I'm making an assumption, here. You know how dangerous assumptions
are. My assumption is that you're running an exchange server. You need
to modify the helo/ehlo repsonse.
https://social.technet.microsoft.com/Forums/azure/en-US/4dde9b79-18e4-407f-8edc-896e6c40eb25/need-to-modify-server-response-to-ehlo-helo?forum=exchangesvradmin
Cheers,
Curtis
On 7/1/19 1:24 AM, subscription1 wrote:
I'd appreciate you help with the following:
I'm looking after two server on 2 differents domains. During testing I
found the following issue.
On the sending server I get the following
Jul 1 14:18:24 mail postfix/smtp[2135]: 9172F5FA8D: host
mail1.xxxx.com[xxx.xxx.231.229] said: 450 4.7.25 Client host rejected:
cannot find your hostname, [xxx.xxx.73.197] (in reply to RCPT TO command)
On the receiving server I get:
Jul 1 06:18:21 mail1 postfix/postscreen[19345]: CONNECT from
[xxx.xxx.73.197]:44014 to [xxx.xxx.231.229]:25
Jul 1 06:18:21 mail1 postfix/postscreen[19345]: PASS OLD
[xxx.xxx.73.197]:44014
Jul 1 06:18:21 mail1 postfix/smtpd[19348]: warning: hostname
dc1.xxx.com.au does not resolve to address xxx.xxx.73.197: Name or
service not known
Jul 1 06:18:21 mail1 postfix/smtpd[19348]: connect from
unknown[xxx.xxx.73.197]
Jul 1 06:18:24 mail1 postfix/smtpd[19348]: NOQUEUE: reject: RCPT from
unknown[xxx.xxx.73.197]: 450 4.7.25 Client host rejected: cannot find
your hostname, [150.107.73.197]; from=<ad...@xxx.net> to=<l...@xxx.com>
proto=ESMTP helo=<mail.xxx.net>
I can ping 'mail.xxx.net' on this server ok.
--------------------Sending Server postconf -n
output------------------------------------
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
compatibility_level = 2
delay_warning_time = 4h
inet_interfaces = 127.0.0.1, ::1, xxx.xxx.73.197
inet_protocols = all
local_recipient_maps = $virtual_mailbox_maps
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
message_size_limit = 52428800
milter_default_action = accept
milter_mail_macros = i {mail_addr} {client_addr} {client_name}
{auth_authen}
milter_protocol = 6
mua_client_restrictions =
permit_mynetworks,permit_sasl_authenticated,reject
mua_relay_restrictions =
reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_mynetworks,permit_sasl_authenticated,reject
mua_sender_restrictions =
permit_mynetworks,reject_non_fqdn_sender,reject_sender_login_mismatch,permit_sasl_authenticated,reject
mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = xxx.net
myhostname = mail.xxx.net
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
non_smtpd_milters = inet:localhost:11332
postscreen_access_list = permit_mynetworks
cidr:/etc/postfix/postscreen_access
postscreen_blacklist_action = drop
postscreen_dnsbl_action = drop
postscreen_dnsbl_sites = ix.dnsbl.manitu.net*2 zen.spamhaus.org*2
postscreen_dnsbl_threshold = 2
postscreen_greet_action = drop
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_dns_support_level = dnssec
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_ciphers = high
smtp_tls_policy_maps = mysql:/etc/postfix/sql/tls-policy.cf
smtp_tls_protocols = !SSLv2, !SSLv3
smtp_tls_security_level = dane
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = mail.xxx.net
smtpd_client_restrictions = permit_mynetworks check_client_access
hash:/etc/postfix/without_ptr reject_unknown_client_hostname
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks
reject_invalid_helo_hostname reject_non_fqdn_helo_hostname
reject_unknown_helo_hostname
smtpd_milters = inet:localhost:11332
smtpd_recipient_restrictions = check_recipient_access
mysql:/etc/postfix/sql/recipient-access.cf
smtpd_relay_restrictions = reject_non_fqdn_recipient
reject_unknown_recipient_domain permit_mynetworks
reject_unauth_destination
smtpd_tls_cert_file = /etc/ssl/certs/2803b51614cb032f.crt
smtpd_tls_ciphers = high
smtpd_tls_key_file = /etc/ssl/private/wildcard.xxx.net.key
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
tls_high_cipherlist =
EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA
tls_preempt_cipherlist = yes
tls_ssl_options = NO_COMPRESSION
virtual_alias_maps = mysql:/etc/postfix/sql/aliases.cf
virtual_mailbox_domains = mysql:/etc/postfix/sql/domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/sql/accounts.cf
virtual_transport = lmtp:unix:private/dovecot-lmtp
--------------------------------------------------------------------
----------------Sending Server postconf -Mf output ---------------
smtp inet n - y - 1 postscreen
-o smtpd_sasl_auth_enable=no
smtpd pass - - y - - smtpd
dnsblog unix - - y - 0 dnsblog
tlsproxy unix - - y - 0 tlsproxy
9925 inet n - y - - smtpd
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
-o smtpd_sasl_security_options=noanonymous
-o smtpd_client_restrictions=$mua_client_restrictions
-o smtpd_sender_restrictions=$mua_sender_restrictions
-o smtpd_relay_restrictions=$mua_relay_restrictions
-o milter_macro_daemon_name=ORIGINATING
-o
smtpd_sender_login_maps=mysql:/etc/postfix/sql/sender-login-maps.cf
-o smtpd_helo_required=no
-o smtpd_helo_restrictions=
-o cleanup_service_name=submission-header-cleanup
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
scache unix - - y - 1 scache
submission-header-cleanup unix n - n - 0 cleanup
-o header_checks=regexp:/etc/postfix/submission_header_cleanup
-------------
I have searched the (sending) server but cannot find the place that
sets the hostname for the outgoing email to "dc1.xxx.com.au" when
everything on that server is "mail.xxx.net"
Thanks
--
Best Regards Curtis Maurand
mailto:cur...@maurand.com
