[SOLVED] Allow internal IP address to connect with empty HELO

larsen

Active Member
Feb 28, 2020
157
17
38
We have an internal HP MSA2040 SAN where I can configure email settings to send notifications, but unfortunately the system doesn't allow to configure any other port than 25. As the system doesn't send a HELO, connections are denied:

Code:
postfix/postscreen[58745]: CONNECT from [192.168.120.27]:47681 to [192.168.120.5]:25
postfix/postscreen[58745]: WHITELISTED [192.168.120.27]:47681
postfix/smtpd[58746]: connect from unknown[192.168.120.27]
postfix/smtpd[58746]: NOQUEUE: reject: RCPT from unknown[192.168.120.27]: 504 5.5.2 <none>: Helo command rejected: need fully-qualified hostname; from=<msa2040@example.com> to=<jdoe@example.com> proto=ESMTP helo=<none>
postfix/smtpd[58746]: disconnect from unknown[192.168.120.27] ehlo=1 mail=1 rcpt=0/1 data=0/1 noop=1 quit=1 commands=4/6

I have added 192.168.120.27/32 as a trusted network, but that is not sufficient. How can I allow connections from that IP (not generally) without a HELO?
 
As you're using a fixed IP, you can use the firewall to forward from port 25 to port 26 on localhost for that IP only.
So for IP 192.168.120.27 forward any packets that arrive on port 25 on localhost from that IP to port 26 on localhost.


Da es sich hier um eine fixe IP im internen Netz handelt, könntest du per Firewall Regel diese umleiten auf einen anderen Port. Also eingehend von 192.168.120.27 auf Port 25 wird dann von der Firewall auf localhost Port 26 umgeleitet.
 
Last edited:
Very good idea! Solved with this:
iptables -t nat -A PREROUTING -p tcp -s 192.168.120.27 --dport 25 -j REDIRECT --to-ports 26
(Persistance via Webmin to manage the firewall rules)

Thanks!
 
Sorry, for some reason I replied in German. Sometimes mixups do happen when you provide support in both languages and mix them all day.

I've edited the post above to include the english version of the text.
 
No problem, German is my native language. Just prefer to communicate in English so more other users can potentially benefit from it.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!