Configure Postfix to allow a non fully-qualified hostname to send email

Similar Messages

• "need fully-qualified hostname" error

  Can someone please help me with a basic problem with setting up the mail server, I can't seem to get to first base. The following is a Terminal session using telnet to do some basic testing (with personal info substituted for generic names) -
  ==============================
  mbp-5:~ Tony$ telnet mailserver.mydomain 25
  Trying 82.7.140.46...
  Connected to mailserver.mydomain.
  Escape character is '^]'.
  220 mailserver.mydomain ESMTP Postfix
  helo me
  250 mailserver.mydomain
  Mail from:myaddress@somedomain
  250 2.1.0 Ok
  Rcpt to:[email protected]
  504 5.5.2 <me>: Helo command rejected: need fully-qualified hostname
  =============================================
  In my Server Admin/Mail/General settings I have the host name set to mailserver.mydomain
  Can anyone give me a pointer please

  Thanks for that info.
  However, is the FQDN mailserver.example.com or example.com ?
  Hey guys - old thread, but was poking about and came across this.  I'll assume you've fix this, but the reason for the behavior (in case others find this) is that Postfix's default configuration requires a FQHN at HELO.  This helps with spam and reverse DNS.  If you want to turn this behavior off, then change this line in main.cf from:
  [smtpd_helo_restrictions = reject_non_fqdn_helo_hostname reject_invalid_helo_hostname]
  To:
  [smtpd_helo_restrictions = reject_invalid_helo_hostname]
  Personally, I do NOT like changing this.  However, mail clients on Windows (Outlook, OE and maybe others) pull the hostname off the TCP/IP stack.  So if your machine is named FOO, even if you have a domain suffix of "bar.com" which is forced, or if you force it in the "Computer Name" tab with the "More" button, Win7 will only send FOO to Outlook or OE which is sloppy.  RFC1123 states you MUST send FQHN, but MSFT doesn't allways care about RFC.  And actually, it is a lack of communication between OS and Apps.
  Many people have asked how to force Outlook to send the FQHN.  This is a misnomer as it is the OS that sends it.  Regardless, once can force the hostname by editing the registry.  Note this regards the TCP/IP parameters only.  These two values can be changed:
  In [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\services\Tcpip\Parameters]
  For the [Hostname] value, you would change [FOO] to [foo.bar.com]
  Likewise for the [NV Hostname] value, you would change [FOO] to [foo.bar.com]
  If you have many systems, you could always write a .reg file to do it for you.
  In this way, you can leave your server more secure and provide functionality to your Windows clients.
  Hope this helps.
  t

