Hello there,
My main.cf configuration is as follows. I cannot receive emails from domains and ip addresses that I have whitelisted.
Returning error:
450 4.7.25 Client host rejected: cannot find your hostname...
I guess because of reject_invalid_hostname.
Why am I getting such an error even though I have whitelisted it?
How can I do without removing the reject_invalid_hostname rule? Can someone help me? Where did I go wrong? My brain has stopped
#MAIN.CFheader_checks = regexp:/etc/postfix/header_checks
# HELO restriction
smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
check_helo_access pcre:/etc/postfix/helo_access,
#reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname,
reject_invalid_hostname,
reject_unknown_helo_hostname
# Client restrictions
smtpd_client_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unknown_client
# Sender restrictions
smtpd_sender_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
check_sender_access hash:/etc/postfix/sender_whitelist,
check_sender_access pcre:/etc/postfix/reject_domains,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
#reject_unverified_sender
# Recipient restrictions
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
check_policy_service inet:127.0.0.1:10031,
check_recipient_access hash:/etc/postfix/sender_whitelist,
check_recipient_access hash:/etc/postfix/sender_blacklist,
reject_unauth_destination,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_rhsbl_helo dbl.spamhaus.org,
reject_rhsbl_reverse_client dbl.spamhaus.org,
reject_rhsbl_sender dbl.spamhaus.org,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client b.barracudacentral.org
# Relay restrictions
smtpd_relay_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
check_policy_service inet:127.0.0.1:10031,
reject_unauth_destination
# Other restrictions
smtpd_delay_reject = yes
unknown_local_recipient_reject_code = 550
disable_vrfy_command = yes
smtpd_data_restrictions = reject_unauth_pipelining
enable_original_recipient = no
show_user_unknown_table_name = no
#SENDER_WHITELISTmail.gelirler.gov.tr OK
#mail.gelirler.gov.tr ip adresi
212.133.164.130 OK
bplas.com.tr OK
bsmtp2.iletisim.yapikredi.com.tr OK
bsmtp3.iletisim.yapikredi.com.tr OK
bsmtp4.iletisim.yapikredi.com.tr OK
bsmtp5.iletisim.yapikredi.com.tr OK
bsmtp6.iletisim.yapikredi.com.tr OK
bsmtp7.iletisim.yapikredi.com.tr OK
bsmtp8.iletisim.yapikredi.com.tr OK
bsmtp9.iletisim.yapikredi.com.tr OK
#*.iletisim.yapikredi.com.tr ip adresleri
193.254.229.41 OK
193.254.229.43 OK
193.254.229.44 OK
193.254.229.45 OK
193.254.229.46 OK
193.254.229.47 OK
193.254.229.48 OK
193.254.229.49 OK
#HELO_ACCESS/^(etebligat2-esg\.ggm\.bim)$/ OK
/^(bsmtp2\.iletisim\.yapikredi\.com\.tr)$/ OK
/^(bsmtp3\.iletisim\.yapikredi\.com\.tr)$/ OK
/^(bsmtp4\.iletisim\.yapikredi\.com\.tr)$/ OK
/^(bsmtp5\.iletisim\.yapikredi\.com\.tr)$/ OK
/^(bsmtp6\.iletisim\.yapikredi\.com\.tr)$/ OK
/^(bsmtp7\.iletisim\.yapikredi\.com\.tr)$/ OK
/^(bsmtp8\.iletisim\.yapikredi\.com\.tr)$/ OK
/^(bsmtp9\.iletisim\.yapikredi\.com\.tr)$/ OK
/^(askcsmgapp06\.anadolusigorta\.pvt)$/ OK
# No one will use these in helo command.
/^(localhost)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/^(localhost.localdomain)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/(\.local)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
# Reject who use IP address as helo.
# Correct: [xxx.xxx.xxx.xxx]
# Incorrect: xxx.xxx.xxx.xxx
/^([0-9\.]+)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server sent non RFC compliant HELO identity (${1})
#
# This is the real HELO identify of these ISPs:
# sohu.com websmtp.sohu.com relay2nd.mail.sohu.com
# 126.com m15-78.126.com
# 163.com m31-189.vip.163.com m13-49.163.com
# sina.com mail2-209.sinamail.sina.com.cn
# gmail.com xx-out-NNNN.google.com
/^(126\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1})
/^(163\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1})
/^(163\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1})
/^(sohu\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1})
/^(gmail\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1})
/^(google\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1})
/^(yahoo\.com\.cn)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1})
/^(yahoo\.co\.jp)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1})
#
# Reject adsl spammers.
#
# match word `adsl` with word boundary `\b`.
/(\badsl\b)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
# bypass "[IP_ADDRESS]"
/^\[(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\]$/ OK
# Bypass HELOs used by known big ISPs which contains IP address
/\.outbound-(email|mail)\.sendgrid\.net$/ OK
/^\d{1,3}-\d{1,3}-\d{1,3}-\d{1,3}\.mail-(mail|campmail)\.facebook\.com$/ OK
/^outbound-\d{1,3}-\d{1,3}-\d{1,3}-\d{1,3}\.pinterestmail\.com$/ OK
/\.outbound\.protection\.outlook\.com$/ OK
/^ec2-\d{1,3}-\d{1,3}-\d{1,3}-\d{1,3}\..*\.compute\.amazonaws\.com$/ OK
/^out\d{1,3}-\d{1,3}-\d{1,3}-\d{1,3}\.mail\.qq\.com$/ OK
# reject HELO which contains IP address
/(\d{1,3}[\.-]\d{1,3}[\.-]\d{1,3}[\.-]\d{1,3})/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
/(\d{1,3}\.ip\.-\d{1,3}-\d{1,3}-\d{1,3}\.eu)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
/(pppoe)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
/(dsl\.brasiltelecom\.net\.br)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
/(dsl\.optinet\.hr)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
/(dsl\.telesp\.net\.br)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
/(dialup)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
/(dhcp)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
/(static-pool-[\d\.-]*\.flagman\.zp\.ua)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
.....
Topic: Postfix whitelist problem (Read 5044 times)
