Iredmail troubleshoot postfix-helo-check-rejects-bad-configured-server » Historie » Version 1
Jeremias Keihsler, 13.01.2017 18:08
| 1 | 1 | Jeremias Keihsler | h1. Postfix rejects bad configured server |
|---|---|---|---|
| 2 | |||
| 3 | For a unknown reason a customer couldn't send mails to our iRedMail-Server. When looking into the @maillog@ we realised that the customer-mail-server was sending a illegal @HELO@. |
||
| 4 | |||
| 5 | <pre> |
||
| 6 | Nov 1 10:33:40 mail postfix/smtpd[3169]: NOQUEUE: reject: RCPT from unknown[178.23.101.244]: 554 5.7.1 <A1EXMX01.moresun.local>: Helo command rejected: Go away, bad guy (.local).; from=<J.Hille@moresuncorp.no> to=<k@keihsler.com> proto=ESMTP helo=<A1EXMX01.moresun.local> |
||
| 7 | Nov 1 10:54:58 mail postfix/smtpd[3306]: NOQUEUE: reject: RCPT from unknown[178.23.101.244]: 554 5.7.1 <A1EXMX01.moresun.local>: Helo command rejected: Go away, bad guy (.local).; from=<J.Hille@moresuncorp.no> to=<k@keihsler.com> proto=ESMTP helo=<A1EXMX01.moresun.local> |
||
| 8 | Nov 2 08:31:05 mail amavis[13858]: (13858-06) Passed CLEAN, MYUSERS LOCAL [194.209.123.2] [194.209.123.2] <k@keihsler.com> -> <J.Hille@moresuncorp.no>, Message-ID: <001901cdb8cc$03ec0110$0bc40330$@keihsler.com>, mail_id: IbpXr-Z3YK2E, Hits: -9.999, size: 26285, queued_as: D916E3F94, 1822 ms |
||
| 9 | Nov 2 08:31:05 mail postfix/smtp[14108]: E1EF73F90: to=<J.Hille@moresuncorp.no>, relay=127.0.0.1[127.0.0.1]:10024, delay=3.1, delays=1.2/0.01/0/1.8, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as D916E3F94) |
||
| 10 | Nov 2 08:31:06 mail postfix/smtp[14120]: D916E3F94: to=<J.Hille@moresuncorp.no>, relay=mx1.moresuncorp.no[178.23.101.244]:25, delay=0.83, delays=0.02/0.01/0.52/0.28, dsn=2.0.0, status=sent (250 OK: <c8d2fbda00007083@mx1.moresuncorp.no>) |
||
| 11 | </pre> |
||
| 12 | |||
| 13 | Unfortunately the customer didn't fix this issue on their side, so we needed a solution on our side. |
||
| 14 | |||
| 15 | After some research we found that @/etc/postfix/helo_access.pcre@ holds regex to filter out unwanted @HELO@s. As deactivating of this particular rule was no option we decided to modify the existing rule to allow this particular wrongly configured server. |
||
| 16 | |||
| 17 | <pre><code class="bash"> |
||
| 18 | vim /etc/postfix/helo_access.pcre |
||
| 19 | </code></pre> |
||
| 20 | |||
| 21 | <pre> |
||
| 22 | /^(?:(?!.*\.moresun\.local))(.*\.local$)/ REJECT Go away, bad guy (.local but .moresun.local). |
||
| 23 | </pre> |
||
| 24 | |||
| 25 | Don't forget to reload the postfix-configuration after doing this change |
||
| 26 | |||
| 27 | <pre><code class="bash"> |
||
| 28 | /etc/init.d/postfix reload |
||
| 29 | </code></pre> |