAHAUS01>: Helo command rejected:
> need fully-qualified hostname; from=<info at senderdomain.de>
> to=<some at recipient.de> proto=ESMTP helo=<GLCAHAUS01>
> 
> I have set the check. Now it's working again.
> Not everyone has a local mail server or uses o365.
> Therefore it would be good to have this limitation optional and not per
> default.
> 
> Best regards,
> Dirk
> 
>  
> blackpoint GmbH – Friedberger Straße 106b – 61118 Bad Vilbel 
> 
>  
> -----Ursprüngliche Nachricht-----
> Von: Blueonyx <blueonyx-bounces at mail.blueonyx.it> Im Auftrag von Michael
> Stauber
> Gesendet: Donnerstag, 12. November 2020 22:09
> An: blueonyx at mail.blueonyx.it
> Betreff: [BlueOnyx:24498] Re: Postfix config
> 
> Hi Ernie,
> 
> Earlier I wrote:
> > That way you could create your own /root/custom-postfix-confgen file 
> > and could put all the "postconf -e" commands into it that you want to 
> > apply to the Postfix configuration *after* the auto-configure has run. 
> > That would allow you to override any Postfix setting and make it stick 
> > through updates and other changes.
> 
> I just published YUM updates for 5210R that introduce this change to
> Postfix:
> 
> smtpd_sender_restrictions is set to either ...
> 
> postconf -e 'smtpd_sender_restrictions = permit_mynetworks,
> check_sender_access hash:/etc/postfix/access'
> 
> ... or ...
> 
> postconf -e 'smtpd_sender_restrictions = permit_mynetworks,
> reject_unknown_sender_domain, reject_non_fqdn_sender,
> reject_non_fqdn_hostname, reject_unknown_reverse_client_hostname,
> reject_unknown_client_hostname, check_sender_access
> hash:/etc/postfix/access'
> 
> ... depending if "Accept from unresolvable domains" is enabled or disabled
> in the GUI.
> 
> The second set of parameters is the new default. Means: We do strict
> checking.
> 
> Additionally a new script was added:
> 
> /usr/sausalito/bin/custom-postfix-confgen.sh
> 
> This script will never be changed during YUM updates and you can put into it
> your own "postconf -e" config changes to Postfix. These will be executed
> automatically on Postfix restarts *after* the GUI has finished its
> auto-configuration of Postfix.
> 
> Essentially /usr/sausalito/bin/custom-postfix-confgen.sh allows you to
> reconfigure Postfix entirely - if you wish. So use it with caution. An
> example is included in the script itself.
> 
> --
> With best regards
> 
> Michael Stauber
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx

> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx
_______________________________________________
Blueonyx mailing list
Blueonyx at mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5506 bytes
Desc: not available
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20201113/c3ae2258/attachment.p7s>

More information about the Blueonyx mailing list