1 Topic by ck891052

  • ck891052
  • Member
  • Offline
  • Registered: 2018-12-06
  • Posts: 9

Topic: email problem

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.97
- Deployed with iRedMail Easy or the downloadable installer?
- Linux/BSD distribution name and version: ubutnu 14
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):  MYSQL
- Web server (Apache or Nginx):Apache
- Manage mail accounts with iRedAdmin-Pro?  yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
張SIR
以下是客戶寄過來我們檔信的錯誤訊息:
May 16 11:05:38 mailsvr postfix/smtpd[16409]: NOQUEUE: reject: RCPT from unknown[60.251.214.207]: 450 4.7.1 <bmcmse.benqmaterials.com>: Helo command rejected: Host not found; from=<Michelle.Chen@Sigma-medical.com.tw> to=<ben_lin@xxx.xxx> proto=ESMTP helo=<bmcmse.benqmaterials.com>

我有發現到是main.cf 底下
smtpd_helo_restrictions =
    permit_mynetworks
    permit_sasl_authenticated
    check_helo_access pcre:/etc/postfix/helo_access.pcre
    reject_non_fqdn_helo_hostname  <--- 這個註解掉就可以送達了
    reject_unknown_helo_hostname  <----這個註解掉就可以送達了
請問reject_non_fqdn_helo_hostname ,reject_unknown_helo_hostname 這2個註解掉 這會攸關安全性問題嗎?
還是我能怎ㄇ處理??

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by rain6966

  • rain6966
  • Member
  • Offline
  • Registered: 2012-04-13
  • Posts: 64

Re: email problem

在郵件伺服器上:   host -a Sigma-medical.com.tw
可查出他網域設置?

若不行 , 有可能郵件伺服器, 沒有向區網dns server 查詢機制 ;

若可以,"https://forum.iredmail.org/post56025.html#p56025" 也有人提問過 ,請參考 .

我是把 smtpd_helo_required = yes 改為 no ,
postfix 官網解釋:
"smtpd_helo_required (default: no)
    Require that a remote SMTP client introduces itself at the beginning of an SMTP session with the HELO or EHLO command.  "

也許版主有更好的方法.

3 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: email problem

“Helo command rejected: Host not found” 表示对方的 HELO hostname 无法通过 DNS 解析查询到。是对方的错误,不是你的 iRedMail 服务器设置错误。解决办法:

- 请不要修改 /etc/postfix/main.cf 里的设置。
- 对于这个客户,只需要将他的 HELO hostname 做个 whitelist 即可,在 /etc/postfix/helo_access.pcre 的文件靠前的位置加入:

/^bmcmse\.benqmaterials\.com$/ OK

由于 main.cf 里的 “check_helo_access pcre:/etc/postfix/helo_access.pcre” 规则排在 reject_non_fqdn_helo_hostname 和 reject_unknown_helo_hostname 前面,因此返回 OK 后会跳过后面的规则。

- 如果可能,最好能通知对方的邮件服务器管理员在 DNS 里添加一个 HELO hostname 的 A 记录做解析。这样对他最好。