Hi, this is pretty much pure postfix rather than ispconfig. but since the server is configured with whatever default settings ispconfig puts in main.cf, i figured i'd ask here. we have a mail client, whose externally hosted site also uses another provider to manage bookings, which sends mail to the client, i'm not sure what domain it's trying to send those mails as, the 3rd party providers own domain or the clients domain. but it's using mandrill#.secure-booking-email.net for the helo command when connecting to our server, where the # can be any number. our mail server is running on ispconfig3.2.1, so it's running all the helo verification checks: Code: smtpd_helo_required = yes smtpd_helo_restrictions = reject_invalid_helo_hostname, permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, check_helo_access regexp:/e tc/postfix/blacklist_helo, ,reject_unknown_helo_hostname, permit running nslookup, or dig -x, directly on the mailserver that's rejecting these connections, the mandrill hosts appear to have valid PTR records, but no valid A record. the client has contacted them, and they're blaming my servers. stating: which is just plain weird considering it's their server trying to connect to ours. so their the ones supposed to be providing the HELO greeting. these are important emails for the client, so he needs them working asap, and it looks like it's going to take a while to resolve. in the meantime i thought i'd try adding the hosts into helo_access and try to whitelist them anyway, i've tried adding the hostname(s) to the helo_access file, but that doesn't seem to work either. i've found answers saying to use ACCEPT, PERMIT, or OK, so i have no idea which one is correct, or if any will work. i've put 3 entries in helo_access, using /^mandrill*\.secure-booking-email\.net$/ and ending in OK, PERMIT, and ACCEPT. and it still gets rejected. how can i allow servers using this helo domain to connect without opening up helo to every misconfigured server out there?