My main.cf configuration is as follows. I cannot receive emails from domains or ip addresses that I have whitelisted.
Error: 450 4.7.25 Client host rejected: cannot find your hostname... OR 450 4.7.1 Helo command rejected: Host not found...
I guess because of reject_invalid_hostname and reject_non_fqdn_helo_hostname.
Why am I getting such an error even though I have whitelisted it? How can I do without removing the reject_invalid_hostname rule and reject_non_fqdn_helo_hostname?
If there is a match in the filter, postfix should apply the relevant rule. If there is no match, postfix should follow the next rules. Shouldn't that be the case logically?
Can someone help me? Where did I go wrong?
Sorry for my English. Thank you everyone in advance.
### main.cf:
..........
header_checks = regexp:/etc/postfix/header_checks
#HELO restriction
smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
check_helo_access pcre:/etc/postfix/helo_access,
#reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname,
reject_invalid_hostname,
reject_unknown_helo_hostname
#Client restrictions
smtpd_client_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unknown_client
#Sender restrictions
smtpd_sender_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
check_sender_access hash:/etc/postfix/sender_whitelist,
check_sender_access pcre:/etc/postfix/reject_domains,
reject_non_fqdn_sender,
#reject_unverified_sender,
reject_unknown_sender_domain
#Recipient restrictions
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
check_policy_service inet:127.0.0.1:10031,
check_recipient_access hash:/etc/postfix/sender_whitelist,
check_recipient_access hash:/etc/postfix/sender_blacklist,
reject_unauth_destination,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_rhsbl_helo dbl.spamhaus.org,
reject_rhsbl_reverse_client dbl.spamhaus.org,
reject_rhsbl_sender dbl.spamhaus.org,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client b.barracudacentral.org,
reject_rbl_client zombie.dnsbl.sorbs.net,
reject_rbl_client spam.dnsbl.anonmails.de,
reject_rbl_client dyna.spamrats.com,
reject_rbl_client spam.spamrats.com
#Relay restrictions
smtpd_relay_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
check_policy_service inet:127.0.0.1:10031,
reject_unauth_destination
#Other restrictions
smtpd_delay_reject = yes
unknown_local_recipient_reject_code = 550
disable_vrfy_command = yes
smtpd_data_restrictions = reject_unauth_pipelining
enable_original_recipient = no
show_user_unknown_table_name = no
.........
### sender_whitelist:
.........
mail.gelirler.gov.tr OK
#mail.gelirler.gov.tr ip adresi
212.133.164.130 OK
bplas.com.tr OK
bsmtp2.iletisim.yapikredi.com.tr OK
bsmtp3.iletisim.yapikredi.com.tr OK
.........
In your smtpd_helo_restrictions you show check_helo_access pcre:/etc/postfix/helo_access, however you do not show the contents of /etc/postfix/helo_access, do you have such a file? you are showing the contents of "sender_whitlist" if your /etc/postfix/helo_access file is similar you do not need to use "pcre" just use;
in main.cf check_helo_access hash:/etc/postfix/helo_access,
make sure you have the domain/ip in /etc/postfix/helo_access file and run postmap /etc/postfix/helo_access then reload postfix.
(if you do use regex in your etc/postfix/helo_access obviously use pcre: instead of hash:)