Nicolas Kovacs writes:
Hi,
I'm running our local school's mail server on CentOS 7, Postfix and Dovecot. We get quite a lot of spam, so I have the following sender restrictions in my /etc/postfix/main.cf:
--8<------------------------------------------------------ # Restrictions SMTP smtpd_helo_restrictions = reject_unknown_helo_hostname smtpd_sender_restrictions = reject_unknown_sender_domain, check_sender_access hash:/etc/postfix/sender_access smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_rbl_client zen.spamhaus.org, reject_rhsbl_reverse_client dbl.spamhaus.org, reject_rhsbl_helo dbl.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_data_restrictions = reject_unauth_pipelining --8<------------------------------------------------------
Most folks are using Thunderbird on Linux, and everything works perfectly. One single user has a MacBook Air with Thunderbird on Mac OS Mojave, and her outgoing mails are rejected with the following error message in /var/log/maillog on the server:
--8<------------------------------------------------------ Sep 16 14:22:32 sd-48011 postfix/smtps/smtpd[14434]: NOQUEUE: reject: RCPT from villa.figaret.pck.nerim.net[62.212.106.47]: 450 4.7.1 <Air-de-bea.scholae.lan>: Helo command rejected: Host not found; from=xxxxx.yyyyyyyy@scholae.fr to=info@microlinux.fr proto=ESMTP helo=<Air-de-bea.scholae.lan> --8<------------------------------------------------------
As far as I understand, it has to do with this MacBook's host configuration.
http://www.postfix.org/postconf.5.html#reject_unknown_helo_hostname
reject_unknown_helo_hostname (with Postfix < 2.3: reject_unknown_hostname) Reject the request when the HELO or EHLO hostname has no DNS A or MX record. The reply is specified with the unknown_hostname_reject_code parameter (default: 450) or unknown_helo_hostname_tempfail_action (default: defer_if_permit). See the respective parameter descriptions for details. Note: specify "smtpd_helo_required = yes" to fully enforce this restriction (without "smtpd_helo_required = yes", a client can simply skip reject_unknown_helo_hostname by not sending HELO or EHLO).