Dec 29, 2023: iRedMail-1.6.8 has been released.

**napoleon.lam** · 2017-10-26 15:37:09

napoleon.lam
Member
Offline

Registered: 2017-08-30
Posts: 80

Topic: how to whitelist domain with its IP

==== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
Iredadmin-Pro 3.0
Iredmain 0.9.7
centos 7

Hi Zhang,

I have a client which might not have DNS set up correctly
and i see on the mail log
Oct 22 04:01:07 ct-openldap postfix/smtpd[7478]: NOQUEUE: reject: RCPT from unknown[175.45.36.69]: 450 4.7.1 CDSSRVDCEX01.hkdc.cds-net.com: Helo command rejected: Host not found; from=kivenwang@cdsshanghai.com.cn to=carl.shen@OURDOMAIN.comproto=ESMTP helo=CDSSRVDCEX01.hkdc.cds-net.com

We could not received their mail as it being reject by our mail server
they ask us the put them on the whitelist with its IP, they said this way our mail server will check the domain and its IP, but i could only seen the domain to be added in whitelist, there is no place to add ip.

We temporary disable the reject_unknown_helo_hostname by removing it in main.cf

# HELO restriction
smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks
permit_sasl_authenticated
check_helo_access pcre:/etc/postfix/helo_access.pcre
reject_non_fqdn_helo_hostname
reject_unknown_helo_hostname <---by removing this

but i know if there is a place to whitelist its domain corresponding to the IP, like we are creating there DNS record. it could solved the problem. we are using the iredadmin -PRO

Thanks

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

**ZhangHuangbin** · 2017-10-26 17:54:13

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 30,788

Re: how to whitelist domain with its IP

*) You don't need to remove "reject_unknown_helo_hostname", please revert the change.
*) The correct way to fix this issue is whitelisting this client's HELO hostname "CDSSRVDCEX01.hkdc.cds-net.com" in /etc/postfix/helo_access.pcre. If this user sent from "<random>.hkdc.cds-net.com", you can whitelist "hkdc.cds-net.com" instead. For example:

/^CDSSRVDCEX01\.hkdc\.cds-net\.com$/ OK

No service restart or reload required after modified /etc/postfix/helo_access.pcre.

