[CentOS] Postfix vs. Thunderbird on Mac OS

Thu Sep 19 20:10:45 UTC 2019
Peter <peter at pajamian.dhs.org>

On 19/09/19 8:43 PM, Nicolas Kovacs wrote:

> smtpd_helo_restrictions = reject_unknown_helo_hostname
...
> One single user has a MacBook Air with Thunderbird on Mac OS
> Mojave, and her outgoing mails are rejected with the following error
> message in /var/log/maillog on the server:
> 
> Sep 16 14:22:32 sd-48011 postfix/smtps/smtpd[14434]: NOQUEUE: reject:
> RCPT from villa.figaret.pck.nerim.net[62.212.106.47]: 450 4.7.1
> <Air-de-bea.scholae.lan>: Helo command rejected: Host not found;
> from=<xxxxx.yyyyyyyy at scholae.fr> to=<info at microlinux.fr> proto=ESMTP
> helo=<Air-de-bea.scholae.lan>

reject_unknown_helo_hostname is not intended to be used for submission 
connections.  The thing is that email clients will connect with all 
sorts of crazy hostnames, and they generally have no way of knowing if 
they hostname they are claiming has any conformity with the actual 
hostname presented publicly from the computer, or indeed if there even 
is one at all.  If someone is authenticating with SASL auth then they 
really shouldn't need to be subjected to these additional tests anyways.

You should separate your MX connections )port 25) from your submission 
connections (port 587 or submissions on port 465).  It becomes much 
easier to resolve issues like this if you don't have to worry about MXes 
and MUAs connecting on the same ports to the same services.  Then you 
can write separate smtpd_*_restrictions in master.cf for submission and 
submissions that don't include things such as reject_unknown_helo_hostname.


Peter