Hi, I've a user who had their mail rejected for not presenting a FQDN as part of the SMTP HELO, yet they were sasl authenticated.
The log says: Apr 1 01:06:31 paddington postfix/smtpd[3215]: NOQUEUE: reject: RCPT from xxx.blueyonder.co.uk[92.xxx.xxx.xxx]: 504 <titan>: Helo command rejected: need fully-qualified hostname; from=<b...@example.com> to=< russ...@example.com> proto=ESMTP helo=<titan> And main.cf has smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_client_access hash:/etc/postfix/access, reject_unauth_destination hash:/etc/postfix/block, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_invalid_hostname, reject_unknown_sender_domain, check_relay_domains I thought is premit_sasl_authenticated came first, then that would take precidence over the reject_non_fqdn, is that not the case, or is something else wrong? postconf -n is below. Thanks for any suggestions, Russell. --- postconf -n --- access_map_reject_code = 550 alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases body_checks = pcre:/etc/postfix/virus bounce_size_limit = 1000 broken_sasl_auth_clients = yes canonical_maps = hash:/etc/postfix/canonical command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/lib/postfix debug_peer_level = 3 default_destination_concurrency_limit = 20 default_process_limit = 20 defer_transports = disable_dns_lookups = no disable_vrfy_command = yes header_checks = pcre:/etc/postfix/headerchecks html_directory = /usr/share/doc/packages/postfix/html invalid_hostname_reject_code = 501 lmtp_sasl_security_options = noanonymous local_destination_concurrency_limit = 3 local_recipient_maps = mail_name = Postfix ESMTP $myhostname mail_spool_directory = /var/mail mailbox_transport = lmtp:unix:/var/spool/postfix/socket/lmtp mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man maps_rbl_domains = blackholes.mail-abuse.org, sbl.spamhaus.org, bl.spamcop.net, blackholes.easynet.nl maps_rbl_reject_code = 550 masquerade_exceptions = root message_size_limit = 35000000 mime_header_checks = pcre:/etc/postfix/virus mydestination = example.com mynetworks = 87.117.xxx.xxx myorigin = example.com newaliases_path = /usr/bin/newaliases owner_request_special = no readme_directory = /usr/share/doc/packages/postfix/README_FILES recipient_delimiter = + reject_code = 550 relay_domains_reject_code = 550 relocated_maps = hash:/etc/postfix/relocated sample_directory = /usr/share/doc/packages/postfix/samples sendmail_path = /usr/sbin/sendmail setgid_group = maildrop smtp_sasl_security_options = smtp_tls_CAfile = /etc/postfix/certs/ssl.ca smtp_tls_cert_file = /etc/postfix/certs/ssl.cert smtp_tls_key_file = /etc/postfix/certs/ssl.key smtp_tls_loglevel = 1 smtp_tls_note_starttls_offer = yes smtp_tls_session_cache_database = sdbm:/etc/postfix/cache/smtp_scache smtp_tls_session_cache_timeout = 3600s smtp_use_tls = yes smtpd_client_restrictions = hash:/etc/postfix/access, reject_maps_rbl smtpd_delay_reject = no smtpd_helo_required = yes smtpd_recipient_limit = 300 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_client_access hash:/etc/postfix/access, reject_unauth_destination hash:/etc/postfix/block, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_invalid_hostname, reject_unknown_sender_domain, check_relay_domains smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = foo smtpd_sasl_security_options = noanonymous smtpd_sender_restrictions = check_sender_access, hash:/etc/postfix/spammers smtpd_tls_CAfile = /etc/postfix/certs/ssl.ca smtpd_tls_ask_ccert = yes smtpd_tls_cert_file = /etc/postfix/certs/ssl.cert smtpd_tls_key_file = /etc/postfix/certs/ssl.key smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_database = sdbm:/etc/postfix/cache/smtpd_scache smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes strict_rfc821_envelopes = yes tls_random_source = dev:/dev/urandom transport_maps = hash:/etc/postfix/transport unknown_address_reject_code = 450 unknown_client_reject_code = 450 unknown_hostname_reject_code = 450 unknown_local_recipient_reject_code = 450
