Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Administrators
Reload this Page reject_non_fqdn_hostname

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
Page 1 of 2 1 2
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 10-07-2010, 09:49 AM
Special Member
  
Posts: 136
Default reject_non_fqdn_hostname
I'm dealing with the following error and it leads me to a question...

Oct 7 01:09:23 z1 postfix/smtpd[16656]: NOQUEUE: reject: RCPT from S010600173fbe827d.ek.shawcable.net[24.66.18.126]: 504 5.5.2 <Kays>: Helo command rejected: need fully-qualified hostname; from=<kristen@domainname.ext> to=<pete@domainname.ext> proto=ESMTP helo=<Kays>

From what I see on the forums I disable reject_non_fqdn_hostname in the MTA section of the zimbra administrator. Fine that's a resolution, but my concern is that this error is coming up at all.

Having read the description of FQDN on wikipedia:
Fully qualified domain name - Wikipedia, the free encyclopedia
from what I can see S010600173fbe827d.ek.shawcable.net is a FQDN, has a valid reverse DNS lookup, and as such should not be triggering this error.

However, helo=<Kays> is likely where the issue is coming from since it's the helo that's being checked right? So why would Outlook be using "Kays" which I'm guessing is the computers network name rather than the FQDN? I would rather not have to disable reject_non_fqdn_hostname if it is actually a useful tool in reducing spam....

Here's something I just read that makes this sound like a Zimbra/Postfix problem:

Quote:
the addresses used in EHLO/HELO are supposed to be added by the SMTP server and outlook only adds if it the server does not.
Last edited by rotorboy; 10-07-2010 at 10:39 AM.. Reason: New Information....
Reply With Quote
  #2 (permalink)  
Old 10-12-2010, 08:43 AM
Special Member
  
Posts: 136
Default reject_non_fqdn_hostname
Has anyone else been having problems with the FQDN requirement issue?
Reply With Quote
  #3 (permalink)  
Old 10-12-2010, 07:45 PM
Elite Member
  
Posts: 338
Default
Let's uncheck these options:
- Reject_unknow_client
- reject_unknow_hostname
After that, please do:
- with zimbra, type:
postfix reload.
Reply With Quote
  #4 (permalink)  
Old 10-13-2010, 04:57 AM
Intermediate Member
  
Posts: 23
Default
Quote:
Oct 7 01:09:23 z1 postfix/smtpd[16656]: NOQUEUE: reject: RCPT from S010600173fbe827d.ek.shawcable.net[24.66.18.126]: 504 5.5.2 <Kays>: Helo command rejected: need fully-qualified hostname; from=<kristen@domainname.ext> to=<pete@domainname.ext> proto=ESMTP helo=<Kays>
That's OK. You don't want mail from senders that do not use an FQDN in the helo/ehlo, as they are most likely spammers, or, in rare cases, admins who don't know how to configure their servers correctly.

So in my postfix installations I use this check very early: "Don't talk to someone who doesn't want to tell his correct name.".

In general, I use:

# everyone
reject_non_fqdn_sender
reject_non_fqdn_recipient
reject_unknown_sender_domain
reject_unknown_recipient_domain
# ourselves
permit_mynetworks
permit_sasl_authenticated
# from here on strangers
check_helo_access hash:/etc/postfix/tables/check_helo_access
reject_invalid_helo_hostname
reject_non_fqdn_helo_hostname
reject_unlisted_recipient
reject_unauth_pipelining
[...]
Last edited by Alphaphi; 10-13-2010 at 05:25 AM..
Reply With Quote
  #5 (permalink)  
Old 10-13-2010, 01:24 PM
Advanced Member
  
Posts: 178
Default
Its definitely the HELO/EHLO that is the issue, as Alphaphi stated:

Oct 7 01:09:23 z1 postfix/smtpd[16656]: NOQUEUE: reject: RCPT from S010600173fbe827d.ek.shawcable.net[24.66.18.126]: 504 5.5.2 <Kays>: Helo command rejected: need fully-qualified hostname; from=<kristen@domainname.ext> to=<pete@domainname.ext> proto=ESMTP helo=<Kays>

It is either a spammer, or misconfigured. If this is someone you want to be receiving mail from, advise them to have their FQDN set correctly for their MTA. There are occasionally vendors that my college does business with who have this screwed up. Its not something you want to worry about changing on your end or whitelisting.
__________________
---
Paul Chauvet
State University of New York at New Paltz
Reply With Quote
  #6 (permalink)  
Old 10-13-2010, 03:10 PM
Special Member
  
Posts: 136
Default
Thanks for the replies.

Quote:
helo=<Kays>
This is generated by an authenticated (via email username/password) system user using Outlook 2003.
They are a client of our Zimbra server. From what I'm reading, Zimbra should recognize authenticated users and either replace the helo with something appropriate or not apply the "reject_non_fqdn_hostname" check to authenticated senders....
Reply With Quote
  #7 (permalink)  
Old 10-14-2010, 12:08 AM
Zimbra Consultant & Moderator
  
Posts: 20,313
Default
Quote:
Originally Posted by rotorboy View Post
This is generated by an authenticated (via email username/password) system user using Outlook 2003.
They are a client of our Zimbra server. From what I'm reading, Zimbra should recognize authenticated users and either replace the helo with something appropriate or not apply the "reject_non_fqdn_hostname" check to authenticated senders....
Your authenticated users should use the correct submission port which is 587 and not use port 25 for sending email. Try changing the Outlook of user 'Kays' and see if that resolves the problem.
__________________
Regards


Bill
Reply With Quote
  #8 (permalink)  
Old 10-14-2010, 08:51 AM
Special Member
  
Posts: 136
Default
Hello Bill,

The ISP's here block port 25. The settings used are:

Outgoing SMTP server: mail.domainname.ext
"This server requires a secure connection (SSL)" or similar message should be checked.
"Use same login details as incoming mail server" -- Checked
SMTP Port: 465

Thanks....
Reply With Quote
  #9 (permalink)  
Old 10-14-2010, 08:53 AM
Zimbra Consultant & Moderator
  
Posts: 20,313
Default
Quote:
Originally Posted by rotorboy View Post
Hello Bill,

The ISP's here block port 25. The settings used are:

Outgoing SMTP server: mail.domainname.ext
"This server requires a secure connection (SSL)" or similar message should be checked.
"Use same login details as incoming mail server" -- Checked
SMTP Port: 465
Port 465 is still not the correct port, try 587 and see what happens with that.
__________________
Regards


Bill
Reply With Quote
  #10 (permalink)  
Old 10-14-2010, 09:16 AM
Special Member
  
Posts: 136
Default
I'll give it a try however we were following these instructions:

Mail client Configuration - Zimbra :: Wiki
Reply With Quote
Reply
Page 1 of 2 1 2

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.