On 02/02/2012 11:01 AM, Rob Kampen wrote:
Hi list, I have been getting the following types of log messages
Jan 30 08:22:33 ndgonline postfix/smtpd[30538]: NOQUEUE: reject: RCPT from unknown[71.46.229.50]: 450 4.7.1 Client host rejected: cannot find your hostname, [71.46.229.50]; from=DWoodman@orangebankfl.com to=rkampen@ndgonline.net proto=ESMTP helo=<mail.floridianbank.com>
a rdns check shows all is well with 71.46.229.50 - it belongs to the from senders domain name.
;; ANSWER SECTION: 50.229.46.71.in-addr.arpa. 777 IN PTR mail2.orangebankfl.com.
It seems it is being rejected due to the helo domain name - which does not have a correct rdns.
My problem is that I do not specify the helo check??
this is the relevant portion of main.cf
<snip> smtpd_helo_required = yes smtpd_delay_reject = yes #added 20090410 strict_rfc821_envelopes = yes smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, permit
smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unknown_client, reject_unauthenticated_sender_login_mismatch, permit
smtpd_sender_login_maps = hash:/etc/postfix/smtpd_sender_login_map
smtpd_client_restrictions = check_client_access hash:/etc/postfix/access
smtpd_recipient_restrictions = reject_unauth_pipelining, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_sender_access hash:/etc/postfix/sender_access, check_recipient_access hash:/etc/postfix/roleaccount_exceptions, check_helo_access pcre:/etc/postfix/helo_checks, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client dul.dnsbl.sorbs.net, check_policy_service unix:postgrey/socket, permit
# reject_unauthenticated_sender_login_mismatch
smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous #, noplaintext broken_sasl_auth_clients = yes
</snip>
so no reject_unknown_helo_hostname check - so why is it throwing them out?
mail.floridianbank.com != mail2.floridianbank.com
culprit => reject_non_fqdn_helo_hostname
but I would not disable it.