1 Topic by Chameleon

  • Chameleon
  • Member
  • Offline
  • Registered: 2013-01-22
  • Posts: 40

Topic: Helo command rejected: ACCESS DENIED. Your email was rejected because

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.3.2 MARIADB edition
- Deployed with iRedMail Easy or the downloadable installer? downloadable installer
- Linux/BSD distribution name and version: Ubuntu 20.04.2 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): nginx
- Manage mail accounts with iRedAdmin-Pro? Yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
After upgrade the server, everything works fine, but when we use both webmail clients, we get this in the mail.log:
554 5.7.1 <localhost>: Helo command rejected: ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (localhost);

I have commented in /etc/postfix/helo_access.pcre the appropriate line and it is working now, but I would appreciate if you provide an advice if this is the right fix or not?

BR,
Stan

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: Helo command rejected: ACCESS DENIED. Your email was rejected because

Wrong fix.

Chameleon wrote:

when we use both webmail clients, we get this in the mail.log

Seems your webmails are configured to send email withOUT smtp authentication, please double check and make sure smtp auth is enabled.

3 Reply by Chameleon

  • Chameleon
  • Member
  • Offline
  • Registered: 2013-01-22
  • Posts: 40

Re: Helo command rejected: ACCESS DENIED. Your email was rejected because

ZhangHuangbin wrote:

Wrong fix.

Chameleon wrote:

when we use both webmail clients, we get this in the mail.log

Seems your webmails are configured to send email withOUT smtp authentication, please double check and make sure smtp auth is enabled.

We didn't do anything. We have used standard deployment. Could you please tell me where to check this for both RoundCube and SOGo?

Thanks in advance.

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: Helo command rejected: ACCESS DENIED. Your email was rejected because

Chameleon wrote:

Could you please tell me where to check this for both RoundCube and SOGo?

Please check Roundcube config file /opt/www/roundcubemail/config/config.inc.php, and /etc/sogo/sogo.conf.

5 Reply by Chameleon

  • Chameleon
  • Member
  • Offline
  • Registered: 2013-01-22
  • Posts: 40

Re: Helo command rejected: ACCESS DENIED. Your email was rejected because

ZhangHuangbin wrote:
Chameleon wrote:

Could you please tell me where to check this for both RoundCube and SOGo?

Please check Roundcube config file /opt/www/roundcubemail/config/config.inc.php, and /etc/sogo/sogo.conf.

In SOGo, I have this:
// SMTP server
    SOGoSMTPServer = "smtp://127.0.0.1:587/?tls=YES&tlsVerifyMode=allowInsecureLocalhost";
    SOGoMailingMechanism = smtp;
    SOGoSMTPAuthenticationType = PLAIN;

No matter that I have commented the last line or removing port 587, nothing changes.
Same error appears in SOGO interface:
5.7.1 <localhost>: Helo command rejected: ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (localhost)

Inside the mail.log:
Jul 31 09:12:44 mail postfix/submission/smtpd[189711]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 554 5.7.1 <localhost>: Helo command rejected: ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (localhost);

Inside Rounde Cube I have this:

// SMTP
$config['smtp_server'] = 'tls://127.0.0.1';
$config['smtp_port'] = 587;
$config['smtp_user'] = '%u';
$config['smtp_pass'] = '%p';
$config['smtp_auth_type'] = 'LOGIN';
// Required if you're running PHP 5.6 or later
$config['smtp_conn_options'] = array(
    'ssl' => array(
        'verify_peer'      => false,
        'verify_peer_name' => false,
    ),
);

6 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: Helo command rejected: ACCESS DENIED. Your email was rejected because

Please show me command output:

postconf smtpd_sender_restrictions

I believe the order of restriction rules is not correct.

7 Reply by Chameleon

  • Chameleon
  • Member
  • Offline
  • Registered: 2013-01-22
  • Posts: 40

Re: Helo command rejected: ACCESS DENIED. Your email was rejected because

ZhangHuangbin wrote:

Please show me command output:

postconf smtpd_sender_restrictions

I believe the order of restriction rules is not correct.

smtpd_sender_restrictions = check_sender_access pcre:/etc/postfix/sender_access.pcre permit_mynetworks permit_sasl_authenticated reject_unknown_sender_domain


Inside sender_access.pcre specific hosts/domain, which I have marked with OK at the end,nothing else.