• Error: Helo command rejected: need fully-qualified hostname

  Im trying to setup a SL Server as mail server for internal and external use (company.lan and company.net).
  When I try to send to the internal (company.lan) I get the following error:
  Helo command rejected: need fully-qualified hostname.
  Here is my postconf -n output
  I guess the error is in the line with the bold letters. How can I change it and should I?
  Thanks
  Kostas
  Last login: Mon Nov 16 23:42:18 on console
  server:~ admin$ postconf -n
  biff = no
  command_directory = /usr/sbin
  config_directory = /etc/postfix
  content_filter = smtp-amavis:[127.0.0.1]:10024
  daemon_directory = /usr/libexec/postfix
  debugpeerlevel = 2
  enableserveroptions = yes
  header_checks = pcre:/etc/postfix/customheaderchecks
  html_directory = /usr/share/doc/postfix/html
  inet_interfaces = all
  mail_owner = _postfix
  mailboxsizelimit = 0
  mailbox_transport = dovecot
  mailq_path = /usr/bin/mailq
  manpage_directory = /usr/share/man
  messagesizelimit = 10485760
  mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
  mydomain = COMPANY.lan
  mydomain_fallback = localhost
  myhostname = server.COMPANY.lan
  mynetworks = 127.0.0.0/8,192.168.16.0
  newaliases_path = /usr/bin/newaliases
  queue_directory = /private/var/spool/postfix
  readme_directory = /usr/share/doc/postfix
  recipient_delimiter = +
  relayhost =
  sample_directory = /usr/share/doc/postfix/examples
  sendmail_path = /usr/sbin/sendmail
  setgid_group = _postdrop
  smtpdclientrestrictions = permit_mynetworks permitsaslauthenticated permit
  smtpdenforcetls = no
  smtpdhelorequired = yes
  *smtpdhelorestrictions = rejectinvalid_helohostname rejectnon_fqdn_helohostname*
  smtpdpw_server_securityoptions = cram-md5
  smtpdrecipientrestrictions = permitsaslauthenticated permit_mynetworks rejectunauthdestination checkpolicyservice unix:private/policy permit
  smtpdsasl_authenable = yes
  smtpdtlsCAfile = /etc/certificates/server.COMPANY.lan.57680B96FCEC7F50F59A01D8F7DC4E841B2DB453.c hain.pem
  smtpdtls_certfile = /etc/certificates/server.COMPANY.lan.57680B96FCEC7F50F59A01D8F7DC4E841B2DB453.c ert.pem
  smtpdtls_excludeciphers = SSLv2, aNULL, ADH, eNULL
  smtpdtls_keyfile = /etc/certificates/server.COMPANY.lan.57680B96FCEC7F50F59A01D8F7DC4E841B2DB453.k ey.pem
  smtpduse_pwserver = yes
  smtpdusetls = yes
  unknownlocal_recipient_rejectcode = 550
  virtualaliasdomains = $virtualaliasmaps hash:/etc/postfix/virtual_domains
  virtualaliasmaps = hash:/etc/postfix/virtual_users
  server:~ admin$

  Παρακαλώ (you are welcome) Kostas,
  If mail is for internal use only, you can keep the .lan address as long as you authenticate to send.
  If you need to send to external addresses, then make sure you use a valid e-mail address or your mails will be rejected by other mail servers.
  HTH,
  Alex

• Fail to install 9iAS9.0.2-a fully qualified hostname has not be specified

  hello
  in order to study oracle9iAS,i download the 9iAS9.0.2 from your website,but at the first disk installation,it tell me:
  "installation has detected that a fully qualified hostname has not be specified for this host,oracle9i Application server installation need a default domain name to be specified..........................."
  and my host file under "C:\WINNT\system32\drivers\etc" is as following:
  # Copyright (c) 1993-1999 Microsoft Corp.
  # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
  # This file contains the mappings of IP addresses to host names. Each
  # entry should be kept on an individual line. The IP address should
  # be placed in the first column followed by the corresponding host name.
  # The IP address and the host name should be separated by at least one
  # space.
  # Additionally, comments (such as these) may be inserted on individual
  # lines or following the machine name denoted by a '#' symbol.
  # For example:
  # 102.54.94.97 rhino.acme.com # source server
  # 38.25.63.10 x.acme.com # x client host
  127.0.0.1 localhost
  who can help me to solve the problem?
  thank you

  You should enter another ip-address like
  199.999.99.0 hostename.domain
  127.0.0.1 localhost
  If you don't intend to publish the website outside your own domain you can use a localdomain If you do want to be able to see the website from outside then you will need a fully qualified internet adress like web.oracle.com.
  Try a ping from a commandbox (start > run > cmd) and you can see what adress your machine has now.
  If you have windows 2000 SP 3 operating system don't even begin trying to install Portal
  Oracle Portal is not working op service pack 3.
  Regards
  Arnoud
  Senior Oracle Internet Consultant
  http://www.thedoc.nl

