whitelisting poorly configured mail servers

[grungy]

I have a client who needs to get mails from certain people that have poorly configured servers....the problem is they send mails from local server with dynamic ip address and non existent hostname:

Code:

Jul 21 19:15:31 emperor postfix/smtpd[7329]: NOQUEUE: reject: RCPT from 82-68-135-86.dsl.in-addr.zen.co.uk[82.68.135.86]: 550 5.7.1 <cleint@domain>: Recipient address rejected: Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed from DNSBLs; MTA helo: ms01.freighttransport.local, MTA hostname: 82-68-135-86.dsl.in-addr.zen.co.uk[82.68.135.86] (helo/hostname mismatch); from=<patrick.burnel@freighttransport.co.uk> to=<cleint@domain> proto=ESMTP helo=<MS01.freighttransport.local>

Is there a way to allow my client to receive mails from this poorly configured server...he keeps bugging me about how he is loosing money

some kind of whitelist? searched the forum but did not find a way to whitelist a domain name, only ip address, which is dynamic so it does not help me at all...

tnx

[grungy]

All guru is on holiday?

[kilburn]

Well, maybe a bit late but you can use a postfix access map to skip policyd-weight & postgrey for this IP. I also have another access map where I can skip them on a per-recipient basis (when a customer explicitly requests it), and the config looks like this:

/etc/postfix/main.cf

Code:

...
smtpd_recipient_restrictions = reject_non_fqdn_recipient,
                               reject_unknown_recipient_domain,
                               permit_mynetworks,
                               permit_sasl_authenticated,
                               reject_unauth_destination,
                               reject_unlisted_recipient,
+                             check_client_access    hash:/etc/postfix/client_whitelist,
+                             check_recipient_access hash:/etc/postfix/recipient_whitelist,
                               check_policy_service inet:127.0.0.1:12525,
                               check_policy_service inet:127.0.0.1:60000,
                               permit
...

The /etc/postfix/client_whitelist (that must be postmapped everytime you change it) lists IP's or networks of whitelisted external servers, like:

Code:

192.168.0.1             OK
192.168.1.0/24        OK

The /etc/postfix/recipient_whitelist (also needs to be postmapped) lists recipients (single addresses or whole domains) that don't want policyd & postgrey enabled (paranoid customers that think they're loosing mails), like:

Code:

customer@domain.tld
domain.tld

That's it!

[grungy]

Is there a way to whitelist a domain for followinf rules:

reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname

[kilburn]

As policyd-weight already checks the helo and hostname settings I've disabled this restrictions in postfix, so when I whitelist a server using the described method it also bypasses those checks...