8 Reply by Cthulhu

  • Cthulhu
  • Member
  • Offline
  • Registered: 2019-06-04
  • Posts: 820

Re: Helo command rejected: ACCESS DENIED. Your email was rejected because

What is your mailservers hostname and PTR?

9 Reply by Chameleon (edited by Chameleon 2021-08-05 02:36:18)

  • Chameleon
  • Member
  • Offline
  • Registered: 2013-01-22
  • Posts: 40

Re: Helo command rejected: ACCESS DENIED. Your email was rejected because

Cthulhu wrote:

What is your mailservers hostname and PTR?

mail.domain.com and the PTR points to the same.
To clarify - the mail server works like charm, only from both webmails I cannot send emails and I am currently lost what can I do to fix it.

10 Reply by ms2504

  • ms2504
  • Member
  • Offline
  • Registered: 2019-06-15
  • Posts: 63

Re: Helo command rejected: ACCESS DENIED. Your email was rejected because

Don't know if it can help, this is the parameter in a working (pretty new installed) conf.

smtpd_sender_restrictions = reject_non_fqdn_sender reject_unlisted_sender permit_mynetworks permit_sasl_authenticated check_sender_access pcre:/etc/postfix/sender_access.pcre reject_unknown_sender_domain

permit_mynetwork is before check_sender_access. I would try to move parameters in this exact order.

11 Reply by Chameleon

  • Chameleon
  • Member
  • Offline
  • Registered: 2013-01-22
  • Posts: 40

Re: Helo command rejected: ACCESS DENIED. Your email was rejected because

I did that, but there is no change.

I am still getting the error when I am trying the send email via RoundCube:

Aug  5 09:39:24 mail postfix/submission/smtpd[387214]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 554 5.7.1 <localhost>: Helo command rejected: ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (localhost);

12 Reply by Chameleon

  • Chameleon
  • Member
  • Offline
  • Registered: 2013-01-22
  • Posts: 40

Re: Helo command rejected: ACCESS DENIED. Your email was rejected because

can someone help me please?

13 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: Helo command rejected: ACCESS DENIED. Your email was rejected because

Please show us command output:

postconf smtpd_helo_restrictions

14 Reply by Chameleon

  • Chameleon
  • Member
  • Offline
  • Registered: 2013-01-22
  • Posts: 40

Re: Helo command rejected: ACCESS DENIED. Your email was rejected because

ZhangHuangbin wrote:

Please show us command output:

postconf smtpd_helo_restrictions

smtpd_helo_restrictions = permit_mynetworks check_helo_access pcre:/etc/postfix/helo_access.pcre permit_sasl_authenticated reject_non_fqdn_helo_hostname reject_unknown_helo_hostname

15 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: Helo command rejected: ACCESS DENIED. Your email was rejected because

Chameleon wrote:

smtpd_helo_restrictions = permit_mynetworks check_helo_access pcre:/etc/postfix/helo_access.pcre permit_sasl_authenticated reject_non_fqdn_helo_hostname reject_unknown_helo_hostname

The correct setting is:

smtpd_helo_restrictions =
    permit_mynetworks
    permit_sasl_authenticated
    check_helo_access pcre:/etc/postfix/helo_access.pcre
    reject_non_fqdn_helo_hostname
    reject_unknown_helo_hostname

Please copy it and override your existing setting, then restart postfix service and it will solve your issue.

16 Reply by Chameleon

  • Chameleon
  • Member
  • Offline
  • Registered: 2013-01-22
  • Posts: 40

Re: Helo command rejected: ACCESS DENIED. Your email was rejected because

ZhangHuangbin wrote:
Chameleon wrote:

smtpd_helo_restrictions = permit_mynetworks check_helo_access pcre:/etc/postfix/helo_access.pcre permit_sasl_authenticated reject_non_fqdn_helo_hostname reject_unknown_helo_hostname

The correct setting is:

smtpd_helo_restrictions =
    permit_mynetworks
    permit_sasl_authenticated
    check_helo_access pcre:/etc/postfix/helo_access.pcre
    reject_non_fqdn_helo_hostname
    reject_unknown_helo_hostname

Please copy it and override your existing setting, then restart postfix service and it will solve your issue.

It worked. Thanks.