• Relay Access denied /fully-qualified hostname

  hello guys,
  I have made an application that sends emails (with attachments) to different users. It works fine when I use an email account (smtp server) from my network but not otherwise.... For example if i use it from my university then uni's smtp server must be used. But when i run it from my job, my uni's server does not work (vice versa).
  I get the following exceptions:
  Thu Feb 05 12:46:40 CET 2004
  ERROR MESSAGE: javax.mail.SendFailedException: Sending failed;
  nested exception is:
       class javax.mail.SendFailedException: Invalid Addresses;
  nested exception is:
       class javax.mail.SendFailedException: 554 <[email protected]>: Recipient address rejected: Relay access denied
       at javax.mail.Transport.send0(Transport.java:218)
       at javax.mail.Transport.send(Transport.java:80)
       at MailUtil.testOutgoingSmtp(Main.java:692)
       at EmailConfigDialog.testBtActionPerformed(Main.java:1578)....
  Thu Feb 05 12:30:58 CET 2004
  ERROR MESSAGE: javax.mail.SendFailedException: Sending failed;
  nested exception is:
       class javax.mail.SendFailedException: Invalid Addresses;
  nested exception is:
       class javax.mail.SendFailedException: 504 <cube>: Helo command rejected: need fully-qualified hostname
       at javax.mail.Transport.send0(Transport.java:218)
       at javax.mail.Transport.send(Transport.java:80)
       at MailUtil.testOutgoingSmtp(Main.java:692)
       at EmailConfigDialog.testBtActionPerformed(Main.java:1578)
  my hostname is cube. Can someone please help? It is driving me crazy :::(.
  I am using windows xp
  cheers
  Awan

  Sorry, hit the post button before addressing the other problem. While your getting the DNS problem solved find the guy that is administering the SMTP server and tell him it is not relaying messages for you. He'll probably want to know the address so bring the stack trace with you and show him the 500 series error.

• Fully Qualified Hostname problem with 9iAS install on WinNT

  I am working within a corporate lan and installing 9ias to a Windows NT Sp 6 PC. I am using a fixed ip address and a fixed dns server. Although in the tcp/ip properties, dns tab I specify the hostname (shashi_build) and the domain (optus.com.au) and have an entry in the hosts and lmhosts files (192.168.218.238 shashi_build.optus.com.au shashi_build), the installer keeps coming up with an error message saying:
  "Installation has detected that a fully qualified hostname has not been specified for this host. Oracle 91AS installation requires a default domain name to be specified for each host where it is installed. Please consult your operating system instructions for detials on assigning a default domain name. If you are not using a DNS server, then the file c:\winnt\system32\drivers\etc\hosts must also include a line of the the form:
  <IP_ADDRESS> <FULLY_QUALIFIED_HOSTNAME< <ALIASES>
  After making these changes, please reboot the host and restart the install."
  Unquote.
  The use dns for name resolution box is checked on the wins tab. Use lmhosts is checked too.
  I even tried using DHCP, but to no effect.
  I have ensured that the temp directory has sufficient space, page file is a minimum 1024 mb etc.
  Can someone please help urgently? Thanks in anticipation.

  This is a big deal. Please search the forum for "fully qualified host name" or "fully qualified domain name." You must get this right at install because you cannot make any changes later.
  I made several posts relating to this issue in detail ca. Jan. 2003.
  Mike

• [svn:bz-trunk] 14749: Change tests to use fully qualified hostname of flexteam.corp.adobe. com as flexteam was not resolving on all regression boxes.

  Revision: 14749
  Revision: 14749
  Author:   [email protected]
  Date:     2010-03-14 05:43:14 -0700 (Sun, 14 Mar 2010)
  Log Message:
  Change tests to use fully qualified hostname of flexteam.corp.adobe.com as flexteam was not resolving on all regression boxes.
  Modified Paths:
      blazeds/trunk/qa/apps/qa-regress/testsuites/mxunit/tests/proxyService/202863/bug202863Doc Lit.mxml
      blazeds/trunk/qa/apps/qa-regress/testsuites/mxunit/tests/proxyService/202863/bug202863Rpc Enc.mxml

• Helo command rejected: need fully-qualified hostname

  Hi,
  I am using iPlanet messaging server 5.2. My email is rejected by some mail servers with following reason:
  Helo command rejected: need fully-qualified hostname
  Could you please give me some sujjestions to fix this problem?
  Thanks in advance!
  Francis

