1

Topic: Mail rejected

==== Required information ====
- iRedMail version: 0.8.7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Linux/BSD distribution name and version: Ubuntu 14.04
- Related log if you're reporting an issue: mail.log
====

I registered at gyazo.com but im not getting the verification mail from them, this is from the maillog

Oct 12 03:15:04 mail postfix/smtpd[30819]: connect from ec2-54-221-244-211.compute-1.amazonaws.com[54.221.244.211]
Oct 12 03:15:04 mail postfix/smtpd[30819]: NOQUEUE: reject: RCPT from ec2-54-221-244-211.compute-1.amazonaws.com[54.221.244.211]: 554 5.7.1 <ip-10-93-166-234.localdomain>: Helo command rejected: ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (10-93-166-234); from=<contact@gyazo.com> to=<rumpledwarf@xxx.com> proto=ESMTP helo=<ip-10-93-166-234.localdomain>
Oct 12 03:15:04 mail postfix/smtpd[30819]: disconnect from ec2-54-221-244-211.compute-1.amazonaws.com[54.221.244.211]
Oct 12 03:15:06 mail postfix/smtpd[30819]: connect from ec2-54-221-244-211.compute-1.amazonaws.com[54.221.244.211]
Oct 12 03:15:06 mail postfix/smtpd[30819]: NOQUEUE: reject: RCPT from ec2-54-221-244-211.compute-1.amazonaws.com[54.221.244.211]: 554 5.7.1 <ip-10-93-166-234.localdomain>: Helo command rejected: ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (10-93-166-234); from=<contact@gyazo.com> to=<rumpledwarf@xxx.com> proto=ESMTP helo=<ip-10-93-166-234.localdomain>
Oct 12 03:15:06 mail postfix/smtpd[30819]: disconnect from ec2-54-221-244-211.compute-1.amazonaws.com[54.221.244.211]

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Mail rejected

Try this:

1) Find below line in file /etc/postfix/helo_access.pcre:

/(\d{1,3}-\d{1,3}-\d{1,3}-\d{1,3})/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})

2) Add one line ABOVE above line. The final result looks like below:

/^ec2-(\d{1,3}-\d{1,3}-\d{1,3}-\d{1,3}).*.amazonaws.com$/ DUNNO                    
/(\d{1,3}-\d{1,3}-\d{1,3}-\d{1,3})/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})

3) Try to send email again.

Please do let me know whether or not it works for you.

3

Re: Mail rejected

Added what you wrote, restarted postfix and got the same rejection

Oct 12 15:34:43 mail postfix/smtpd[3919]: connect from ec2-54-83-45-57.compute-1.amazonaws.com[54.83.45.57]
Oct 12 15:34:43 mail postfix/smtpd[3919]: NOQUEUE: reject: RCPT from ec2-54-83-45-57.compute-1.amazonaws.com[54.83.45.57]: 554 5.7.1 <ip-10-153-223-23.localdomain>: Helo command rejected: ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (10-153-223-23); from=<contact@gyazo.com> to=<rumpledwarf@xxx.com> proto=ESMTP helo=<ip-10-153-223-23.localdomain>
Oct 12 15:34:43 mail postfix/smtpd[3919]: disconnect from ec2-54-83-45-57.compute-1.amazonaws.com[54.83.45.57]

and this is how i wrote it

/^ec2-(\d{1,3}-\d{1,3}-\d{1,3}-\d{1,3}).*.amazonaws.com$/ DUNNO
/(\d{1,3}-\d{1,3}-\d{1,3}-\d{1,3})/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})

4

Re: Mail rejected

rumpledwarf wrote:

helo=<ip-10-93-166-234.localdomain>

My mistake. The real HELO identity is 'ip-10-93-166-234.localdomain', not 'ec2-54-83-45-57.compute-1.amazonaws.com', so the HELO rule i wrote doesn't work.

You can choose one of below solution, or both:

1) Remove the new line (it was my mistake):

/^ec2-(\d{1,3}-\d{1,3}-\d{1,3}-\d{1,3}).*.amazonaws.com$/ DUNNO

Comment out original line by prepending '#' at the beginning:

#/(\d{1,3}-\d{1,3}-\d{1,3}-\d{1,3})/ REJECT ACCESS DENIED. Your ...

This way, you disabled HELO rule to check HELO identities like 'ip-10-93-166-234.localdomain' in your case.

2) Ask mail admin of this sender server to use a valid HELO identity, not 'ip-10-93-166-234.localdomain'.

A valid HELO identity should be a valid hostname which can be resolvable in DNS.

I suggest you do 1) first, and do 2) immediately. After mail admin of this sender server fixed this invalid HELO identity, uncomment out the original HELO rule in /etc/postfix/helo_access.pcre to reject SPAMs.

5

Re: Mail rejected

I have  commented out the line blocking and contacted the people that i needed the mail from for them to fix it, thank you for the assistance! smile

6

Re: Mail rejected

Just want to repeat myself: Ask mail admin of this sender server to use a valid HELO identity, not 'ip-10-93-166-234.localdomain'.

The HELO rule you commented out will help you reject many SPAMs.

7

Re: Mail rejected

Hi,

I installed iredmail for the first time and this is my first time configuring a mail server as well. I received a similar error when I tried to test the mail server after the configuration was completed successfully.

I have my web server trying to send mails trough a new mailserver and both are hosted on amazon aws. From your suggestion above, I understand that the hostname should be defined such that the fqdn is used instead of the dynamic ip that the ec2 instance is given. My issue here is, that if I try to do so on my webserver, I will have to stop my instance at least once. Doing so will change its ip address and hence my site will be offline till the new ip reflects on all dns servers.

Is this the only way I can do this?

8

Re: Mail rejected

Hi abhilashlenka,

You're posting in a more than 1-year old thread. Please create a new forum topic, and clearly explain what your issue is. Show us related error message/log.