CL_IP_NE_HELO=1.5 RESOLVED_IP_IS_NOT_HELO Postfix config

    Hi,
    Have a few clients who receive emails from people who have not setup their DNS properly. Looks like by default Postfix blocks this. Can I open this to allow for these badly configured email servers?


    root@sosaria:/var/log# cat mail.log | grep azulejosbrihuega.com
    Jan 20 10:52:51 sosaria postfix/smtp[27188]: 03CA7195A7BC: to=<[email protected]>, relay=azulejosbrihuega.com[178.33.167.48]:25, delay=2.1, delays=0.55/0/0.4/1.1, dsn=2.0.0, status=sent (250 OK id=1W5Bfq-004LmD-P0)
    Jan 20 11:07:51 sosaria postfix/policyd-weight[21901]: decided action=550 temporarily blocked because of previous errors - retrying too fast. penalty: 30 seconds x 0 retries.; <client=79.148.117.177> <helo=ayptorw3s042.azulejos.local> <[email protected]> <[email protected]>; delay: 0s
    Jan 20 11:07:51 sosaria postfix/smtpd[27492]: NOQUEUE: reject: RCPT from 177.Red-79-148-117.staticIP.rima-tde.net[79.148.117.177]: 550 5.7.1 <[email protected]>: Recipient address rejected: temporarily blocked because of previous errors - retrying too fast. penalty: 30 seconds x 0 retries.; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<ayptorw3s042.AZULEJOS.LOCAL>
    Jan 20 13:08:09 sosaria postfix/smtp[29906]: 7C58A195A7A0: to=<[email protected]>, relay=azulejosbrihuega.com[178.33.167.48]:25, delay=6.7, delays=6.1/0/0.36/0.2, dsn=2.0.0, status=sent (250 OK id=1W5Dmn-000VXx-Mt)
    Jan 20 13:11:02 sosaria postfix/policyd-weight[21900]: weighted check: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 BL_NJABL=SKIP(-1.5) CL_IP_NE_HELO=1.5 RESOLVED_IP_IS_NOT_HELO=1.5 (check from: .azulejosbrihuega. - helo: .ayptorw3s042.azulejos. - helo-domain: .azulejos.) FROM_NOT_FAILED_HELO(DOMAIN)=3; <client=79.148.117.177> <helo=ayptorw3s042.azulejos.local> <[email protected]> <[email protected]>; rate: 1.5
    Jan 20 13:11:02 sosaria postfix/policyd-weight[21900]: decided action=550 Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed from DNSBLs; MTA helo: ayptorw3s042.azulejos.local, MTA hostname: 177.red-79-148-117.staticip.rima-tde.net[79.148.117.177] (helo/hostname mismatch); <client=79.148.117.177> <helo=ayptorw3s042.azulejos.local> <[email protected]> <[email protected]>; delay: 1s
    Jan 20 13:11:02 sosaria postfix/smtpd[29957]: NOQUEUE: reject: RCPT from 177.Red-79-148-117.staticIP.rima-tde.net[79.148.117.177]: 550 5.7.1 <[email protected]>: Recipient address rejected: Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed from DNSBLs; MTA helo: ayptorw3s042.azulejos.local, MTA hostname: 177.red-79-148-117.staticip.rima-tde.net[79.148.117.177] (helo/hostname mismatch); from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<ayptorw3s042.AZULEJOS.LOCAL>
    Jan 20 13:27:30 sosaria postfix/smtp[30274]: C40C0195B080: to=<[email protected]>, relay=azulejosbrihuega.com[178.33.167.48]:25, delay=8.8, delays=7.6/0/0.13/1.1, dsn=2.0.0, status=sent (250 OK id=1W5E5V-000aop-OF)


    I've checked and the domain is not listed in the spam lists. Whats the best approach to allow this good emails?
    Thanks,
    Rob

    perl /usr/local/src/imscp/imscp-autoinstall -dsr mailfilters
    choose yes at policyweightd helo/ehlo

    Edited once, last by flames ().

