Are these clients SASL authenticated? This is what's in my main.cf
smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks permit_sasl_authenticated reject_invalid_helo_hostname reject_non_fqdn_helo_hostname reject_unknown_helo_hostname Because permit_sasl_authenticated should let them send, unless they don't have a login on your server in which case rejecting a bad FQDN is to be expected in this day and age. I am not sure how postfiix prioritized it's rules, I would asume the first match and it stops looking, permit_sasl_authenticated comes before reject_non_fqdn_helo_hostname so to get that HELO rejection you posted, the client must be failing both the permit_mynetworks and permit_sasl_authenticated tests first. -Ernie. [ Charset ISO-8859-1 converted... ] > Hello Michael, > > generally a good thing. > But can you please check the box "Accept from unresolvable domains" by > default instead of not checking it by default? > Because mail clients do not always send an FQDN. I just had this with a > customer who had several users with Outlook who could no longer send > because: > > Nov 13 10:17:23 web1 postfix/submission/smtpd[1469325]: NOQUEUE: reject: > RCPT from unknown[1.2.3.4]: 504 5.5.2 <GLCAHAUS01>: Helo command rejected: > need fully-qualified hostname; from=<i...@senderdomain.de> > to=<s...@recipient.de> proto=ESMTP helo=<GLCAHAUS01> > > I have set the check. Now it's working again. > Not everyone has a local mail server or uses o365. > Therefore it would be good to have this limitation optional and not per > default. > > Best regards, > Dirk > > > blackpoint GmbH Friedberger Straße 106b 61118 Bad Vilbel > > > -----Ursprüngliche Nachricht----- > Von: Blueonyx <blueonyx-boun...@mail.blueonyx.it> Im Auftrag von Michael > Stauber > Gesendet: Donnerstag, 12. November 2020 22:09 > An: blueonyx@mail.blueonyx.it > Betreff: [BlueOnyx:24498] Re: Postfix config > > Hi Ernie, > > Earlier I wrote: > > That way you could create your own /root/custom-postfix-confgen file > > and could put all the "postconf -e" commands into it that you want to > > apply to the Postfix configuration *after* the auto-configure has run. > > That would allow you to override any Postfix setting and make it stick > > through updates and other changes. > > I just published YUM updates for 5210R that introduce this change to > Postfix: > > smtpd_sender_restrictions is set to either ... > > postconf -e 'smtpd_sender_restrictions = permit_mynetworks, > check_sender_access hash:/etc/postfix/access' > > ... or ... > > postconf -e 'smtpd_sender_restrictions = permit_mynetworks, > reject_unknown_sender_domain, reject_non_fqdn_sender, > reject_non_fqdn_hostname, reject_unknown_reverse_client_hostname, > reject_unknown_client_hostname, check_sender_access > hash:/etc/postfix/access' > > ... depending if "Accept from unresolvable domains" is enabled or disabled > in the GUI. > > The second set of parameters is the new default. Means: We do strict > checking. > > Additionally a new script was added: > > /usr/sausalito/bin/custom-postfix-confgen.sh > > This script will never be changed during YUM updates and you can put into it > your own "postconf -e" config changes to Postfix. These will be executed > automatically on Postfix restarts *after* the GUI has finished its > auto-configuration of Postfix. > > Essentially /usr/sausalito/bin/custom-postfix-confgen.sh allows you to > reconfigure Postfix entirely - if you wish. So use it with caution. An > example is included in the script itself. > > -- > With best regards > > Michael Stauber > _______________________________________________ > Blueonyx mailing list > Blueonyx@mail.blueonyx.it > http://mail.blueonyx.it/mailman/listinfo/blueonyx > _______________________________________________ > Blueonyx mailing list > Blueonyx@mail.blueonyx.it > http://mail.blueonyx.it/mailman/listinfo/blueonyx _______________________________________________ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx