In an effort to reduce spam, I recently enabled reject_unknown_hostname in Zimbra 6.04 via the admin panel. I've checked the logs to verify that this is indeed blocking a lot of spam. A few legitimate inbound emails are getting blocked with the error 450 4.7.1 Helo command rejected: Host not found;, but I handle this by maintaining a white list in postfix_recipient_restrictions.cf.

Today I had a user contact me about a legitimate sender who was having her mail rejected with the above-noted error. When I checked the logs, I noticed that an earlier mail from the same sender had made it through. Why would postfix decide to reject the sender after an earlier email from the same sender was accepted? In checking my logs, it appears that this has happened more than once with different senders.

In both cases, the helo host was the same. A reverse lookup shows the IP to be valid, but doesn't match the host name sent by the Helo command. Could this be a DNS timeout error?

Following are the two entries in my logs, the first being successful and the second being rejected.

Mar 24 09:11:17 freedomics postfix/smtpd[2927]: connect from mail.pti.cc[72.215.236.181]
Mar 24 09:11:18 freedomics postfix/smtpd[2927]: B5B2319B065C: client=mail.pti.cc[72.215.236.181]
Mar 24 09:11:19 freedomics amavis[18294]: (18294-16) Checking: elU+uYIZHqYP [72.215.236.181] <ACamp@ptitime.com> -> <jeremy@freedomics.com>
Mar 24 09:11:19 freedomics postfix/smtpd[2927]: disconnect from mail.pti.cc[72.215.236.181]
Mar 24 09:11:19 freedomics amavis[18294]: (18294-16) Passed CLEAN, [72.215.236.181] [72.215.236.181] <ACamp@ptitime.com> -> <jeremy@freedomics.com>, Message-ID: <B3C0CE4436B5FF4A8C81DCE0E048BA6B0186C732@fs3.pti.cc>, mail_id: elU+uYIZHqYP, Hits: 1.677, size: 1665, queued_as: 9BCFDDC0005, 631 ms


Mar 24 09:23:18 freedomics postfix/smtpd[15355]: connect from mail.pti.cc[72.215.236.181]
Mar 24 09:23:18 freedomics postfix/smtpd[15355]: NOQUEUE: reject: RCPT from mail.pti.cc[72.215.236.181]: 450 4.7.1 <fs3.pti.cc>: Helo command rejected: Host not found; from=<ACamp@ptitime.com> to=<jeremy@freedomics.com> proto=ESMTP helo=<fs3.pti.cc>
Mar 24 09:23:18 freedomics postfix/smtpd[15355]: lost connection after RSET from mail.pti.cc[72.215.236.181]
Mar 24 09:23:18 freedomics postfix/smtpd[15355]: disconnect from mail.pti.cc[72.215.236.181]