Over reactive fail2ban

We could help you more if you provide the helo name. helo=<[email sender domain]>. As you posted the rspamd output, i assume it's "mail.gazley.com"?

 

@till @Jonathon Gilbert

I must correct myself here. I've just searched through alot of mailserver logs and came to the conclusion that there are next to none mails that have a invalid helo that send valid mail. There was 1 valid sender with a invalid helo.
So as @till already mentioned this is working on loads of systems and invalid helo are not the norm anymore and you should use helo rejects. In the early 2010's this was still an issue IIRC.

However regarding your case, if gazley.com uses mail.gazley.com as there helo name, they are the ones messing up here. If the helo name is gazley.com everything seems perfectly fine to me.

 

awesome. This has answered what i needed to know.
I think the primary issue is that my clients are repair and panel shops and their clients are small businesses with basic email services.
many of the issue i have had to deal with since setting up the new server is because of minor issue around ptr and missing a records. this sort of thing shouldnt stop emails coming into the server. the spamfilter should be doing that. having emails being blocked prior to the spam filter makes finding the issues really frustrating.

Thank you for your help guys. as always i couldnt have gotten back on track without you guys

 

i wasnt sure about posting the actual names of domains but these guys have been getting really frustrating to work with in fixing the issue.
this is the full message:

""Feb 17 01:22:33 itmail postfix/smtpd[594488]: NOQUEUE: reject: RCPT from mail.gazley.com[103.212.54.190]: 450 4.7.1 <GAZWLGEX01.gtgroup.co.nz>: Helo command rejected: Host not found; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<GAZWLGEX01.gtgroup.co.nz>""

 

This is the issue and it is their fault not yours. You may want to contact the their IT department and let them know of the issue.

Well no. It is correct to not waste any time on this by the spam services, as the most basic check can already say this is odd and not wanted mail. Why should this make finding the issue frustrating? In case of an issue check the mail logs and rspamd logs.

 

haha yeah i guess im still a noob at all this. kinda fell into running these servers and have staggered my way through it for the past 6 or 7 years... every time something goes wrong or i get hit with something new its frustrating haha. not the softwares fault. more my noviceness.

and il let them know because my client is ready to blow his top. most of the emails not coming through are from automated systems sending my client invoices. all small businesses with little to no IT support. so its no surprises there are a few issues.

but thanks to the advise. il leave the standard config alone and leave that option disabled as i havnt seen any more being blocked for that reason. and now i know what im looking for it will make it obvious to spot when the next issue comes through.

 

yes absolutely able to see now that. the reason i thought it was fail2ban was because the last few issues i had to edit the fail2ban whitelist for the emails to come through. and i only found them because they were getting blocked and showing in the fail2ban logs. i had not previously realised that the mail log would have anything useful as the IP was blocked so the email would never arrive.

cheers for your help Til. the premium membership for the past 5 years has been priceless.

 

Yep everyone is using 587. with ssl.