Matus UHLAR - fantomas:
> Hello,
>
> looking at postfix logs I found out that with standard restrictions
> inherited from main.cf at ports 465/587, the client gets error message like:
>
> May 30 12:05:04 mail postfix/submission/smtpd[22649]: NOQUEUE: reject: RCPT
> from unknown[192.0.2.1]: 504 5.5.2 <redacted>: Helo command rejected: need
> fully-qualified hostname; from=<x...@example.com> to=<y...@example.com>
> proto=ESMTP helo=<redacted>
This was blocked by reject_unknown_client_hostname .
> while the proper message could be "authentication required".
>
> standard master.cf contains proposed overrides for submission/submissions
> services:
>
> # -o smtpd_client_restrictions=$mua_client_restrictions
> # -o smtpd_helo_restrictions=$mua_helo_restrictions
> # -o smtpd_sender_restrictions=$mua_sender_restrictions
>
> but no proposed values for those.
> So, I'd go with something like:
>
> mua_client_restrictions=permit_sasl_authenticated, reject
> mua_helo_restrictions=permit_sasl_authenticated, reject
If you don't uncomment all lines with
-o smtpd_xxx_restrictions=$mua_xxx_restrictions,
then your submission/smtps service will use the main.cf
smtpd_xxx_restrictions, and that is where you have configured
reject_unknown_client_hostname.
Wietse
