Postfix - smtpd_helo_restrictions have permit_sasl_authenticated with higher priority
As there are some devices (e.g. older IoT/industrial devices) that are often not very good in fullfilling the SMTP standards, they get rejected by the SMTP server, even if using SMTP Auth. I would suggest to move the permit_sasl_authenticated before the reject_invalid_helo_hostname in line https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/install/tpl/debian_postfix.conf.master#L29