Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Helo command - Need Change postfix settings

  1. #1
    Join Date
    Apr 2007
    Posts
    3
    Rep Power
    8

    Exclamation Helo command - Need Change postfix settings

    Hello all!

    I have problem with one incoming mails from one server. It is very importnant!
    postfix reject mails sent from this domain mailserver because, it has wrong defined mx records
    i browse forums i found that i need do this
    "You need to turn off the appropriate DNS/HELO check(s). Postfix is rejecting the mail because the MX record doesn't match the hostname the server announces itself as."
    But i cant do that because domain we host has very very much spam.
    I need help where to add in postix settings that postix dont scan/check from this domain e-mails for mx records.

    log part:

    Feb 26 11:55:48 mail postfix/smtpd[31847]: NOQUEUE: reject: RCPT from mail.domain.com[xx.xxx.x.xx]: 450 : Helo command rejected: Host not found; from= to= proto=ESMTP helo=
    Feb 26 11:55:48 snmail postfix/smtpd[31847]: disconnect from mail.domain.com[xx.xxx.x.xx]
    Feb 26 11:56:03 snmail zmtomcatmgr[32097]: status requested
    Feb 26 11:56:03 snmail zmtomcatmgr[32097]: status OK
    Feb 26 11:55:48 snmail last message repeated 2 times

    fc5 Release 4.5.5_GA_838.FC5_20070503175107 FC5 FOSS edition


    Please help. I'm newbie with postix.

  2. #2
    Join Date
    May 2007
    Location
    Oklahoma
    Posts
    703
    Rep Power
    9

    Default

    If you have the IP address of this server you could add it to the trusted networks in the Admin GUI. Something like this - xxx.xxx.xxx.xxx/32 . This will narrow it down to only that IP and postfix should accept mail from the server.

  3. #3
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by Bill Brock View Post
    If you have the IP address of this server you could add it to the trusted networks in the Admin GUI. Something like this - xxx.xxx.xxx.xxx/32 . This will narrow it down to only that IP and postfix should accept mail from the server.
    I would suggest that's not a wise thing to do as it could allow the external server to relay mail though the receiving server (i.e. spam). The best course of action would be to use a whitelist, check this section of the wiki article.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  4. #4
    Join Date
    May 2007
    Location
    Oklahoma
    Posts
    703
    Rep Power
    9

    Default

    A white list will open up the whole domain And the helo command is a lot easier to spoof than an IP address. Any machine claiming to be from that domain could send mail. Isolating one IP of a legitimate mail server seems more logical to me.

    But that's just my opinion. :-)

  5. #5
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    A whitelist doesn't necessarily open up the whole domain, you can restrict it to a specific email address. Allowing a mail server to connect to you will allow any user that can send mail via the remote server to relay mail through your server - the potential for a spammer is there.

    Who said the sending mail server, in this case, is legitimate? As they can't even get their DNS correct how lax are they likely to be? I wouldn't know the answer to either of those questions, it's better to err on the side of caution.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  6. #6
    Join Date
    May 2007
    Location
    Oklahoma
    Posts
    703
    Rep Power
    9

    Default

    He obviously wants to receive mail from that one server or he wouldn't be asking to.

  7. #7
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by Bill Brock View Post
    He obviously wants to receive mail from that one server or he wouldn't be asking to.
    I think I could actually work that out, however, it still doesn't make the server 'legitimate' and it still leaves him open to any remote user on that server using him as a spam relay.

    Still, it's his choice to do what he wants and he's at liberty to ignore any of the advice I've given - I can live with that.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  8. #8
    Join Date
    May 2007
    Posts
    3
    Rep Power
    8

    Default

    That is a legitimate concern for a more public domain, but a small company domain should be safe shouldn't it? I am running in to this HELO problem with large amount of our client's domains which is frustrating for our users and for outside clients as well. This seems to be a new problem stemming from our recent server update. Since the HELO statement is not necessarily reliable and apparently many times the servers internal host name, would it make since to not perform this check and rely more on the reverse dns?

  9. #9
    Join Date
    May 2007
    Location
    Oklahoma
    Posts
    703
    Rep Power
    9

    Default

    This is only a problem when RFC are not followed. Anyone setting up a domain and a mail server or web server or any other service should take it upon themselves to learn how to do it right. If they are not going to take the time to do it right then they shouldn't do it at all!

    I work hard to make sure my IT is done correctly and it irks me when others don't. That is one of the main reason why the Internet has so many problems today.

  10. #10
    Join Date
    May 2007
    Location
    Oklahoma
    Posts
    703
    Rep Power
    9

    Default

    I've read in the forum where Zimbra reverse DNS's. I have two ZCS mail servers running. One reverse DNS's to its HELO name the other to its generic ISP's name. I have no trouble with either server sending mail. I believe ZCS looks for the MX and A records and then simply any revers DNS entry to make sure the host exists in the Internet properly.

    All three, MX, A-record, and reverse DNS are such basic Internet principles that to not set them up properly is egregious.

Similar Threads

  1. How to change initial installation settings
    By paul.terhune@gmail.com in forum Installation
    Replies: 1
    Last Post: 02-15-2008, 11:06 PM
  2. 5.0 RC1: admin interface: no statistics, no mail queue
    By christian.kieft in forum Administrators
    Replies: 1
    Last Post: 11-13-2007, 08:22 AM
  3. Replies: 3
    Last Post: 11-03-2007, 10:55 PM
  4. Change default quoting/reply settings?
    By gkra in forum Administrators
    Replies: 0
    Last Post: 09-17-2007, 09:03 AM
  5. Replies: 0
    Last Post: 11-16-2006, 06:28 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •