On Thu, Jan 21, 2021 at 03:44:04PM +0100, Jeff Abrahamson wrote: > >> http://www.postfix.org/postconf.5.html#smtpd_helo_restrictions > >> > >> reject_unknown_helo_hostname (with Postfix < 2.3: reject_unknown_hostname) > >> Reject the request when the HELO or EHLO hostname has no DNS A or MX > >> record. > > ... and your HELO is from: > > > > 450 4.7.1 <SERVDMZMAIL.mairie-carquefou.fr>: > > Helo command rejected: Host not found; > > > > which doesn't appear to resolve. > > OK, thanks, that's what I'd tentatively concluded, but it's a kind of > big ISP (OVH), so I have to at least ask myself if I've misunderstood > before being too convinced that they've misconfigured their DNS.
You have elected to require that the EHLO hostname of SMTP clients (sending MTAs) (if not a domain [literal]) be an extant domain name, that resolves to an IP address or MX RRset. While this is an RFC requirement: https://tools.ietf.org/html/rfc5321#section-4.1.1.1 These commands are used to identify the SMTP client to the SMTP server. The argument clause contains the fully-qualified domain name of the SMTP client, if one is available. In situations in which the SMTP client system does not have a meaningful domain name (e.g., when its address is dynamically allocated and no reverse mapping record is available), the client SHOULD send an address literal (see Section 4.1.3). This optional restriction is known to have a non-trivial false-positive rate, such as the one you observed. You can (with care to avoid making your server into an accidental open-relay) whitelist some names, or avoid using the restriction. The latter is probably the simplest. -- Viktor.
