On 19/09/19 8:43 PM, Nicolas Kovacs wrote:
smtpd_helo_restrictions = reject_unknown_helo_hostname
...
One single user has a MacBook Air with Thunderbird on Mac OS
Mojave, and her outgoing mails are rejected with the following error
message in /var/log/maillog on the server:
Sep 16 14:22:32 sd-48011 postfix/smtps/smtpd[14434]: NOQUEUE: reject:
RCPT from villa.figaret.pck.nerim.net[62.212.106.47]: 450 4.7.1
<Air-de-bea.scholae.lan>: Helo command rejected: Host not found;
from=<xxxxx.yyyyy...@scholae.fr> to=<i...@microlinux.fr> proto=ESMTP
helo=<Air-de-bea.scholae.lan>
reject_unknown_helo_hostname is not intended to be used for submission
connections. The thing is that email clients will connect with all
sorts of crazy hostnames, and they generally have no way of knowing if
they hostname they are claiming has any conformity with the actual
hostname presented publicly from the computer, or indeed if there even
is one at all. If someone is authenticating with SASL auth then they
really shouldn't need to be subjected to these additional tests anyways.
You should separate your MX connections )port 25) from your submission
connections (port 587 or submissions on port 465). It becomes much
easier to resolve issues like this if you don't have to worry about MXes
and MUAs connecting on the same ports to the same services. Then you
can write separate smtpd_*_restrictions in master.cf for submission and
submissions that don't include things such as reject_unknown_helo_hostname.
Peter
_______________________________________________
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
