calum.org:~#

Search results for software


Posts


A better round-robin DNS server
Software patents
Linux and multimedia
Jesus saves, but Buddha makes incremental backups
How to update your Nokia N80 to the N80 Internet Edition firmware
rm strcpy
HOWTO: Linux and iSCSI
Enjoyable development
systemd
Safe browsing
Compiling gqrx on CentOS

Comments


Of course, there'll always be some mail servers that don't follow the RFCs properly.

Checking the logs, I noticed the following:

Sep 26 03:11:47 hosting postfix/smtpd[19263]: connect from mail7.exchange.microsoft.com[131.107.1.27]
Sep 26 03:11:49 hosting postfix/smtpd[19263]: NOQUEUE: reject: RCPT from mail7.exchange.microsoft.com[131.107.1.27]: 450 4.7.1 <df-gwy-07.exchange.corp.microsoft.com>: Helo command rejected: Host not found; from=<a.user@exchange.microsoft.com> to=<a.user@a.domain> proto=ESMTP helo=<df-gwy-07.exchange.corp.microsoft.com>
Sep 26 03:11:49 hosting postfix/smtpd[19263]: disconnect from mail7.exchange.microsoft.com[131.107.1.27]

Now, according to the SMTP RFC (http://www.ietf.org/rfc/rfc2821.txt):

The domain name given in the EHLO command MUST BE either a primary
host name (a domain name that resolves to an A RR) or, if the host
has no name, an address literal as described in section 4.1.1.1.

So why isn't there a DNS entry for df-gwy-07.exchange.corp.microsoft.com?

Anyway, to allow these broken setups to skip the "reject_unknown_hostname" in "smtpd_helo_restrictions", (as I don't want to disable it - it catches 95% of the spam) - you need to do the following:
* In main.cf, add parent_domain_matches_subdomains = yes
* In the smtpd_helo_restrictions section, add "check_helo_access hash:/etc/postfix/helo_access"
* In that helo_access file, list the offending "HELO/EHLOs" - in this case:

.exchange.corp.microsoft.com OK

* Finally, run postmap /etc/postfix/helo_access to build the DB file, and restart postfix.

It does appear to be a problem more with some mail server admins than others. (https://www.nearlyfreespeech.net/about/email.php#software)