Perfect - a minor tweak and it worked as advertised. Thanks much Victor!
...Kevin -- Kevin Miller Network/email Administrator, CBJ MIS Dept. 155 South Seward Street Juneau, Alaska 99801 Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357 -----Original Message----- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Viktor Dukhovni Sent: Monday, August 14, 2017 2:52 PM To: postfix-users@postfix.org Subject: Re: Helo issue On Mon, Aug 14, 2017 at 10:41:05PM +0000, Kevin Miller wrote: > smtpd_helo_restrictions = permit_mynetworks > reject_non_fqdn_helo_hostname > reject_invalid_helo_hostname This would be a complete solution, but ... > smtpd_recipient_restrictions = permit_inet_interfaces > permit_sasl_authenticated > reject_unknown_sender_domain > reject_non_fqdn_sender > reject_non_fqdn_recipient > reject_unauth_pipelining > reject_invalid_hostname > reject_non_fqdn_hostname > ... >From the postconf(5) manpage: reject_non_fqdn_helo_hostname (with Postfix < 2.3: reject_non_fqdn_hostname) Reject the request when the HELO or EHLO hostname is not in fully-qualified domain or address literal form, as required by the RFC. Note: specify "smtpd_helo_required = yes" to fully enforce this restriction (without "smtpd_helo_required = yes", a client can simply skip reject_non_fqdn_helo_hostname by not sending HELO or EHLO). The non_fqdn_reject_code parameter specifies the response code for rejected requests (default: 504). The legacy "reject_non_fqdn_hostname" is a synonym for the now preferred (less confusing) reject_non_fqdn_helo_hostname. Remove this from the recipient restrictions, as you already have it it helo restrictions. -- Viktor.
