1

Topic: Allowing helo with IP address

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.8
- Deployed with iRedMail Easy or the downloadable installer?: Downloadable
- Linux/BSD distribution name and version: CentOS 7.8
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL (MariaDB)
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro?: Yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====


Hi Zhang,

Inbound emails from EIG servers (unifiedlayer.com) are rejected with the following error:

554 5.7.1 <1-2-3-4.unifiedlayer.com>: Helo command rejected: ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (1-2-3-4)

(Of course, the IP address is masked.)

There are these existing lines in /etc/postfix/helo_access.pcre, about half way down:

# bypass some HELOs which contains IP address
/^o\d{1,3}-\d{1,3}-\d{1,3}-\d{1,3}\.outbound-mail\.sendgrid\.net$/ DUNNO

So in order to accept emails from EIG/unifiedlayer.com servers I added this line immediately below the above two lines and restarted Postfix:

/^o\d{1,3}-\d{1,3}-\d{1,3}-\d{1,3}\.unifiedlayer\.com$/ DUNNO

However, the emails are still bounced with the same error message.

Do you have a suggestion for what is still causing the sending server to be blocked?

Thank-you.


Craig

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Allowing helo with IP address

craig wrote:

So in order to accept emails from EIG/unifiedlayer.com servers I added this line immediately below the above two lines and restarted Postfix:

Add your line ABOVE those 2 lines.
First match wins.

3

Re: Allowing helo with IP address

ZhangHuangbin wrote:

Add your line ABOVE those 2 lines.
First match wins.

Sorry for not replying earlier This worked, thanks.

But I am confused by the "first match wins" theory. If the problem IP address matched my line (and not the included sendgrid.net one), why didn't Postfix keep processing and then get to my line when it was after the Sendgrid line? So with my line above the Sendgrid line, how would a Sendgrid email be accepted?

4

Re: Allowing helo with IP address

ZhangHuangbin wrote:

Add your line ABOVE those 2 lines.
First match wins.

I'm still not clear on this, as explained in my last post.


Craig