Search results for https


Now with SSL goodness
Britain needs a better anthem
Apache vs nginx?
Postfix Antispam
Snooker commentators
Thailand 2012
Table football
When things go wrong on Linux
Plunkett and Macleane
Peer's certificate has an invalid signature. (solved)
Video games
Enjoyable development
PFS in Firefox
Backup your LUKS header and LVM config
UK voting system
Safe browsing
Compiling gqrx on CentOS
Let's Encrypt
Offsite backup with iSCSI
Downloading Scala
Quick virtualisation guide
Linux and the Kenwood TS 590SG
Live Amateur Radio contacts
Proportional results of 2017 UK General Election
Plus symbols in email addresses
UK Taps


Of course, there'll always be some mail servers that don't follow the RFCs properly.

Checking the logs, I noticed the following:

Sep 26 03:11:47 hosting postfix/smtpd[19263]: connect from[]
Sep 26 03:11:49 hosting postfix/smtpd[19263]: NOQUEUE: reject: RCPT from[]: 450 4.7.1 <>: Helo command rejected: Host not found; from=<> to=<a.user@a.domain> proto=ESMTP helo=<>
Sep 26 03:11:49 hosting postfix/smtpd[19263]: disconnect from[]

Now, according to the SMTP RFC (

The domain name given in the EHLO command MUST BE either a primary
host name (a domain name that resolves to an A RR) or, if the host
has no name, an address literal as described in section

So why isn't there a DNS entry for

Anyway, to allow these broken setups to skip the "reject_unknown_hostname" in "smtpd_helo_restrictions", (as I don't want to disable it - it catches 95% of the spam) - you need to do the following:
* In, add parent_domain_matches_subdomains = yes
* In the smtpd_helo_restrictions section, add "check_helo_access hash:/etc/postfix/helo_access"
* In that helo_access file, list the offending "HELO/EHLOs" - in this case: OK

* Finally, run postmap /etc/postfix/helo_access to build the DB file, and restart postfix.

It does appear to be a problem more with some mail server admins than others. (