calum.org:~#

Search results for email


Posts


Encona Hot Pepper sauce
CentOS
Postfix Antispam
Email blacklists
Buying a Linux laptop - without paying the Microsoft Tax
IPv6
Java logging
24-hour news channels
Plus symbols in email addresses

Comments


Of course, there'll always be some mail servers that don't follow the RFCs properly.

Checking the logs, I noticed the following:

Sep 26 03:11:47 hosting postfix/smtpd[19263]: connect from mail7.exchange.microsoft.com[131.107.1.27]
Sep 26 03:11:49 hosting postfix/smtpd[19263]: NOQUEUE: reject: RCPT from mail7.exchange.microsoft.com[131.107.1.27]: 450 4.7.1 <df-gwy-07.exchange.corp.microsoft.com>: Helo command rejected: Host not found; from=<a.user@exchange.microsoft.com> to=<a.user@a.domain> proto=ESMTP helo=<df-gwy-07.exchange.corp.microsoft.com>
Sep 26 03:11:49 hosting postfix/smtpd[19263]: disconnect from mail7.exchange.microsoft.com[131.107.1.27]

Now, according to the SMTP RFC (http://www.ietf.org/rfc/rfc2821.txt):

The domain name given in the EHLO command MUST BE either a primary
host name (a domain name that resolves to an A RR) or, if the host
has no name, an address literal as described in section 4.1.1.1.

So why isn't there a DNS entry for df-gwy-07.exchange.corp.microsoft.com?

Anyway, to allow these broken setups to skip the "reject_unknown_hostname" in "smtpd_helo_restrictions", (as I don't want to disable it - it catches 95% of the spam) - you need to do the following:
* In main.cf, add parent_domain_matches_subdomains = yes
* In the smtpd_helo_restrictions section, add "check_helo_access hash:/etc/postfix/helo_access"
* In that helo_access file, list the offending "HELO/EHLOs" - in this case:

.exchange.corp.microsoft.com OK

* Finally, run postmap /etc/postfix/helo_access to build the DB file, and restart postfix.

It does appear to be a problem more with some mail server admins than others. (https://www.nearlyfreespeech.net/about/email.php#software)