    Quote from flames


    perl /usr/local/src/imscp/imscp-autoinstall -dsr mailfilters
    choose yes at policyweightd helo/ehlo


    :(


    Still having problems :( Postgrey seems to be delaying lots of good email too. :(


    Jan 24 12:49:28 sosaria postfix/smtpd[11960]: initializing the server-side TLS engine
    Jan 24 12:49:28 sosaria postfix/smtpd[11960]: connect from mo1.mail-out.ovh.net[178.32.228.1]
    Jan 24 12:49:30 sosaria postfix/policyd-weight[13615]: weighted check: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 BL_NJABL=SKIP(-1.5) CL_IP_EQ_HELO_IP=-2 (check from: .durstone. - helo: .mo1.mail-out.ovh. - helo-domain: .ovh.) FROM/MX_MATCHES_HELO(DOMAIN)=-2; <client=178.32.228.1> <helo=mo1.mail-out.ovh.net> <[email protected]> <[email protected]>; rate: -8.5
    Jan 24 12:49:30 sosaria postfix/policyd-weight[13615]: decided action=PREPEND X-policyd-weight: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 BL_NJABL=SKIP(-1.5) CL_IP_EQ_HELO_IP=-2 (check from: .durstone. - helo: .mo1.mail-out.ovh. - helo-domain: .ovh.) FROM/MX_MATCHES_HELO(DOMAIN)=-2; rate: -8.5; <client=178.32.228.1> <helo=mo1.mail-out.ovh.net> <[email protected]> <[email protected]>; delay: 1s
    Jan 24 12:49:30 sosaria postgrey[11066]: action=greylist, reason=new, client_name=mo1.mail-out.ovh.net, client_address=178.32.228.1, [email protected], [email protected]
    Jan 24 12:49:30 sosaria postfix/smtpd[11960]: NOQUEUE: reject: RCPT from mo1.mail-out.ovh.net[178.32.228.1]: 450 4.2.0 <[email protected]>: Recipient address rejected: Greylisted, see http://postgrey.schweikert.ch/help/paxcroix.com.html; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mo1.mail-out.ovh.net>
    Jan 24 12:49:34 sosaria postfix/smtpd[11960]: disconnect from mo1.mail-out.ovh.net[178.32.228.1]

    postgrey delays every mail, good and bad. while good mails will be resent by good servers, spam is not. either your customers are ok with a delay or you disable postgrey and accept 90% more spam ;)

    Well, by using blacklists and a well-trained spamassassin, there are not many spam-leftovers. At least 90% is blocked this way on my system by using IX'/spamhaus'/spamcop's blacklist. If I was a customer, I wouldn't accept mails to be delayed. Especially while registering anywhere, this delay is really annoying.


    Well, this is my personal opinion.
    robbo007: I'd say you have to make a decision. If you (and your customers) don't like greylisting => deactivate it.

    judging on the previous questions, i guess robbo007 won't be able to setup a good working antispam setup and will rely on the default settings. anyway:
    blacklist check is enabled by i-mscp with policyweightd, you can still optimize it.
    for spamassassin and antivirus there are plugins from TheCry and mrpink

    Quote from flames


    judging on the previous questions, i guess robbo007 won't be able to setup a good working antispam setup and will rely on the default settings. anyway:
    blacklist check is enabled by i-mscp with policyweightd, you can still optimize it.
    for spamassassin and antivirus there are plugins from TheCry and mrpink


    I think the main problems here are: helo/hostname mismatch); Hows can I open my server up a little more. I think I prefer to have spam and all mail arriving no delays or blocked because of bad HELO configs on remote server.


    Could you point me to the right files to edit for the bad HELO and deactivate the greylisting?


    Example of bad helo as well.


    <helo=ayptorw3s042.azulejos.local> <[email protected]> <[email protected]>; delay: 6s
    Jan 21 22:45:31 sosaria postfix/smtpd[2972]: NOQUEUE: reject: RCPT from 177.Red-79-148-117.staticIP.rima-tde.net[79.148.117.177]: 550 5.7.1 <[email protected]>: Recipient address rejected: Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed from DNSBLs; MTA helo: ayptorw3s042.azulejos.local, MTA hostname: 177.red-79-148-117.staticip.rima-tde.net[79.148.117.177] (helo/hostname mismatch); from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<ayptorw3s042.AZULEJOS.LOCAL>


    Thanks,
    Rob

    Edited once, last by robbo007 ().


    Hello ;


    Poor man ;) How dare you... Such question without even search before... ;)


    Well, I'm in a beautiful day so:


    Edit your /etc/postfix/main.cf file and remove (or comment) these two lines:


    Code
    1. check_policy_service inet:127.0.0.1:12525,check_policy_service inet:127.0.0.1:10023,


    Once it's done, restart Postfix:


    Code
    1. # service postfix restart


    You can also stop postgrey and policyd


    Code
    1. # service postgrey stop
    2. # service policyd-weight stop


    That all.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    SSH key for online support

    Edited once, last by Nuxwin ().

    You could also install and use the Postscreen Plugin. There in the config you could deactivate postgrey and policyd-weight and it will also stay removed after an I-MSCP upgrade.


    And Postscreen is also filtering a lot of Spam before it will reach your MTA.