2 files changed, 6 insertions, 3 deletions

diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp
index e5dc1c7b..515b6825 100644
--- a/puppet/modules/site_postfix/manifests/mx.pp
+++ b/puppet/modules/site_postfix/manifests/mx.pp
@@ -42,8 +42,9 @@ class site_postfix::mx {
     -o smtpd_tls_security_level=encrypt\n
     submission inet n        -       n       -       -       smtpd\n
     -o smtpd_tls_security_level=encrypt\n
-    -o smtpd_recipient_restrictions=\$submission_recipient_restrictions",
-    require             => [ X509::Key[$cert_name], X509::Cert[$cert_name],
-                             User['vmail'] ]
+    -o smtpd_recipient_restrictions=\$submission_recipient_restrictions\n
+    -o smtpd_helo_restrictions=\$submission_helo_restrictions",
+    require             =>
+      [ X509::Key[$cert_name], X509::Cert[$cert_name], User['vmail'] ]
   }
 }
diff --git a/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp b/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp
index b1536d64..7aea71fb 100644
--- a/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp
+++ b/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp
@@ -24,6 +24,8 @@ class site_postfix::mx::smtpd_checks {
       value => 'permit_tls_all_clientcerts, check_recipient_access tcp:localhost:2244, reject_unauth_destination, permit';
     'submission_recipient_restrictions':
       value => 'permit_tls_all_clientcerts, check_recipient_access tcp:localhost:2244, reject_unauth_destination, permit';
+    'submission_helo_restrictions':
+      value => 'permit_mynetworks, permit';
     'smtpd_sender_restrictions':
       value => 'permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, permit';
     }