[CentOS] postfix - reject of incoming mail due to helo check??

Thu Feb 2 15:39:15 UTC 2012
Ned Slider <ned at unixmail.co.uk>

On 02/02/12 10:01, Rob Kampen wrote:
> Hi list,
> I have been getting the following types of log messages
> Jan 30 08:22:33 ndgonline postfix/smtpd[30538]: NOQUEUE: reject: RCPT
> from unknown[]: 450 4.7.1 Client host rejected: cannot find
> your hostname, []; from=<DWoodman at orangebankfl.com>
> to=<rkampen at ndgonline.net>  proto=ESMTP helo=<mail.floridianbank.com>
> a rdns check shows all is well with - it belongs to the
> from senders domain name.
> 777    IN    PTR    mail2.orangebankfl.com.
> It seems it is being rejected due to the helo domain name - which does
> not have a correct rdns.

No, the error is:

Client host rejected: cannot find your hostname, []


> smtpd_sender_restrictions =
>     permit_mynetworks,
>     permit_sasl_authenticated,
>     reject_non_fqdn_sender,
>     reject_unknown_client,
>     reject_unauthenticated_sender_login_mismatch,
>     permit

and you have reject_unknown_client above.

Postfix is attempting a rDNS lookup against the client IP 
[], it temp failed for whatever reason (not that uncommon) 
so the client is "unknown" and you rejected it accordingly.

See the Postfix documentation entry for more info:

reject_unknown_client_hostname (with Postfix < 2.3: reject_unknown_client)
     Reject the request when 1) the client IP address->name mapping 
fails, 2) the name->address mapping fails, or 3) the name->address 
mapping does not match the client IP address.
     This is a stronger restriction than the 
reject_unknown_reverse_client_hostname feature, which triggers only 
under condition 1) above.
     The unknown_client_reject_code parameter specifies the response 
code for rejected requests (default: 450). The reply is always 450 in 
case the address->name or name->address lookup failed due to a temporary 

I would recommend removing reject_unknown_client from your 

Hope that helps.