On 02/02/2012 11:01 AM, Rob Kampen wrote:
> Hi list,
> I have been getting the following types of log messages
> Jan 30 08:22:33 ndgonline postfix/smtpd[30538]: NOQUEUE: reject: RCPT
> from unknown[]: 450 4.7.1 Client host rejected: cannot find
> your hostname, []; from=<dwood...@orangebankfl.com>
> to=<rkam...@ndgonline.net>  proto=ESMTP helo=<mail.floridianbank.com>
> a rdns check shows all is well with - it belongs to the
> from senders domain name.
> 777    IN    PTR    mail2.orangebankfl.com.
> It seems it is being rejected due to the helo domain name - which does
> not have a correct rdns.
> My problem is that I do not specify the helo check??
> this is the relevant portion of main.cf
> <snip>
> smtpd_helo_required = yes
> smtpd_delay_reject = yes
> #added 20090410
> strict_rfc821_envelopes = yes
> smtpd_helo_restrictions =
>      permit_mynetworks,
>      reject_non_fqdn_helo_hostname,
>      reject_invalid_helo_hostname,
>      permit
> smtpd_sender_restrictions =
>     permit_mynetworks,
>     permit_sasl_authenticated,
>     reject_non_fqdn_sender,
>     reject_unknown_client,
>     reject_unauthenticated_sender_login_mismatch,
>     permit
> smtpd_sender_login_maps = hash:/etc/postfix/smtpd_sender_login_map
> smtpd_client_restrictions =
>     check_client_access hash:/etc/postfix/access
> smtpd_recipient_restrictions =
>     reject_unauth_pipelining,
>     reject_non_fqdn_recipient,
>     reject_unknown_sender_domain,
>     reject_unknown_recipient_domain,
>     permit_mynetworks,
>     permit_sasl_authenticated,
>     reject_unauth_destination,
>     check_sender_access hash:/etc/postfix/sender_access,
>     check_recipient_access hash:/etc/postfix/roleaccount_exceptions,
>     check_helo_access pcre:/etc/postfix/helo_checks,
>      reject_rbl_client sbl-xbl.spamhaus.org,
>      reject_rbl_client cbl.abuseat.org,
>      reject_rbl_client dul.dnsbl.sorbs.net,
>     check_policy_service unix:postgrey/socket,
>     permit
> #  reject_unauthenticated_sender_login_mismatch
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_security_options = noanonymous
> #, noplaintext
> broken_sasl_auth_clients = yes
> </snip>
> so no reject_unknown_helo_hostname check - so why is it throwing them out?

mail.floridianbank.com != mail2.floridianbank.com

culprit => reject_non_fqdn_helo_hostname

but I would not disable it.


Ljubomir Ljubojevic
(Love is in the Air)
PL Computers
Serbia, Europe

Google is the Mother, Google is the Father, and traceroute is your
trusty Spiderman...
StarOS, Mikrotik and CentOS/RHEL/Linux consultant
CentOS mailing list

Reply via email to