diff --git a/en_US/upgrade/0-upgrade.iredmail.0.9.9-1.0.md b/en_US/upgrade/0-upgrade.iredmail.0.9.9-1.0.md
index 1ba2885b..de9a720c 100644
--- a/en_US/upgrade/0-upgrade.iredmail.0.9.9-1.0.md
+++ b/en_US/upgrade/0-upgrade.iredmail.0.9.9-1.0.md
@@ -87,8 +87,8 @@ DNS records (especially your internal mail domains used in LAN). Please follow
steps below to fix it.
* Open file `/etc/postfix/main.cf` (Linux/OpenBSD) or
-`/usr/local/etc/postfix/main.cf` (FreeBSD), find parameter
-`smtpd_sender_restrictions` like below:
+ `/usr/local/etc/postfix/main.cf` (FreeBSD), find parameter
+ `smtpd_sender_restrictions` like below:
```
smtpd_sender_restrictions =
@@ -109,6 +109,28 @@ smtpd_sender_restrictions =
* Reloading or restarting Postfix service is required.
+### Fixed: fix improper HELO rule which blocks new Facebook servers
+
+Facebook has some new servers which uses `
/etc/postfix/main.cf
(Linux/OpenBSD) or
-/usr/local/etc/postfix/main.cf
(FreeBSD), find parameter
-smtpd_sender_restrictions
like below:/usr/local/etc/postfix/main.cf
(FreeBSD), find parameter
+ smtpd_sender_restrictions
like below:
smtpd_sender_restrictions =
reject_unknown_sender_domain
@@ -155,6 +156,25 @@ steps below to fix it.
- Reloading or restarting Postfix service is required.
+Fixed: fix improper HELO rule which blocks new Facebook servers
+Facebook has some new servers which uses <ip>.mail-mail.facebook.com
as
+HELO identities, this is blocked by the default HELO rules configured by
+iRedMail-0.9.9 and earlier releases. Please fix it with EITHER step described
+below, but solution 1 is the recommended.
+
+- Prepend line below in
/etc/postfix/helo_access.pcre
(Linux/OpenBSD) and
+ /usr/local/etc/postfix/helo_access.pcre
(FreeBSD):
+
+/^\d{1,3}-\d{1,3}-\d{1,3}-\d{1,3}\.mail-mail\.facebook\.com$/ DUNNO
+
+
+
+- Or, find line below in
helo_access.pcre
and remove it.
+
+/(\d{1,3}[\.-]\d{1,3}[\.-]\d{1,3}[\.-]\d{1,3})/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery
+
+
+Reloading or restarting Postfix service is required.
Fixed: Incorrect SSL CA file path in Postfix on FreeBSD and OpenBSD
Attention