1

Topic: allow domain from Office365

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.1
- Deployed with iRedMail Easy or the downloadable installer? downloadable
- Linux/BSD distribution name and version:  Buntu 18.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): NGINX
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

hello many sender user Office 365 with there own domain name
and Office 365 use many server so rejection policy reject too many time the mail sender that do not receive mail.
"""
May 27 09:46:41 mail postfix/smtpd[11215]: connect from mail-eopbgr140050.outbound.protection.outlook.com[40.107.14.50]
3562-May 27 09:46:41 mail postfix/smtpd[11215]: Anonymous TLS connection established from mail-eopbgr140050.outbound.protection.outlook.com[40.107.14.50]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
3563:May 27 09:46:44 mail postfix/smtpd[11215]: NOQUEUE: reject: RCPT from mail-eopbgr140050.outbound.protection.outlook.com[40.107.14.50]: 451 4.7.1 <receiver@iredmailserver.fr>: Recipient address rejected: Intentional policy rejection, please try again later; from=<sender@senderDomain.fr> to=<receiver@iredmailserver.fr> proto=ESMTP helo=<EUR01-VE1-obe.outbound.protection.outlook.com>
"""
i can disable greylist for @senderDomain.fr but many more domain use and will use O365 with there own domain

How to allow or diseable greylisting from part of helo information

helo=<EUR01-VE1-obe.outbound.protection.outlook.com>
only "outbound.protection.outlook.com" doesn't change and the server name EUR01-VE1-obe may change

Regards
T.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: allow domain from Office365

In iRedAdmin, you can include or exclude any domain from grey/white/blacklisting like this:

@example.com

and include or exclude any subdomains like this:

@.example.com

So something like this may work with O365 servers:

@.outbound.protection.outlook.com

3

Re: allow domain from Office365

Which iRedAPD release are you running? Please show us output of command "ls -dl /opt/iredapd".

The recent iRedAPD releases query SPF record of sender domain before applying greylisting, if sender server IP address is listed in SPF of sender domain, no greylisting applied.

Could you please upgrade iRedAPD to the latest 3.6 first and try again?
FYI: https://docs.iredmail.org/upgrade.iredapd.html

4 (edited by Tonton 2020-05-30 18:23:38)

Re: allow domain from Office365

"ls -dl /opt/iredapd
lrwxrwxrwx 1 root root 11 avril 21 23:02 /opt/iredapd -> iRedAPD-3.6

seems ok to use @.outbound.protection.outlook.com

but this apply to from address information and it seems doesn't look after the helo=
i never know before who use 0365 to write email to users.

i disable greylisting for all and i will look for the side effects on one server.

look at the screen capture  does the respons is ok ?
/opt/iredapd/tools# python spf_to_greylist_whitelists.py outlook.com microsoft.com
* 2 mail domains in total.
    + [outlook.com]
    + [microsoft.com]
* No IP address/network found. Exit.

regards
T.