**napoleon.lam** · 2017-10-31 12:32:26

napoleon.lam
Member
Offline

Registered: 2017-08-30
Posts: 80

Re: how to whitelist domain with its IP

Hi Zhang,
as of below
Oct 31 10:19:19 ct-openldap postfix/postscreen[29195]: CONNECT from [175.45.36.69]:56699 to [10.4.0.2]:25
Oct 31 10:19:25 ct-openldap postfix/postscreen[29195]: PASS OLD [175.45.36.69]:56699
Oct 31 10:19:25 ct-openldap postfix/postscreen[29195]: warning: psc_cache_update: btree:/var/lib/postfix/postscreen_cache update average delay is 184 ms
Oct 31 10:19:25 ct-openldap postfix/smtpd[2343]: warning: hostname mail1.cds.com.hk does not resolve to address 175.45.36.69
Oct 31 10:19:25 ct-openldap postfix/smtpd[2343]: connect from unknown[175.45.36.69]
Oct 31 10:19:25 ct-openldap postfix/smtpd[2343]: Anonymous TLS connection established from unknown[175.45.36.69]: TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
Oct 31 10:19:25 ct-openldap postfix/smtpd[2343]: NOQUEUE: reject: RCPT from unknown[175.45.36.69]: 450 4.7.1 <CDSSRVDCEX02.hkdc.cds-net.com>: Helo command rejected: Host not found; from=<NatureXu@cdsshanghai.com.cn> to=<aXXXi@ourdomain.com> proto=ESMTP helo=<CDSSRVDCEX02.hkdc.cds-net.com>
Oct 31 10:19:25 ct-openldap postfix/smtpd[2343]: NOQUEUE: reject: RCPT from unknown[175.45.36.69]: 450 4.7.1 <CDSSRVDCEX02.hkdc.cds-net.com>: Helo command rejected: Host not found; from=<NatureXu@cdsshanghai.com.cn> to=<cXXX@ourdomain.com> proto=ESMTP helo=<CDSSRVDCEX02.hkdc.cds-net.com>
Oct 31 10:19:25 ct-openldap postfix/smtpd[2343]: NOQUEUE: reject: RCPT from unknown[175.45.36.69]: 450 4.7.1 <CDSSRVDCEX02.hkdc.cds-net.com>: Helo command rejected: Host not found; from=<NatureXu@cdsshanghai.com.cn> to=<aXXX@ourdomain.com> proto=ESMTP helo=<CDSSRVDCEX02.hkdc.cds-net.com>
Oct 31 10:19:25 ct-openldap postfix/smtpd[2343]: NOQUEUE: reject: RCPT from unknown[175.45.36.69]: 450 4.7.1 <CDSSRVDCEX02.hkdc.cds-net.com>: Helo command rejected: Host not found; from=<NatureXu@cdsshanghai.com.cn> to=<cXXX@ourdomain.com> proto=ESMTP helo=<CDSSRVDCEX02.hkdc.cds-net.com>
Oct 31 10:19:26 ct-openldap postfix/smtpd[2343]: NOQUEUE: reject: RCPT from unknown[175.45.36.69]: 450 4.7.1 <CDSSRVDCEX02.hkdc.cds-net.com>: Helo command rejected: Host not found; from=<NatureXu@cdsshanghai.com.cn> to=<maXXX@ourdomain.com> proto=ESMTP helo=<CDSSRVDCEX02.hkdc.cds-net.com>
@

As seen hostname mail1.cds.com.hk does not resolve to address 175.45.36.69

I found out there mail server is mail1.cds.com.hk
so I now add this config to said file

/^CDSSRVDCEX01\.hkdc\.cds-net\.com$/ OK
/^mail1\.cds\.com\.hk$/ OK

I want to know before the mail coming have been denied, why on quarantine mail could not see that mail. Is it on this kind of situation( reject: RCPT from unknown[175.45.36.69]: 450 4.7.1 <CDSSRVDCEX02.hkdc.cds-net.com>: Helo command rejected: Host not found; from=<NatureXu@cdsshanghai.com.cn> to=<aXXXi@ourdomain.com> proto=ESMTP helo=<CDSSRVDCEX02.hkdc.cds-net.com>), it will not quarantine the mail?

**ZhangHuangbin** · 2017-10-31 13:23:23

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 30,788

Re: how to whitelist domain with its IP

napoleon.lam wrote:

Oct 31 10:19:26 ct-openldap postfix/smtpd[2343]: NOQUEUE: reject: RCPT from unknown[175.45.36.69]: 450 4.7.1 <CDSSRVDCEX02.hkdc.cds-net.com>: Helo command rejected: Host not found; from=<NatureXu@cdsshanghai.com.cn> to=<maXXX@ourdomain.com> proto=ESMTP helo=<CDSSRVDCEX02.hkdc.cds-net.com>

As you can see, the HELO hostname changed. In your first post, it's CDSSRVDCEX01, but this one is CDSSRVDCEX02.

You can try to whitelist its subdomain like this:

/\.hkdc\.cds-net\.com$/ OK

Dec 29, 2023: iRedMail-1.6.8 has been released.

how to whitelist domain with its IP

Posts: 4

1 Topic by napoleon.lam 2017-10-26 15:37:09

Topic: how to whitelist domain with its IP

2 Reply by ZhangHuangbin 2017-10-26 17:54:13

Re: how to whitelist domain with its IP

3 Reply by napoleon.lam 2017-10-31 12:32:26

Re: how to whitelist domain with its IP

4 Reply by ZhangHuangbin 2017-10-31 13:23:23

Re: how to whitelist domain with its IP

Posts: 4