Mail bounced by kw.com saying HELO FQDN check fails
I am going crazy trying to figure this one out. I have a 10.5.8 server running mail for my domain maclan.net on a system that is called mail.maclan.net
This system is 192.168.1.253 behind my firewall and 66.205.130.215 on the public Internet.
The system and email have been working great for a long time but someone we know has an email address at kw.com. When sending email from maclan.net to kw.com the emails are being bounced. with
<xxxxxxx@kw.com>: host mx01.kw.com[66.45.126.185] said: 554 5.7.1
<[66.205.130.215]>: Helo command rejected: Local policy prohibits address
literals (in reply to RCPT TO command)
Reporting-MTA: dns; mail.maclan.net
X-Postfix-Queue-ID: 801A1DB05D
X-Postfix-Sender: rfc822; JOHN@MACLAN.NET
Arrival-Date: Tue, 7 Jun 2011 16:20:07 -0700 (PDT)
Final-Recipient: rfc822; xxxxxxxxxx@kw.com
Original-Recipient: rfc822;dhaight@kw.com
Action: failed
Status: 5.7.1
Remote-MTA: dns; mx01.kw.com
Diagnostic-Code: smtp; 554 5.7.1 <[66.205.130.215]>: Helo command rejected:
Local policy prohibits address literals
So I sent myself an email to another account and did a View Raw Source on it to check out the headers and sure enough it looks like the IP address is being used in the HELO instead of the FQDN:
Received: from unknown (HELO m1pismtp01-027.prod.mesa1.secureserver.net) ([216.69.186.30])
(envelope-sender <JOHN@MACLAN.NET>)
by p3plsmtp15-05.prod.phx3.secureserver.net (qmail-1.03) with SMTP
for <john@amaclife.com>; 7 Jun 2011 23:27:58 -0000
X-IronPort-Anti-Spam-Result: AuQGACSx7k1CzYLX/2dsb2JhbABThyKoZZ9YnyWGIQSGeIoSj2U
Received: from mail.maclan.net (HELO [66.205.130.215]) ([66.205.130.215])
by m1pismtp01-027.prod.mesa1.secureserver.net with ESMTP; 07 Jun 2011 16:27:57 -0700
Received: from localhost (localhost [127.0.0.1])
by mail.maclan.net (Postfix) with ESMTP id 15336DB107
for <john@amaclife.com>; Tue, 7 Jun 2011 16:27:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at maclan.net
Received: from mail.maclan.net ([127.0.0.1])
by localhost (mail.maclan.net [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id ep31Tl18Oq4T for <john@amaclife.com>;
Tue, 7 Jun 2011 16:27:56 -0700 (PDT)
Received: from john.maclan.net (john.maclan.net [192.168.1.251])
by mail.maclan.net (Postfix) with ESMTP id 79BE3DB0F3
for <john@amaclife.com>; Tue, 7 Jun 2011 16:27:56 -0700 (PDT)
So I've researched this to death and thought there might be problems with my postfix settings or something but I cannot find anything. At this point all that is changed is smtp_helo_name which had been at the default of $myhostname but I forced it to mail.maclan.net in an attempt to fix it. Here's my config info:
postconf -n
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
enable_server_options = yes
html_directory = no
inet_interfaces = all
mail_owner = _postfix
mailbox_transport = cyrus
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
message_size_limit = 20971520
mydestination = $myhostname,localhost.$mydomain,maclan.net
mydomain = maclan.net
mydomain_fallback = localhost
myhostname = mail.maclan.net
mynetworks = 127.0.0.0/8
newaliases_path = /usr/bin/newaliases
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
relayhost =
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = _postdrop
smtp_helo_name = mail.maclan.net
smtpd_enforce_tls = no
smtpd_pw_server_security_options = gssapi,cram-md5
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,permit
smtpd_sasl_auth_enable = yes
smtpd_tls_cert_file = /etc/certificates/MacLAN.crt
smtpd_tls_key_file = /etc/certificates/MacLAN.key
smtpd_tls_loglevel = 0
smtpd_use_pw_server = yes
smtpd_use_tls = yes
unknown_local_recipient_reject_code = 550
changeip -checkhostname
Primary address = 192.168.1.253
Current HostName = mail.maclan.net
DNS HostName = mail.maclan.net
The names match. There is nothing to change.
And using network-tools.com it looks like my external name translates okay forward and reverse. I've also looked at the MX record. So I've hit a point of confusion/frustration. Any ideas would be greatly appreciated.
John
Mac Pro, Mac OS X (10.5.8)