RFC1123 is updated by, among others, RFC5321 which says in section 4.1.4: An SMTP server MAY verify that the domain name argument in the EHLO command actually corresponds to the IP address of the client. However, if the verification fails, the server MUST NOT refuse to accept a message on that basis. Information captured in the verification attempt is for logging and tracing purposes. Note that this prohibition applies to the matching of the parameter to its IP address only; see Section 7.9 for a more extensive discussion of rejecting incoming connections or mail messages.
And t hen in section 7.9: It is a well-established principle that an SMTP server may refuse to accept mail for any operational or technical reason that makes sense to the site providing the server. John On Wed, Aug 2, 2017 at 2:43 PM, Tomasz Mrugalski <spam.post...@klub.com.pl> wrote: > Hi, > > I was investigating a rejected e-mail that was sent with the following > error message: > > NOQUEUE: reject: RCPT from unknown[46.248.167.50]: 504 5.5.2 > <taiwangun-1>: Helo command rejected: need fully-qualified hostname; > from=<w...@tajeb.atomstore.pl> to=<myem...@mydomain.com.pl> proto=ESMTP > helo=<taiwangun-1> > > It was rejected, because I have reject_non_fqdn_hostname set in my > postfix. Sending HELO (not EHLO) with a non-fqdn hostname seems wrong > and I wanted to find specific RFC that governs that. Here's what the man > page for postfix says: > > Reject the request when the HELO or EHLO hostname is not in fully- > qualified domain or address literal form, as required by the RFC. > > Sadly, it does not cite specific RFC. So I kept digging. Here's what I > found. RFC1123, section 5.2.5 says: > > The sender-SMTP MUST ensure that the <domain> parameter in a > HELO command is a valid principal host domain name for the > client host. > > But then there's this: > > However, the receiver MUST NOT refuse to accept a message, even if > the sender's HELO command fails verification. > > My interpretation is that with reject_non_fqdn_helo_hostname, postfix > violates that MUST NOT. Is my interpretation correct? If that is so, > perhaps docs should be updated pointing that out. I very well understand > why people may want to use that option (I use it myself). It's just a > matter of the docs being a bit misleading with the "as required by the > RFC" part. > > Thoughts? > > If that makes any difference, my postfix is 2.11.3 running on Debian. > > Tomek Mrugalski > > p.s. > I'm absolute beginner with SMTP, but have quite a bit of experience with > IETF and RFCs. >
