On 02/02/2012 11:01 AM, Rob Kampen wrote: > Hi list, > I have been getting the following types of log messages > > Jan 30 08:22:33 ndgonline postfix/smtpd[30538]: NOQUEUE: reject: RCPT > from unknown[71.46.229.50]: 450 4.7.1 Client host rejected: cannot find > your hostname, [71.46.229.50]; from=<DWoodman@xxxxxxxxxxxxxxxx> > to=<rkampen@xxxxxxxxxxxxx> proto=ESMTP helo=<mail.floridianbank.com> > > a rdns check shows all is well with 71.46.229.50 - it belongs to the > from senders domain name. > > ;; ANSWER SECTION: > 50.229.46.71.in-addr.arpa. 777 IN PTR mail2.orangebankfl.com. > > It seems it is being rejected due to the helo domain name - which does > not have a correct rdns. > > My problem is that I do not specify the helo check?? > > this is the relevant portion of main.cf > > <snip> > smtpd_helo_required = yes > smtpd_delay_reject = yes > #added 20090410 > strict_rfc821_envelopes = yes > smtpd_helo_restrictions = > permit_mynetworks, > reject_non_fqdn_helo_hostname, > reject_invalid_helo_hostname, > permit > > smtpd_sender_restrictions = > permit_mynetworks, > permit_sasl_authenticated, > reject_non_fqdn_sender, > reject_unknown_client, > reject_unauthenticated_sender_login_mismatch, > permit > > smtpd_sender_login_maps = hash:/etc/postfix/smtpd_sender_login_map > > smtpd_client_restrictions = > check_client_access hash:/etc/postfix/access > > smtpd_recipient_restrictions = > reject_unauth_pipelining, > reject_non_fqdn_recipient, > reject_unknown_sender_domain, > reject_unknown_recipient_domain, > permit_mynetworks, > permit_sasl_authenticated, > reject_unauth_destination, > check_sender_access hash:/etc/postfix/sender_access, > check_recipient_access hash:/etc/postfix/roleaccount_exceptions, > check_helo_access pcre:/etc/postfix/helo_checks, > reject_rbl_client sbl-xbl.spamhaus.org, > reject_rbl_client cbl.abuseat.org, > reject_rbl_client dul.dnsbl.sorbs.net, > check_policy_service unix:postgrey/socket, > permit > > # reject_unauthenticated_sender_login_mismatch > > smtpd_sasl_auth_enable = yes > smtpd_sasl_security_options = noanonymous > #, noplaintext > broken_sasl_auth_clients = yes > > </snip> > > so no reject_unknown_helo_hostname check - so why is it throwing them out? > mail.floridianbank.com != mail2.floridianbank.com culprit => reject_non_fqdn_helo_hostname but I would not disable it. -- Ljubomir Ljubojevic (Love is in the Air) PL Computers Serbia, Europe Google is the Mother, Google is the Father, and traceroute is your trusty Spiderman... StarOS, Mikrotik and CentOS/RHEL/Linux consultant _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos