Prev: problems with roaming users and sasl auth
Next: how to drop '450 user unknown '
From: Pat Deegan on 14 Oct 2007 17:29
Helo,

I've got an annoying PDA mail client (Versamail) that insists on sending
an invalid domain name in it's HELO to the server.

To get around this, I wanted to set:

smtpd_helo_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_hostname,
reject_invalid_hostname,
hash:/etc/postfix/access,
permit

This failed with
504 5.5.2 <com>: Helo command rejected: need fully-qualified hostname

So I simplified things and removed all restrictions on HELO, for testing:

smtpd_helo_required = no
smtpd_helo_restrictions = permit

Now it works, if I manually telnet to port 25 and _don't send_ any HELO.
But sending Versamail's dumb

HELO COM

Still gives me
504 5.5.2 <COM>: Helo command rejected: need fully-qualified hostname

BTW, I _have_ issued multiple "postfix reload" and even stopped/started
the server to ensure the config was accepted and showed up correctly with
'postconf'.

I'd appreciate any clues as to why postfix is ignoring my
smtpd_helo_restrictions.

Thanks in advance.
--
Pat Deegan
http://www.psychogenic.com

From: Ralf Hildebrandt on 15 Oct 2007 03:23
On 2007-10-14, Pat Deegan <pause.BAD.SPAM(a)psychogenic.com> wrote:

> I've got an annoying PDA mail client (Versamail) that insists on sending
> an invalid domain name in it's HELO to the server.
>
> To get around this, I wanted to set:
>
> smtpd_helo_restrictions =
> permit_mynetworks,
> permit_sasl_authenticated,
> reject_non_fqdn_hostname,
> reject_invalid_hostname,
> hash:/etc/postfix/access,
> permit

Bad style. Rename hash:/etc/postfix/access to
check_helo_access hash:/etc/postfix/helo_access

The permit at the end is not needed.

> This failed with
> 504 5.5.2 <com>: Helo command rejected: need fully-qualified hostname

Meaning that the client is NOT in $mynetworks or is not authenticated.

> So I simplified things and removed all restrictions on HELO, for testing:
>
> smtpd_helo_required = no
> smtpd_helo_restrictions = permit

Not needed. Simply leave them empty.

> Now it works, if I manually telnet to port 25 and _don't send_ any HELO.
> But sending Versamail's dumb
>
> HELO COM
>
> Still gives me
> 504 5.5.2 <COM>: Helo command rejected: need fully-qualified hostname

Show "postconf -n" output.

--
Ralf Hildebrandt (i.A. des IT-Zentrums) Ralf.Hildebrandt(a)charite.de
Charite - Universitätsmedizin Berlin Tel. +49 (0)30-450 570-155
Gemeinsame Einrichtung von FU- und HU-Berlin Fax. +49 (0)30-450 570-962
IT-Zentrum Standort CBF send no mail to plonk(a)charite.de
 | 
Pages: 1
Prev: problems with roaming users and sasl auth
Next: how to drop '450 user unknown '