==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.6.7
- Deployed with iRedMail Easy or the downloadable installer? Installer
- Linux/BSD distribution name and version: Rocky 9.3
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MariaDB
- Web server (Apache or Nginx): Silly question
- Manage mail accounts with iRedAdmin-Pro? No
====

Hello,

I have several questions about postfix HELO whitelisting using helo_access.pcre.

1. There is an old (2013) thread here implying that helo_access.pcre is NOT effectively scanned unless one reverses the order of two rules in main.cf. Is that still true? Newer posts about helo_access don't mention anything about that.

2. The reject message is

Jan 29 16:42:34 <my-server> postfix/smtpd[474059]: NOQUEUE: reject: RCPT from srv150.services.gc.ca[198.103.223.56]: 450 4.7.1 <MLCSESD4842.hrdc-drhc.net>: Helo command rejected: Host not found; from=<remote-user@hrsdc-rhdcc.gc.ca> to=<local-user@my-domain.ca> proto=ESMTP helo=<MLCSESD4842.hrdc-drhc.net>.

From that, is the HELO id I need to whitelist *.services.gc.ca, *.hrdc-rhdcc.net, or *.hrdc-drhc ? It's hard to tell what the actual HELO response is...

3. I can't find anywhere describing the methodology for creating the exact line in helo_access.pcre. My guess is

/^\.hrdc-drhc\.net$/ OK

Is that right? Do I really need the backslash escape before each dot?

4. Is there a guide for this? All I can find is https://www.postfix.org/access.5.html which explains the processing order, but not the detailed use of the delimiters.

Thanks for all help as always,
Paul