Nicolas Kovacs writes: > Hi, > > I'm running our local school's mail server on CentOS 7, Postfix and > Dovecot. We get quite a lot of spam, so I have the following sender > restrictions in my /etc/postfix/main.cf: > > --8<------------------------------------------------------ > # Restrictions SMTP > smtpd_helo_restrictions = reject_unknown_helo_hostname > smtpd_sender_restrictions = reject_unknown_sender_domain, > check_sender_access hash:/etc/postfix/sender_access > smtpd_recipient_restrictions = permit_mynetworks, > permit_sasl_authenticated, > reject_rbl_client zen.spamhaus.org, > reject_rhsbl_reverse_client dbl.spamhaus.org, > reject_rhsbl_helo dbl.spamhaus.org, > reject_rhsbl_sender dbl.spamhaus.org > smtpd_relay_restrictions = permit_mynetworks, > permit_sasl_authenticated, > reject_unauth_destination > smtpd_data_restrictions = reject_unauth_pipelining > --8<------------------------------------------------------ > > Most folks are using Thunderbird on Linux, and everything works > perfectly. One single user has a MacBook Air with Thunderbird on Mac OS > Mojave, and her outgoing mails are rejected with the following error > message in /var/log/maillog on the server: > > --8<------------------------------------------------------ > Sep 16 14:22:32 sd-48011 postfix/smtps/smtpd[14434]: NOQUEUE: reject: > RCPT from villa.figaret.pck.nerim.net[62.212.106.47]: 450 4.7.1 > <Air-de-bea.scholae.lan>: Helo command rejected: Host not found; > from=<xxxxx.yyyyyyyy at scholae.fr> to=<info at microlinux.fr> proto=ESMTP > helo=<Air-de-bea.scholae.lan> > --8<------------------------------------------------------ > > As far as I understand, it has to do with this MacBook's host > configuration. http://www.postfix.org/postconf.5.html#reject_unknown_helo_hostname reject_unknown_helo_hostname (with Postfix < 2.3: reject_unknown_hostname) Reject the request when the HELO or EHLO hostname has no DNS A or MX record. The reply is specified with the unknown_hostname_reject_code parameter (default: 450) or unknown_helo_hostname_tempfail_action (default: defer_if_permit). See the respective parameter descriptions for details. Note: specify "smtpd_helo_required = yes" to fully enforce this restriction (without "smtpd_helo_required = yes", a client can simply skip reject_unknown_helo_hostname by not sending HELO or EHLO).