Linux – Postfix: Helo command rejected: Host not found

emailemail-serverlinuxpostfix

i have a Postfix 2.9.6 running on Ubuntu with the following configuration https://gist.github.com/anonymous/400fb4afa05e18c6da2b and i'm suffering the following issue where a valid client tries to send an email to itself. Most of my clients does not have a valid FQDN as hostname but as i understand that's not a problem because of permit_sasl_authenticated but i don't know why the following process ends up like this:

Out: 220 mail.isp.es ESMTP Postfix
 In:  EHLO NoFQDN-Host
 Out: 250-mail.isp.es
 Out: 250-PIPELINING
 Out: 250-SIZE 10240000
 Out: 250-ETRN
 Out: 250-STARTTLS
 Out: 250-AUTH PLAIN LOGIN CRAM-MD5 DIGEST-MD5
 Out: 250-ENHANCEDSTATUSCODES
 Out: 250-8BITMIME
 Out: 250 DSN
 In:  MAIL FROM: <user2@domain.com>
 Out: 250 2.1.0 Ok
 In:  RCPT TO: <user2@domain.com>
 Out: 450 4.7.1 : Helo command rejected: Host not found

Session aborted, reason: lost connection

For other details, see the local mail logfile

The following are my restrictions:

smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client dnsbl.njabl.org
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_end_of_data_restrictions =
smtpd_etrn_restrictions =
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit
smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_pipelining, permit_mynetworks, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, warn_if_reject reject_unknown_helo_hostname, permit
smtpd_restriction_classes =
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit

Does anyone knows why that client is not able to send an email while others does?

Best Answer

The important configuration part
https://gist.github.com/anonymous/7168b1810d6f7bbea7e7

smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, reject_unknown_helo_hostname, permit_sasl_authenticated, permit

Suggested Fix
In smtpd_recipient_restrictions put reject_unknown_helo_hostname after permit_sasl_authenticated.