Unable to override postifx smtpd_helo_restrictions

[a-teece]

Contribution guidelines

• [X] I've read the contribution guidelines and wholeheartedly agree

I've found a bug and checked that ...

• [X] ... I understand that not following the below instructions will result in immediate closure and/or deletion of my issue.
• [X] ... I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
• [X] ... I have understood that answers are voluntary and community-driven, and not commercial support.
• [X] ... I have verified that my issue has not been already answered in the past. I also checked previous issues.

Description

For compatibility with the .net framework SmtpClient, and possibly other mail clients we need to remove reject_non_fqdn_helo_hostname from the smtpd_helo_restrictions option however we cannot seem to do so.

I think i've traced this to the option being supplied in master.cf instead of main.cf, and reading the postfix documentation suggests that the values in master.cf override those in main.cf - making it impossible to change the mailcow default in a supported way using extra.cf.

Equally someone may want to define a more secure value suchas as check_helo_ns_access, etc

This may affect other settings supplied in master.cf - could/should they not be in main.cf where possible to allow override?

Logs:

NOQUEUE: reject: RCPT from unknown[aa.bbb.cc.dd]: 504 5.5.2 <testagent01>: Helo command rejected: need fully-qualified hostname; from=<pipeline@xxxxxxx.net> to=<test@xxxxxx.net> proto=SMTP helo=<testagent01>

Steps to reproduce:

1. Follow the instructions at https://docs.mailcow.email/manual-guides/Postfix/u_e-postfix-extra_cf/
 1a. Add smtpd_helo_restrictions=permit_mynetworks (or any other custom value defined in https://www.postfix.org/postconf.5.html#smtpd_helo_restrictions) to /opt/mailcow-dockerized/data/conf/postfix/extra.cf
 2a. Restart postfix-mailcow
2. Try to send a test mail. See that the change has no effect.
3. Edit master.cf to comment out "-o smtpd_helo_restrictions=....."
4. Restart postfix-mailcow
5. Try to send a test mail. See that the change worked.
6. Re-introduce the original smtpd_helo_restrictions value, but in extra.cf to demonstrate it does work when in main.cf - ergo no need for it to be in master.cf:
 6a. Add smtpd_helo_restrictions=permit_mynetworks,reject_non_fqdn_helo_hostname
     to /opt/mailcow-dockerized/data/conf/postfix/extra.cf
7. Try to send a test mail. See that the original behaviour is restored, even though it is now defined elsewhere.

Which branch are you using?

master

Which architecture are you using?

x86

Operating System:

Ubuntu 22.04.2 LTS

Server/VM specifications:

4gb, 2 core

Is Apparmor, SELinux or similar active?

unknown

Virtualization technology:

Hyper-V

Docker version:

24.0.4

docker-compose version or docker compose version:

2.19.1

mailcow version:

2023-05a

Reverse proxy:

Nginx

Logs of git diff:

n/a

Logs of iptables -L -vn:

n/a

Logs of ip6tables -L -vn:

n/a

Logs of iptables -L -vn -t nat:

n/a

Logs of ip6tables -L -vn -t nat:

n/a

DNS check:

n/a

[a-teece]

Forgot to mention this is also commented in the community, but without a supported/upgrade-safe solution which is why i have logged teh bug.

https://community.mailcow.email/d/2983-helo-command-rejected

[milkmaker]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

[a-teece]

This isn't stale. It is still an active issue, it's just it hasn't been fixed yet by one of the project supporters

[DerLinkman]

Hi,

yes indeed is a bug/unintended design will be fixed with the next patch.

[DerLinkman]

Fixed in: https://github.com/mailcow/mailcow-dockerized/commit/73257151c41252f08d1e6e6eb67b0846960416a5