[CentOS] postfix - reject of incoming mail due to helo check??
Ljubomir Ljubojevic
office at plnet.rs
Thu Feb 2 10:10:06 UTC 2012
On 02/02/2012 11:01 AM, Rob Kampen wrote:
> Hi list,
> I have been getting the following types of log messages
>
> Jan 30 08:22:33 ndgonline postfix/smtpd[30538]: NOQUEUE: reject: RCPT
> from unknown[71.46.229.50]: 450 4.7.1 Client host rejected: cannot find
> your hostname, [71.46.229.50]; from=<DWoodman at orangebankfl.com>
> to=<rkampen at ndgonline.net> proto=ESMTP helo=<mail.floridianbank.com>
>
> a rdns check shows all is well with 71.46.229.50 - it belongs to the
> from senders domain name.
>
> ;; ANSWER SECTION:
> 50.229.46.71.in-addr.arpa. 777 IN PTR mail2.orangebankfl.com.
>
> It seems it is being rejected due to the helo domain name - which does
> not have a correct rdns.
>
> My problem is that I do not specify the helo check??
>
> this is the relevant portion of main.cf
>
> <snip>
> smtpd_helo_required = yes
> smtpd_delay_reject = yes
> #added 20090410
> strict_rfc821_envelopes = yes
> smtpd_helo_restrictions =
> permit_mynetworks,
> reject_non_fqdn_helo_hostname,
> reject_invalid_helo_hostname,
> permit
>
> smtpd_sender_restrictions =
> permit_mynetworks,
> permit_sasl_authenticated,
> reject_non_fqdn_sender,
> reject_unknown_client,
> reject_unauthenticated_sender_login_mismatch,
> permit
>
> smtpd_sender_login_maps = hash:/etc/postfix/smtpd_sender_login_map
>
> smtpd_client_restrictions =
> check_client_access hash:/etc/postfix/access
>
> smtpd_recipient_restrictions =
> reject_unauth_pipelining,
> reject_non_fqdn_recipient,
> reject_unknown_sender_domain,
> reject_unknown_recipient_domain,
> permit_mynetworks,
> permit_sasl_authenticated,
> reject_unauth_destination,
> check_sender_access hash:/etc/postfix/sender_access,
> check_recipient_access hash:/etc/postfix/roleaccount_exceptions,
> check_helo_access pcre:/etc/postfix/helo_checks,
> reject_rbl_client sbl-xbl.spamhaus.org,
> reject_rbl_client cbl.abuseat.org,
> reject_rbl_client dul.dnsbl.sorbs.net,
> check_policy_service unix:postgrey/socket,
> permit
>
> # reject_unauthenticated_sender_login_mismatch
>
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_security_options = noanonymous
> #, noplaintext
> broken_sasl_auth_clients = yes
>
> </snip>
>
> so no reject_unknown_helo_hostname check - so why is it throwing them out?
>
mail.floridianbank.com != mail2.floridianbank.com
culprit => reject_non_fqdn_helo_hostname
but I would not disable it.
--
Ljubomir Ljubojevic
(Love is in the Air)
PL Computers
Serbia, Europe
Google is the Mother, Google is the Father, and traceroute is your
trusty Spiderman...
StarOS, Mikrotik and CentOS/RHEL/Linux consultant
More information about the CentOS
mailing list