From de58cf48fcfe2994102498682728c00424de2441 Mon Sep 17 00:00:00 2001
From: Zhang Huangbin
Date: Mon, 11 Nov 2019 23:29:42 +0800
Subject: [PATCH] Sync upgrade tutorial of iRedMail-1.0.
---
en_US/upgrade/0-upgrade.iredmail.0.9.9-1.0.md | 26 +++++++++++++++++--
html/upgrade.iredmail.0.9.9-1.0.html | 24 +++++++++++++++--
2 files changed, 46 insertions(+), 4 deletions(-)
diff --git a/en_US/upgrade/0-upgrade.iredmail.0.9.9-1.0.md b/en_US/upgrade/0-upgrade.iredmail.0.9.9-1.0.md
index 1ba2885b..de9a720c 100644
--- a/en_US/upgrade/0-upgrade.iredmail.0.9.9-1.0.md
+++ b/en_US/upgrade/0-upgrade.iredmail.0.9.9-1.0.md
@@ -87,8 +87,8 @@ DNS records (especially your internal mail domains used in LAN). Please follow
steps below to fix it.
* Open file `/etc/postfix/main.cf` (Linux/OpenBSD) or
-`/usr/local/etc/postfix/main.cf` (FreeBSD), find parameter
-`smtpd_sender_restrictions` like below:
+ `/usr/local/etc/postfix/main.cf` (FreeBSD), find parameter
+ `smtpd_sender_restrictions` like below:
```
smtpd_sender_restrictions =
@@ -109,6 +109,28 @@ smtpd_sender_restrictions =
* Reloading or restarting Postfix service is required.
+### Fixed: fix improper HELO rule which blocks new Facebook servers
+
+Facebook has some new servers which uses `.mail-mail.facebook.com` as
+HELO identities, this is blocked by the default HELO rules configured by
+iRedMail-0.9.9 and earlier releases. Please fix it with EITHER step described
+below, but solution 1 is the recommended.
+
+1. Prepend line below in `/etc/postfix/helo_access.pcre` (Linux/OpenBSD) and
+ `/usr/local/etc/postfix/helo_access.pcre` (FreeBSD):
+
+```
+/^\d{1,3}-\d{1,3}-\d{1,3}-\d{1,3}\.mail-mail\.facebook\.com$/ DUNNO
+```
+
+2. Or, find line below in `helo_access.pcre` and remove it.
+
+```
+/(\d{1,3}[\.-]\d{1,3}[\.-]\d{1,3}[\.-]\d{1,3})/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery
+```
+
+Reloading or restarting Postfix service is required.
+
### Fixed: Incorrect SSL CA file path in Postfix on FreeBSD and OpenBSD
!!! attention
diff --git a/html/upgrade.iredmail.0.9.9-1.0.html b/html/upgrade.iredmail.0.9.9-1.0.html
index 33b04d26..9eae0600 100644
--- a/html/upgrade.iredmail.0.9.9-1.0.html
+++ b/html/upgrade.iredmail.0.9.9-1.0.html
@@ -28,6 +28,7 @@
Upgrade Roundcube webmail to the latest stable release
Upgrade netdata to the latest stable release (1.17.1)
Fixed: improper order of Postfix smtpd_sender_restriction rules
+Fixed: fix improper HELO rule which blocks new Facebook servers
Fixed: Incorrect SSL CA file path in Postfix on FreeBSD and OpenBSD
Fail2ban: slightly loose filter rule for postfix
@@ -133,8 +134,8 @@ DNS records (especially your internal mail domains used in LAN). Please follow
steps below to fix it.
- Open file
/etc/postfix/main.cf
(Linux/OpenBSD) or
-/usr/local/etc/postfix/main.cf
(FreeBSD), find parameter
-smtpd_sender_restrictions
like below:
+ /usr/local/etc/postfix/main.cf
(FreeBSD), find parameter
+ smtpd_sender_restrictions
like below:
smtpd_sender_restrictions =
reject_unknown_sender_domain
@@ -155,6 +156,25 @@ steps below to fix it.
- Reloading or restarting Postfix service is required.
+Fixed: fix improper HELO rule which blocks new Facebook servers
+Facebook has some new servers which uses <ip>.mail-mail.facebook.com
as
+HELO identities, this is blocked by the default HELO rules configured by
+iRedMail-0.9.9 and earlier releases. Please fix it with EITHER step described
+below, but solution 1 is the recommended.
+
+- Prepend line below in
/etc/postfix/helo_access.pcre
(Linux/OpenBSD) and
+ /usr/local/etc/postfix/helo_access.pcre
(FreeBSD):
+
+/^\d{1,3}-\d{1,3}-\d{1,3}-\d{1,3}\.mail-mail\.facebook\.com$/ DUNNO
+
+
+
+- Or, find line below in
helo_access.pcre
and remove it.
+
+/(\d{1,3}[\.-]\d{1,3}[\.-]\d{1,3}[\.-]\d{1,3})/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery
+
+
+Reloading or restarting Postfix service is required.
Fixed: Incorrect SSL CA file path in Postfix on FreeBSD and OpenBSD