On 19/09/19 8:43 PM, Nicolas Kovacs wrote: > smtpd_helo_restrictions = reject_unknown_helo_hostname ... > One single user has a MacBook Air with Thunderbird on Mac OS > Mojave, and her outgoing mails are rejected with the following error > message in /var/log/maillog on the server: > > Sep 16 14:22:32 sd-48011 postfix/smtps/smtpd[14434]: NOQUEUE: reject: > RCPT from villa.figaret.pck.nerim.net[62.212.106.47]: 450 4.7.1 > <Air-de-bea.scholae.lan>: Helo command rejected: Host not found; > from=<xxxxx.yyyyyyyy at scholae.fr> to=<info at microlinux.fr> proto=ESMTP > helo=<Air-de-bea.scholae.lan> reject_unknown_helo_hostname is not intended to be used for submission connections. The thing is that email clients will connect with all sorts of crazy hostnames, and they generally have no way of knowing if they hostname they are claiming has any conformity with the actual hostname presented publicly from the computer, or indeed if there even is one at all. If someone is authenticating with SASL auth then they really shouldn't need to be subjected to these additional tests anyways. You should separate your MX connections )port 25) from your submission connections (port 587 or submissions on port 465). It becomes much easier to resolve issues like this if you don't have to worry about MXes and MUAs connecting on the same ports to the same services. Then you can write separate smtpd_*_restrictions in master.cf for submission and submissions that don't include things such as reject_unknown_helo_hostname. Peter