1 Topic by pnunn

  • pnunn
  • Member
  • Offline
  • Registered: 2020-08-28
  • Posts: 11

Topic: Whitelisting hostnames for delivery.

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release):
1.3.1 PGSQL edition.
- Deployed with iRedMail Easy or the downloadable installer?
Downloadable
- Linux/BSD distribution name and version:
Ubuntu 20.10
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
PGSQL
- Web server (Apache or Nginx):
Nginx
- Manage mail accounts with iRedAdmin-Pro?
No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
Hi guys,

I need to be able to accept logwatch emails from made up host names (ie, there not in any dns anywhere) into a mail list I've created following the alias directions on here.

The problem is, they are being correctly rejected at the moment with

 NOQUEUE: reject: RCPT from unknown[103.97.55.20]: 450 4.7.1 <bangofw.marketdispatch.com.au>: Helo command rejected: Host not found; from=<pnunn@bangofw.marketdispatch.com> to=<logwatch@infoteq.com.au> proto=ESMTP helo=<bangofw.marketdispatch.com.au>

Any easy way around this?

Ta.. Peter

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,787

Re: Whitelisting hostnames for delivery.

Whitelist it in /etc/postfix/helo_access.pcre.

3 Reply by pnunn (edited by pnunn 2020-12-16 11:06:02)

  • pnunn
  • Member
  • Offline
  • Registered: 2020-08-28
  • Posts: 11

Re: Whitelisting hostnames for delivery.

ZhangHuangbin wrote:

Whitelist it in /etc/postfix/helo_access.pcre.


Thanks @ZhangHuangbin, I can see the file is rejecting a lot of good stuff that is should, but I'm not sure how I whitelist this one group of IP addresses (I assume its being rejected because of the IP address, not the not found domin?).

I tried putting

/^(103.169.254)/ OK

at the start of helo_access_pcre, but that didn't work, and I've realized that I need to send email from machines that are on private lans on the systems as well (10.10.2.2 etc).

Is there a way around this? Really going to cause me issues if not.  I can set up dns for the external (firewall) machines, but not easily for the internal ones.


Thanks.

Peter.

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,787

Re: Whitelisting hostnames for delivery.

The rejection is based on HELO hostname, not IP. So you can whitelist it like this:

# Match the single one HELO hostname.
/^bangofw\.marketdispatch\.com\.au$/ OK

# Match any sub-domain ends with ".marketdispatch.com.au"
/\.marketdispatch\.com\.au$/ OK

# Match any sub-domain ends with ".com.au"
/\.com\.au$/ OK

Use the one you need.

Note: add your whitelist at the top of file.

5 Reply by pnunn

  • pnunn
  • Member
  • Offline
  • Registered: 2020-08-28
  • Posts: 11

Re: Whitelisting hostnames for delivery.

Thank you again Zhang, I have added the second option but now get

Dec 22 18:07:48 mail3 postfix/smtpd[397587]: Anonymous TLS connection established from unknown[103.97.55.20]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)
Dec 22 18:07:49 mail3 postfix/smtpd[397587]: NOQUEUE: reject: RCPT from unknown[103.97.55.20]: 554 5.7.1 <pnunn@infoteq.com.au>: Recipient address rejected: SMTP AUTH is required for users under this sender domain; from=<pnunn@marketdispatch.com.au> to=<pnunn@infoteq.com.au> proto=ESMTP helo=<bangofw.marketdispatch.com.au>

However, the bounce message from the sending mail server now does get through.. which is odd..

Reporting-MTA: dns; bangofw.marketdispatch.com.au
X-Postfix-Queue-ID: 0F80C3EB
X-Postfix-Sender: rfc822; pnunn@marketdispatch.com.au
Arrival-Date: Tue, 22 Dec 2020 17:42:20 +1000 (AEST)

Final-Recipient: rfc822; pnunn@infoteq.com.au
Original-Recipient: rfc822;pnunn@infoteq.com.au
Action: failed
Status: 5.7.1
Remote-MTA: dns; mail3.infoteq.com.au
Diagnostic-Code: smtp; 554 5.7.1 <pnunn@infoteq.com.au>: Recipient address
    rejected: SMTP AUTH is required for users under this sender domain

but I need to be able to send email like this without having to auth to the server, that's crazy, all I'm trying to do is send email to pnunn@infoteq.com.au...

Not sure where to go  from here.