Postfix/smtpd: Client host rejected: cannot find your hostname

email domain-name-system smtp postfix

29,517

You've set your server to reject invalid and unknown hostnames used in HELO.

smtpd_helo_restrictions = permit_mynetworks,
    reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname,
    reject_unknown_helo_hostname, permit

(Also that line there is ending with permit; you're missing some part of the configuration.)

If you want to be able to send email from clients that don't issue a proper HELO with a valid hostname, then remove reject_invalid_helo_hostname and reject_unknown_helo_hostname.

29,517

Nicolas C

Updated on September 18, 2022

Comments

Nicolas C over 1 year
I'm trying to set-up a mail server, using postfix and dovecot. Everything works fine, and I can connect in IMAP using Mozilla Thunderbird. But when I'm trying to send emails using the smtp server, I run into the following cannot find your hostname error from the logs, and the sending the mail fails:
```
mail postfix/smtpd[15822]: NOQUEUE: reject: RCPT from unknown[xxx.xxx.xxx.xxx]: 550 5.7.1 Client host rejected: cannot find your hostname, [xxx.xxx.xxx.xxx]; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<[192.168.10.47]>
```
xxx.xxx.xxx.xxx is the IP address of the client (not the server). I've google around a little for cannot find your hostname error, and it seems to be related to the PTR DNS record. But the PTR DNS record of my server seems correctly configured:

Here is the result of dig -x yyy.yyy.yyy.yyy, where yyy.yyy.yyy.yyy is the IP address of my server:
```
;; QUESTION SECTION:
;yyy.yyy.yyy.yyy.in-addr.arpa.       IN      PTR

;; ANSWER SECTION:
yyy.yyy.yyy.yyy.in-addr.arpa. 86400  IN      PTR     mail.domain.com.
```
In my /etc/postfix/main.cf, I've the following lines about the smtp restrictions:
```
## Customized smtpd paramters
smtpd_banner = $myhostname ESMTP
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,
    reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname,
    reject_unknown_helo_hostname, permit
smtpd_recipient_restrictions = reject_unknown_client_hostname,
    reject_unknown_sender_domain, reject_unknown_recipient_domain,
    reject_unauth_pipelining, permit_mynetworks,
    permit_sasl_authenticated, reject_unauth_destination,
    reject_invalid_hostname, reject_non_fqdn_sender
smtpd_sender_restrictions = reject_unknown_sender_domain,
    reject_sender_login_mismatch
smtpd_sender_login_maps = $virtual_mailbox_maps
```
And in my /etc/postfix/master.cf, I've only the default, without any restrictions:
```
smtp      inet  n       -       -       -       -       smtpd
```
I can also add that I'm using sasl authentification with a not self-signed certificate, and that my server is a Debian Wheezy, but I don't think it's relevant to my problem.

Any clues on how to fix my problem, or where to look?
- Jenny D about 10 years
  
  What is myhostname set to in your config?
- Nicolas C about 10 years
  
  myhostname is set to ```mail.mydomain.com````.
Nicolas C about 10 years

Does it means that my client (Mozilla Thunderbird) is not sending a correctly formatted message ? And/or that my ISP doesn't correctly set the hostname? I put these two restrictions because I didn't want my smtp server to be considered as a spam server by the DNS Blackhole List
Jenny D about 10 years

Neither. It means that your client is not using a proper hostname in its HELO command. The HELO restrictins are about the email you receive, not the ones you send. It seems to me that you are only allowing your own networks to send email; this should be enough not to be considered a spam source. Go back and read the postfix documentation again, starting with postfix.org/BASIC_CONFIGURATION_README.html - you have misunderstood some basic concepts here.