======== Required information ====
- iRedMail version (check /etc/iredmail-release): Current (see text, the regex is taken from the current source on Bitbucket)
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?: Yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

I have been getting complaints from users that expected emails from Sendgrid are not arriving. I looked into this and they are indeed being blocked:

Feb  2 19:27:42 nc027 postfix/smtpd[29988]: NOQUEUE: reject: RCPT from unknown[168.245.3.156]: 554 5.7.1 <o168-245-3-156.outbound-mail.sendgrid.net>: Helo command rejected: ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery. (dynamic); from=<bounces+2353149-2cc0-REDACTED@sendgrid.net> to=<REDACTED> proto=ESMTP helo=<o168-245-3-156.outbound-mail.sendgrid.net>

So this helo (o168-245-3-156.outbound-mail.sendgrid.net) is matching this regex in "hello_access.pcre":

/(\d{1,3}[\.-]\d{1,3}[\.-]\d{1,3}[\.-]\d{1,3})/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})

I see this regex block a lot of spam, so I am loath to delete it, but it's blocking legitimate email. For this I don't blame iRedMail, I blame Sendgrid.

The question is, are Sendgrid breaking some widely-accepted rule or RFC here in identifying their mail servers with this kind of "helo" (and where can I read this rule), or is this perfectly legitimate and I should modify the regex to exclude Sendgrid?

Thanks.

Craig