[CentOS] Postfix vs. Thunderbird on Mac OS

Thu Sep 19 09:28:23 UTC 2019
Peter Eckel <lists at eckel-edv.de>


the main problem is that the MacBook obviously presents an illegal host name to the mail server, which in turn rejects accepting mail to be submitted from it because of 'reject_unknown_helo_hostname'.

With your 'smtpd_helo_restrictions', Postfix handles submissions from clients as it would handle mail from external mail servers, and so the wrong host name gets mail to be rejected. The mail submission doesn't even get to the point where 'smtpd_recipient_restrictions' are checked (which would allow senders from 'mynetworks') because 'smtpd_helo_restrictions' hits first. One way to fix that would be to put 'permit_mynetworks' into 'smtpd_helo_restrictions' (and of course provide proper settings for 'mynetworks') so the invalid host name is ignored for local networks.

If you want to fix the client instead (which I would recommend in any case), 'scholae.lan' could be a domain the mail server cannot resolve (as seen from your log, your domain is 'scholae.fr'), and so the host name is rejected. Even if the domain were resolvable, there is in all likelihood no DNS entry for 'Air-de-bea', so the name is technically invalid as far as Postfix is concerned.

The main question is where it got that host name from - most mis-configuration on the device itself, or on the DHCP server it uses to get its network configuration from.

If it's not the DHCP server, have a look at the 'Sharing' system configuration on the Mac. On top of that panel there is a field to configure the simple host name (in this case it'S probably "Air-de-bea"), and below that there's an 'Edit' button that you can use to specify an alternate name and sn FQDN. If 'Use dynamic global hostname' is checked, the Mac will use the hostname configured there - this might well be set to 'Air-de-bea.scholae.lan'.

If it's DHCP where the host name gets its name from, you'll need to have that fixed - either provide dynamic DNS updates, or assign a properly registered host name to the Mac.



> On 19. Sep 2019, at 10:43, Nicolas Kovacs <info at microlinux.fr> wrote:
> Hi,
> I'm running our local school's mail server on CentOS 7, Postfix and
> Dovecot. We get quite a lot of spam, so I have the following sender
> restrictions in my /etc/postfix/main.cf:
> --8<------------------------------------------------------
> # Restrictions SMTP
> smtpd_helo_restrictions = reject_unknown_helo_hostname
> smtpd_sender_restrictions = reject_unknown_sender_domain,
>  check_sender_access hash:/etc/postfix/sender_access
> smtpd_recipient_restrictions = permit_mynetworks,
>  permit_sasl_authenticated,
>  reject_rbl_client zen.spamhaus.org,
>  reject_rhsbl_reverse_client dbl.spamhaus.org,
>  reject_rhsbl_helo dbl.spamhaus.org,
>  reject_rhsbl_sender dbl.spamhaus.org
> smtpd_relay_restrictions = permit_mynetworks,
>  permit_sasl_authenticated,
>  reject_unauth_destination
> smtpd_data_restrictions = reject_unauth_pipelining
> --8<------------------------------------------------------
> Most folks are using Thunderbird on Linux, and everything works
> perfectly. One single user has a MacBook Air with Thunderbird on Mac OS
> Mojave, and her outgoing mails are rejected with the following error
> message in /var/log/maillog on the server:
> --8<------------------------------------------------------
> Sep 16 14:22:32 sd-48011 postfix/smtps/smtpd[14434]: NOQUEUE: reject:
> RCPT from villa.figaret.pck.nerim.net[]: 450 4.7.1
> <Air-de-bea.scholae.lan>: Helo command rejected: Host not found;
> from=<xxxxx.yyyyyyyy at scholae.fr> to=<info at microlinux.fr> proto=ESMTP
> helo=<Air-de-bea.scholae.lan>
> --8<------------------------------------------------------
> As far as I understand, it has to do with this MacBook's host
> configuration.
> Any suggestions?
> Cheers from the sunny South of France,
> Niki Kovacs
> --
> Microlinux - Solutions informatiques durables
> 7, place de l'église - 30730 Montpezat
> Site : https://www.microlinux.fr
> Mail : info at microlinux.fr
> Tél. : 04 66 63 10 32
> Mob. : 06 51 80 12 12
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 235 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.centos.org/pipermail/centos/attachments/20190919/a7293144/attachment-0006.sig>