User profile for user: Dbetts22
Dbetts22 Author
User level: Level 1
5 points

I keep getting helo command rejected

I keep getting helo command rejected : need fully qualified hostname.
Not sure what is happening here but I never had this problem before I moved everything over to the Apple server. I have my own local Domain norden1.com and 3 virtual host that I host email for. here is the output of my postconf -n. Anyone tell me what I am missing here.
canonical_maps = hash:/etc/postfix/canonical_maps
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debug peerlevel = 2
enable serveroptions = yes
html_directory = no
inet_interfaces = all
local recipientmaps = proxy:unix:passwd.byname $alias_maps
luser_relay =
mail_owner = postfix
mailbox sizelimit = 0
mailbox_transport = cyrus
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maps rbldomains =
message sizelimit = 31457280
mydestination = $myhostname,localhost.$mydomain,localhost,norden1.com,pasmt.com,rumpfambulance. com,mancys.com
mydomain = norden1.com
mydomain_fallback = localhost
myhostname = locutus.norden1.com
mynetworks = 127.0.0.1/32,192.168.0.1,69.221.19.134,69.221.13.122,72.240.201.50
mynetworks_style = host
newaliases_path = /usr/bin/newaliases
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd clientrestrictions = hash:/etc/postfix/smtpdreject permit_mynetworks reject rblclient sbl-xbl.spamhaus.org reject rblclient bi.spamcop.net reject rblclient dnsbl.sorbs.net reject rblclient relays.ordb.org permit
smtpd delayreject = yes
smtpd enforcetls = no
smtpd helorequired = yes
smtpd helorestrictions = reject non_fqdnhostname, reject invalidhostname, reject unknownhostname, permit
smtpd pw_server_securityoptions = login
smtpd recipientrestrictions = permit sasl_authenticated,permit_mynetworks,reject_unauthdestination,permit
smtpd sasl_authenable = yes
smtpd tls_certfile = /etc/certificates/locutus.norden1.com.crt
smtpd tls_keyfile = /etc/certificates/locutus.norden1.com.key
smtpd tlsloglevel = 0
smtpd use_pwserver = yes
smtpd usetls = yes
unknown local_recipient_rejectcode = 550
virtual aliasmaps = hash:/etc/postfix/virtual_alias
virtual mailboxdomains = hash:/etc/postfix/virtual_domains
virtual_transport = lmtp:unix:/var/imap/socket/lmtp


PowerMac G4 Digital Audio 533 Mhz. Mac OS X (10.4.2)

Posted on Dec 22, 2005 11:39 AM

Reply
7 replies
User profile for user: pterobyte
pterobyte
User level: Level 6
11,104 points

Dec 22, 2005 11:55 AM in response to Dbetts22

Darrell,

Do you have this problem when sending or receiving mail?
Any supporting log entries?

I assume you mean incoming mail. In that case this is normal behaviour if the incoming mail comes from a mail server without FQDN. You are explicitely asking for this here:
smtpd helorestrictions = reject non_fqdnhostname, reject invalidhostname, reject unknownhostname, permit

If you don't want this you can just remove the restricitions you do not need/want.

Probably unrelated, but you should also fix the following:
-Add mail.norden1.com to your local host aliases (although mail and locutus resolve to the same IP, you will need both since your MX records resolves to mail.norden1.com
-Add 72.240.120.56/32 to your networks (this is the IP your MX resolves to)

Let me know if you need more help.

Alex
Reply
User profile for user: Dbetts22
Dbetts22 Author
User level: Level 1
5 points

Dec 22, 2005 9:29 PM in response to pterobyte

Alex this only happens when I try to send email from my local network. I added the changes you suggested and still have the same error. Any ideas what else I can try? I have looked at my logs and I don't see anywhere in the logs where it shows that I tried to send email and recieved the helo reply. I have double checked my settings in my email cleint and those appear correct.

PowerMac G4 Digital Audio 533 Mhz. Mac OS X (10.4.2)
Reply
User profile for user: Dbetts22
Dbetts22 Author
User level: Level 1
5 points

Dec 23, 2005 8:53 AM in response to pterobyte

Yes it does, Here is a little snippet of my Smtp logs. As you can see it deson't even log my attempt to send Email from my network.
Dec 23 11:51:17 locutus postfix/smtpd[24387]: disconnect from unknown[69.1.199.43]
Dec 23 11:51:37 locutus postfix/smtpd[24387]: connect from 75.red-83-52-253.dynamicip.rima-tde.net[83.52.253.75]
Dec 23 11:51:42 locutus postfix/smtpd[24432]: connect from afrodite.dienekis.gr[194.30.229.195]
Dec 23 11:51:44 locutus postfix/smtpd[24432]: NOQUEUE: reject: RCPT from afrodite.dienekis.gr[194.30.229.195]: 550 <wovfa@norden1.com>: Recipient address rejected: User unknown in local recipient table; from= to=<wovfa@norden1.com> proto=ESMTP helo=<dienekis.gr>
Dec 23 11:51:44 locutus postfix/smtpd[24432]: disconnect from afrodite.dienekis.gr[194.30.229.195]
Dec 23 11:51:48 locutus postfix/postfix-script: refreshing the Postfix mail system
Dec 23 11:51:48 locutus postfix/master[6855]: reload configuration
Reply
User profile for user: UptimeJeff
UptimeJeff
User level: Level 4
3,479 points

Dec 23, 2005 9:11 AM in response to Dbetts22

Darrell

Do you have forward and reverse DNS setup for all of your clients?
This line requires a fqdn for all helo commands.
smtpd helorestrictions = reject non_fqdnhostname, reject invalidhostname, reject unknownhostname, permit

Try commenting out that line. Stop/start mail service and test again.

Also....
Your mynetworks line doesn't look right. You have:
mynetworks = 127.0.0.1/32,192.168.0.1,69.221.19.134,69.221.13.122,72.240.201.50

Which should probably be something like:
mynetworks = 127.0.0.1/32,192.168.0.0/24,69.221.19.134/32,69.221.13.122/32,72.240.201.50/32

Server admin coaches you on what the /24 and /32 means or google CIDR if you want to do some more in depth reading.

If the above doesn't help... Are your mail clients authenticating their SMTP connections? It's a good idea to do this. If all of your mail client are set to authenticate you can pair down the mynetworks line in your config. That line specifies which IP addresses are allowed to relay without authentication. It's better practice to use SMTP authentication and not have all these entries (the default of 127.0.0.1 should always be there though)

Jeff
Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

I keep getting helo command rejected

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up