Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: reject_non_fqdn_hostname

  1. #1
    Join Date
    Mar 2008
    Location
    Canada
    Posts
    148
    Rep Power
    7

    Default reject_non_fqdn_hostname

    I'm dealing with the following error and it leads me to a question...

    Oct 7 01:09:23 z1 postfix/smtpd[16656]: NOQUEUE: reject: RCPT from S010600173fbe827d.ek.shawcable.net[24.66.18.126]: 504 5.5.2 <Kays>: Helo command rejected: need fully-qualified hostname; from=<kristen@domainname.ext> to=<pete@domainname.ext> proto=ESMTP helo=<Kays>

    From what I see on the forums I disable reject_non_fqdn_hostname in the MTA section of the zimbra administrator. Fine that's a resolution, but my concern is that this error is coming up at all.

    Having read the description of FQDN on wikipedia:
    Fully qualified domain name - Wikipedia, the free encyclopedia
    from what I can see S010600173fbe827d.ek.shawcable.net is a FQDN, has a valid reverse DNS lookup, and as such should not be triggering this error.

    However, helo=<Kays> is likely where the issue is coming from since it's the helo that's being checked right? So why would Outlook be using "Kays" which I'm guessing is the computers network name rather than the FQDN? I would rather not have to disable reject_non_fqdn_hostname if it is actually a useful tool in reducing spam....

    Here's something I just read that makes this sound like a Zimbra/Postfix problem:

    the addresses used in EHLO/HELO are supposed to be added by the SMTP server and outlook only adds if it the server does not.
    Last edited by rotorboy; 10-07-2010 at 11:39 AM. Reason: New Information....

  2. #2
    Join Date
    Mar 2008
    Location
    Canada
    Posts
    148
    Rep Power
    7

    Default reject_non_fqdn_hostname

    Has anyone else been having problems with the FQDN requirement issue?

  3. #3
    Join Date
    Jan 2009
    Posts
    369
    Rep Power
    6

    Default

    Let's uncheck these options:
    - Reject_unknow_client
    - reject_unknow_hostname
    After that, please do:
    - with zimbra, type:
    postfix reload.

  4. #4
    Join Date
    Sep 2010
    Posts
    30
    Rep Power
    5

    Default

    Oct 7 01:09:23 z1 postfix/smtpd[16656]: NOQUEUE: reject: RCPT from S010600173fbe827d.ek.shawcable.net[24.66.18.126]: 504 5.5.2 <Kays>: Helo command rejected: need fully-qualified hostname; from=<kristen@domainname.ext> to=<pete@domainname.ext> proto=ESMTP helo=<Kays>
    That's OK. You don't want mail from senders that do not use an FQDN in the helo/ehlo, as they are most likely spammers, or, in rare cases, admins who don't know how to configure their servers correctly.

    So in my postfix installations I use this check very early: "Don't talk to someone who doesn't want to tell his correct name.".

    In general, I use:

    # everyone
    reject_non_fqdn_sender
    reject_non_fqdn_recipient
    reject_unknown_sender_domain
    reject_unknown_recipient_domain
    # ourselves
    permit_mynetworks
    permit_sasl_authenticated
    # from here on strangers
    check_helo_access hash:/etc/postfix/tables/check_helo_access
    reject_invalid_helo_hostname
    reject_non_fqdn_helo_hostname
    reject_unlisted_recipient
    reject_unauth_pipelining
    [...]
    Last edited by Alphaphi; 10-13-2010 at 06:25 AM.

  5. #5
    Join Date
    Apr 2008
    Location
    New Paltz, NY
    Posts
    336
    Rep Power
    7

    Default

    Its definitely the HELO/EHLO that is the issue, as Alphaphi stated:

    Oct 7 01:09:23 z1 postfix/smtpd[16656]: NOQUEUE: reject: RCPT from S010600173fbe827d.ek.shawcable.net[24.66.18.126]: 504 5.5.2 <Kays>: Helo command rejected: need fully-qualified hostname; from=<kristen@domainname.ext> to=<pete@domainname.ext> proto=ESMTP helo=<Kays>

    It is either a spammer, or misconfigured. If this is someone you want to be receiving mail from, advise them to have their FQDN set correctly for their MTA. There are occasionally vendors that my college does business with who have this screwed up. Its not something you want to worry about changing on your end or whitelisting.
    ---
    Paul Chauvet
    State University of New York at New Paltz

  6. #6
    Join Date
    Mar 2008
    Location
    Canada
    Posts
    148
    Rep Power
    7

    Default

    Thanks for the replies.

    helo=<Kays>
    This is generated by an authenticated (via email username/password) system user using Outlook 2003.
    They are a client of our Zimbra server. From what I'm reading, Zimbra should recognize authenticated users and either replace the helo with something appropriate or not apply the "reject_non_fqdn_hostname" check to authenticated senders....

  7. #7
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by rotorboy View Post
    This is generated by an authenticated (via email username/password) system user using Outlook 2003.
    They are a client of our Zimbra server. From what I'm reading, Zimbra should recognize authenticated users and either replace the helo with something appropriate or not apply the "reject_non_fqdn_hostname" check to authenticated senders....
    Your authenticated users should use the correct submission port which is 587 and not use port 25 for sending email. Try changing the Outlook of user 'Kays' and see if that resolves the problem.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  8. #8
    Join Date
    Mar 2008
    Location
    Canada
    Posts
    148
    Rep Power
    7

    Default

    Hello Bill,

    The ISP's here block port 25. The settings used are:

    Outgoing SMTP server: mail.domainname.ext
    "This server requires a secure connection (SSL)" or similar message should be checked.
    "Use same login details as incoming mail server" -- Checked
    SMTP Port: 465

    Thanks....

  9. #9
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by rotorboy View Post
    Hello Bill,

    The ISP's here block port 25. The settings used are:

    Outgoing SMTP server: mail.domainname.ext
    "This server requires a secure connection (SSL)" or similar message should be checked.
    "Use same login details as incoming mail server" -- Checked
    SMTP Port: 465
    Port 465 is still not the correct port, try 587 and see what happens with that.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  10. #10
    Join Date
    Mar 2008
    Location
    Canada
    Posts
    148
    Rep Power
    7

    Default

    I'll give it a try however we were following these instructions:

    Mail client Configuration - Zimbra :: Wiki

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •