search

mailcow / mailcow-dockerized

mailcow: dockerized - 🐮 + 🐋 = 💕
https://mailcow.email
GNU General Public License v3.0
9.06k stars 1.18k forks source link

How to whitelist a host that does not have a PTR/ReverseDNS set? #1536

Closed apintocr closed 6 years ago

apintocr commented 6 years ago

Hello,

I have a client (not mailcow) that is trying to send me an email, however our server (mailcow) but keeps being rejected due to a bad PTR setup (no PTR set actually), I've told them to fix it however I need to be able to receive emails from them and I cannot wait for them to fix the issue (if they fix it...).

How to whitelist a host that does not have a PTR/ReverseDNS set?

I have already tried to add the as a relay host, however postfix still rejects it (log bellow)

7/3/2018, 5:24:49 PM | info | disconnect from unknown[11.22.33.44] ehlo=2 starttls=1 mail=1 rcpt=0/1 quit=1 commands=5/6
-- | -- | --
7/3/2018, 5:24:49 PM | info | NOQUEUE: reject: RCPT from unknown[11.22.33.44]: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [11.22.33.44]; from=<sender@mail.tld> to=<myname@mydomain.tld> proto=ESMTP helo=<EXCHSRV.mail.tld>
7/3/2018, 5:24:49 PM | info | Anonymous TLS connection established from unknown[11.22.33.44]: TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)
7/3/2018, 5:24:48 PM | info | connect from unknown[11.22.33.44]
7/3/2018, 5:24:48 PM | info | WHITELISTED [11.22.33.44]:59010
7/3/2018, 5:24:48 PM | info | Look up 11.22.33.44 on whitelist, result 200 PERMIT
7/3/2018, 5:24:48 PM | info | CONNECT from [11.22.33.44]:59010 to [172.22.1.7]:25

How can I work around this is a way that is mailcow-update compatible? :)

EDIT: I know I can just remove reject_unknown_reverse_client_hostname from main.cf, however I want to allow some hosts, not all :)

Thank you

Arkaniod commented 6 years ago

The magic word is "Forwarding Hosts" and can be found in the adminpanel under "Configuration"

Good luck!

mkuron commented 6 years ago

I don't think forwarding hosts will help. The whitelist is checked after Postfix checks for a PTR.

It's not RFC-compliant to send email from a host without a PTR, so your client will have trouble sending to most other servers. So we are not going to bother implementing a fix, but you can of course remove reject_unknown_reverse_client_hostname and risk getting more spam.