10.6 Email-Server/Postfix Helo command rejected - local SMTP clients won't use FQDN

Question

10.6 Email-Server/Postfix Helo command rejected - local SMTP clients won't use FQDN

Hi,

I set up a 10.6 server as mail-server which works (more or less) fine. I can send and receive internal and external Emails from various Macs with mail.app and Windows-Boxes with Thunderbird. However, some clients will be rejected due to wrong Helo strings

e.g. a Windows-Box using Outlook express

...

server postfix/smtpd[73194]: NOQUEUE: reject: RCPT from winbox.intranet.example.com[192.168.2.21]: 504 5.5.2 <winbox>: Helo command rejected: need fully-qualified hostname; from=<user1@example.com> to=<user2@example.com> proto=ESMTP helo=<winbox>

...

similar happens with my router sending status-Emails (replace "winbox" with "router")

finally my stand-alone-fax-machine uses it's ip-address as helo-string (helo=<192.168.2.10>, similar error)

For now I've commented out

smtpd_helo_restrictions = reject_invalid_helo_hostname

#reject_non_fqdn_helo_hostname

which makes things work. But that's not the right way, I guess, moreover since this entry is "fixed" by Server-Admin ever now and then.

Does this problem arise from misconfigured boxes or a misconfigured OSX-Server? Hope the latter since there're no options to change this in my router nor my fax-machine...

Thanks

Mac Pro, Mac OS X (10.6.7), Server

Posted on Jun 15, 2011 8:41 AM

Reply

Answer 1

Top-ranking reply

ClassicII

Level 4

1,097 points

Jun 15, 2011 10:38 AM in response to sackrattenmutterschiff

Try this.

Symptoms

Users who use Microsoft Outlook as their email client and whoconnect to an email server running on Mac OS X Server v10.6 may not beable to send mail. The following (or similar) alert is returned toOutlook clients:

The message could not be sent becauseone of the recipients was rejected by the server. The rejected emailaddress was "recipient@example.com" is subject "example", account:"mail.example.com" , server "mail.example.com", protocol: SMTP, serverresponse: "504 5.5.2 < hostname > : Helo command rejected: needfully qualified host name", port: 25, secure (SSL): no, server error:504, error number: 0x800CCC79.

Products Affected

Mac OS X Server 10.6

Resolution

In Mac OS X Server v10.6, Postfix is configuredto require a fully qualified hostname from SMTP clients. This settingis configurable and the restriction can be removed, however anymodification of a security-related setting should be evaluated prior tomaking the change.

Once you have evaluated the change, you can use the following steps to implement it:

Note: Before proceeding, back up the /etc/postfix/main.cf file as a precaution.

In /etc/postfix/main.cf, locate the smtpd_helo_restrictions setting
Remove "reject_non_fqdn_helo_hostname" from the list of settings.
Restart the Mail service.

Reply

Answer 2

Jun 15, 2011 11:18 AM in response to ClassicII

Hi,

yes, that's what I already did, unfortunately server-admin seem to correct this now and then. Last time I realized this, after my fax machine was quiet couple of days while it was sending my facsimiles to nirvana@nowhere.com.

Do you have any idea, when or why the main.cf might be set back to include "reject_non_fqdn_helo_hostname"? I can't remember exactly, what I did, I was changing some stuff in server-admin and workgroup-manager and it was there again all of a sudden.

Reply

Answer 3

Jun 15, 2011 11:34 AM in response to sackrattenmutterschiff

I'd not tend to follow what TS3023 (the text cited above) suggests here, as I'd rather not remove that filter from all messages, and I can use postconf -e and not edit the configuration file directly. Rather, I'd tend to remove that test specifically for verified clients and (as shown below) maybe also local clients. Here are two Terminal.app commands to reset this stuff, and to reload the Postfix server configuration:

sudo postconf -e "smtpd_helo_restrictions = permit_sasl_authenticated

permit_mynetworks reject_invalid_helo_hostname reject_non_fqdn_helo_hostname"

sudo postfix reload

Reply