LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 10-22-2007, 01:17 PM   #1
carlosinfl
Senior Member
 
Registered: May 2004
Location: Orlando, FL
Distribution: Debian
Posts: 2,896

Rep: Reputation: 73
HELO Reject Errors On Email (POSTFIX)


Guys - For some reason when someone from a conus.army.mil or other
domain try and send email to internal users, the sender gets the
following error:

The following message to <u...@mydomain.com> was undeliverable.
The reason for the problem:
5.1.0 - Unknown address error 501-'<external.example.com>:
Helo command rejected: Host not found'


When I check the email server I see the following in /var/log/maillog:

Oct 22 10:00:26 mail postfix/smtpd[26562]: NOQUEUE: reject: RCPT from
ddcoavsgw001.conus.army.mil[143.85.199.17]: 501
<ddcoavsgwhub001.conus.army.mil>: Helo command rejected: Host not
found; from=<u...@us.army.mil> to=<u...@mydomain.com> proto=ESMTP
helo=<ddcoavsgwhub001.conus.army.mil>

Can anyone please explain to me why this emails are being rejected by
my email server?

I am able to receive email from other domains like gmail and
us.army.mil.
 
Old 10-22-2007, 01:20 PM   #2
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,616

Rep: Reputation: 518Reputation: 518Reputation: 518Reputation: 518Reputation: 518Reputation: 518
As it says.. because that host can't be found.

Code:
alucard@kenobi:~$ host ddcoavsgwhub001.conus.army.mil
Host ddcoavsgwhub001.conus.army.mil not found: 3(NXDOMAIN)
 
Old 10-22-2007, 01:28 PM   #3
carlosinfl
Senior Member
 
Registered: May 2004
Location: Orlando, FL
Distribution: Debian
Posts: 2,896

Original Poster
Rep: Reputation: 73
How come they can send email to my GMail or other web based email utility and it works but when they send to my email server, it fails...

Not to mention they do receive email from us however when they reply or send back to mydomain.com, that is where we have problems.

Last edited by carlosinfl; 10-22-2007 at 01:39 PM.
 
Old 10-22-2007, 01:41 PM   #4
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,616

Rep: Reputation: 518Reputation: 518Reputation: 518Reputation: 518Reputation: 518Reputation: 518
Because your mail server is configured to reject mail from other mail servers that open their HELO with a domain that can't be found. Post the output of postconf -n.
 
Old 10-22-2007, 01:45 PM   #5
carlosinfl
Senior Member
 
Registered: May 2004
Location: Orlando, FL
Distribution: Debian
Posts: 2,896

Original Poster
Rep: Reputation: 73
Quote:
Originally Posted by AlucardZero View Post
Because your mail server is configured to reject mail from other mail servers that open their HELO with a domain that can't be found. Post the output of postconf -n.
Is that normal to reject mail from mail serves that open their HELO with a domain that can't be found? Should I change this setting?

[root@mail ~]# postconf -n
alias_database = hash:/etc/postfix/aliases, hash:/etc/postfix/aliases.ctia, hash:/etc/mailman/aliases
alias_maps = hash:/etc/postfix/aliases, hash:/etc/mailman/aliases
biff = no
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
command_time_limit = 1400
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
daemon_timeout = 47000
debug_peer_level = 2
default_destination_concurrency_limit = 500
default_destination_recipient_limit = 1000
disable_vrfy_command = yes
header_checks = regexp:/etc/postfix/header_checks
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
local_recipient_maps =
luser_relay = admin+$local
mail_owner = postfix
mailbox_size_limit = 40000000
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
max_idle = 175
maximal_backoff_time = 2000s
message_size_limit = 10240000
mime_header_checks = regexp:/etc/postfix/mime_header_checks.regexp
mydestination = $mydomain, $myhostname, localhost.$mydomain, localhost
mydomain = ideorlando.org
myhostname = mail.ideorlando.org
mynetworks = $config_directory/mynetworks
mynetworks_style = host
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
proxy_interfaces = 216.242.104.130
qmgr_message_active_limit = 1500
queue_directory = /var/spool/postfix
queue_run_delay = 500s
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_data_init_timeout = 400s
smtp_data_xfer_timeout = 400s
smtp_helo_timeout = 400s
smtp_mail_timeout = 400s
smtp_quit_timeout = 400s
smtp_rcpt_timeout = 400s
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_delay_reject = yes
smtpd_error_sleep_time = 15
smtpd_hard_error_limit = 10
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, reject_unknown_hostname, reject_invalid_hostname, reject_non_fqdn_hostname, regexp:/etc/postfix/helo.regexp, permit
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_reject_unlisted_recipient = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_soft_error_limit = 5
smtpd_timeout = 480s
smtpd_tls_auth_only = no
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
strict_rfc821_envelopes = yes
tls_random_source = dev:/dev/urandom
transport_retry_time = 240
unknown_address_reject_code = 450
unknown_client_reject_code = 450
unknown_hostname_reject_code = 501
unknown_local_recipient_reject_code = 550

Last edited by carlosinfl; 02-25-2010 at 05:24 PM.
 
Old 10-22-2007, 01:49 PM   #6
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,616

Rep: Reputation: 518Reputation: 518Reputation: 518Reputation: 518Reputation: 518Reputation: 518
Remove the reject_unknown_hostname and restart postfix.
 
Old 10-22-2007, 01:53 PM   #7
carlosinfl
Senior Member
 
Registered: May 2004
Location: Orlando, FL
Distribution: Debian
Posts: 2,896

Original Poster
Rep: Reputation: 73
////

Last edited by carlosinfl; 02-25-2010 at 05:24 PM.
 
Old 10-22-2007, 02:55 PM   #8
carlosinfl
Senior Member
 
Registered: May 2004
Location: Orlando, FL
Distribution: Debian
Posts: 2,896

Original Poster
Rep: Reputation: 73
Man - that seems to have fixed the issue. Mail has successfully passed through. Am I in any danger for removing the line in regards to being spoofed or SPAM'd to death?
 
Old 10-22-2007, 03:00 PM   #9
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,616

Rep: Reputation: 518Reputation: 518Reputation: 518Reputation: 518Reputation: 518Reputation: 518
A little. But you have to balance that with your desire to receive legit mail. Me, I do not have that directive enabled in my postfix.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
how to configure postfix to reject spams xlh3110 Linux - Server 18 12-19-2006 08:08 AM
Email HELO Question msound Linux - Networking 1 12-04-2006 10:39 AM
Postfix Require Helo Workaround gr0undz3r0 Linux - Server 2 10-23-2006 01:30 PM
postfix loses SMTP connection after HELO josephswagner Linux - Networking 3 10-21-2004 12:30 PM
Postfix: Bad HELO???? emilioestevezz Linux - Networking 2 05-11-2004 11:20 AM


All times are GMT -5. The time now is 11:45 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration