Hello, My server is the perfect server debian9. I can send a receive no problem however from one domain, I cannot receive emails and here is what they get. Code: Reporting-MTA: dns; AVSGTW-D02VM.sender.com Final-recipient: RFC822; [email protected] Action: failed Status: 4.7.1 Remote-MTA: dns; mail.mydomain.com X-Supplementary-Info: <mail.mydomain.com #4.7.1 smtp; 450 4.7.1 <AVSGTW-D02VM.sender.com>: Helo command rejected: Host not found> What could be the problem? Is it at my end or the sender?
Hello, in my opinion it is the sender. It seems the DNS entry for the host given in the "Helo" command is missing. You can check by trying to resolve the given hostname using "dig" or "host". If you don't get a valid A record it's definitely the sender's fault.
Thanks for the quick reply, here is what I get with dig. Code: dig mail.mydomain.com ; <<>> DiG 9.10.6 <<>> mail.mydomain.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12698 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;mail.mydomain.com. IN A ;; ANSWER SECTION: mail.mydomain.com. 3600 IN A x.y.z.w ;; AUTHORITY SECTION: mydomain.com. 10000 IN NS ns1.mydomain.com. mydomain.com. 10000 IN NS ns2.mydomain.com. ;; ADDITIONAL SECTION: ns1.mydomain.com. 10000 IN A x.y.z.w ns2.mydomain.com. 10000 IN A x.y.z.w ;; Query time: 48 msec ;; SERVER: 172.16.0.1#53(172.16.0.1) ;; WHEN: Fri Oct 19 08:07:27 EDT 2018 ;; MSG SIZE rcvd: 118
I don't mean your domain, but the sender's domain <AVSGTW-D02VM.sender.com>: Helo command rejected: Host not found> So AVSGTW-D02VM.sender.com must be a valid DNS entry, which it isn't I assume.
Thanks for the quick support It is very tough to control the senders and it seems that some mail clients are not sending acceptable HELO message. How do I disable such check or what is the best to deal with the situation? Thanks in advance,
It is NOT the mail client that is sending helo messages that lead to problems. In the mail server config there should always be the "authenticated_sender" allow rule in front of the "helo" reject rule. So mail client helo will be ignored because the sender is authenticated. If the mails come from a foreign server, the helo is NOT from the mail client but from the sending mail server. This should NOT be ignored, it should be configured correctly on the sender's side. Helo messages from real mail servers that use invalid dns servers are often spammers, so you would not do any good loosen the checks.
Thanks Croydon, Concerning the authenticated_sender that should be at the sender server and not our receiving server, Correct? In other words, is there anything to be done at the receiving end to make it work but safely? Are we able to do something with the whitelist?
No, I mean if a mail client connects directly to your server to send mail - and sends and invalid helo - this should not be a problem due to authentication. You cannot do anything but telling the sender to get their DNS entries corrected (or their mail server config). Whitelisting would not do anything useful in my opinion. Whitelisting the helo string would lead to anyone spoofing that one being whitelisted.
What you are saying makes a lot of sense to us however our client is mad that he cannot receive emails from a big company that does not want to cooperate with them. It looks like there is no way (cannot place exception) that you could do to make senders from a domain to not go through any checks.
There is a way to do that but I think you must do it by hand and modify the postfix config. I googled a bit and found this tipp: I have not tested this, though, of course.