  Without knowing what os you're on, I'll assume solaris . .
  You can address your helo/ehlo greeting two ways:
  1. Fix your /etc/hosts so that the fqdn comes before your nickname
  xx.xx.xx.xx hostname.domain hostname
  or
  2. Add the fqdn to the daemon line in the imta.cnf file:
  ! tcp_local
  tcp_local smtp mx single_sys remotehost inner \ switchchannel identnonelimited subdirs 20\
  maxjobs 20 pool SMTP_POOL maytlsserver\ maysaslserver saslswitchchannel tcp_auth\
  threaddepth 64 dequeue_removeroute
  tcp-daemon HOSTNAME.YOUR_DOMAIN

• 504 5.5.2 windows : Helo command rejected: need fully-qualified hostname

  Hello2all!
  Just try to send e-mail from PC client running Outlook 2003 clien, and can't, the returning message is *504 5.5.2 <windows>: Helo command rejected: need fully-qualified hostname*
  From other e-mail client e-mail's sending and recieving very well, but Outlook 2003 return this message.
  Anybody has idea?

  I am so sorry, found great answer from Apple.
  May be someone will be interested.
  http://support.apple.com/kb/TS3023

• Non fully qualified class names in parameter list

  Hi Folks,
  When I generate my documentation the fully qualified class names (for each parameter) appear in the parameter list for methods. In looking at the documentation on this site, a hyperlink to the class using the only the class name appears. Can anyone provide thoughts on how this is achieved? Thanks.

  The -link and -linkoffline options enable the documents to link to other API documentation
  generated in separate runs of javadoc. Linkoffline is usually the one you want.
  http://java.sun.com/j2se/1.4/docs/tooldocs/win32/javadoc.html#linkoffline
  With 1.4.0, you can also choose to omit the package name even if -link or -linkoffline
  is not used by using -noqualifier.
  -Doug Kramer
  Javadoc team

• How can I configure radius to allow a non-windows device to authenticate with a certificate?

  I currently have a 2008r2 server with NPS acting as a radius server for our wireless network.  The existing rules are setup to allow access based on windows group membership.  I need to get a wireless jetdirect connected to the wifi network.  
  If I create a certificate for this device with key usage settings for client auth / server auth, can it authenticate to radius with that cert?  
  How would I set up a NPS policy to allow this device, since it's not a domain member and not a member of the windows groups?

  Hi there -
  I asked the NPS team about this, and following is their response:
  Yes, it’s possible but it’s a very manual process.  I will give you the easy steps then the hard ones.
  Easy(relative):
   Using a domain joined machine, request a certificate from a template that allows the private key to be exported.
  Export the cert with the private key
  Import on all workstations/devices that require it.
  Pros:
  Relatively easy to create the cert and manage the account
  Cons:
  Single certificate used on multiple machines
  Certificate does not accurately reflect the name of the device
  Hard:
  Create an account in AD
  Issue a certificate from a template that allows the private key to be exported
  Using name mappings, attach the certificate to the account
  Create an SPN that matches the SAN on the certificate..i.e. if the SAN is computer.domain.com, you need to create a SPN on the account host/computer.domain.com
  Install certificate on to target workstation/device
  Pros:
  Relatively, more secure than previous steps as you create a single account/certificate pair per device
  Cons:
  Not very manageable
  Thanks -
  James McIllece

• Server error: '504 5.5.2 LITBSL2 : Helo command rejected: need fully-qualified hostname'

  Clearly I've messed up my DNS.
  Non of my Windows clients using Outlook can send mail, though they can all receive mail.
  what am i missing?
  tks,

  I am so sorry, found great answer from Apple.
  May be someone will be interested.
  http://support.apple.com/kb/TS3023

• Old operating systems allowed you to click on recipients when sending emails without adding a comma after each address. Now with the new and improved system, I have to stop and add a comma after each name. How can I avoid this?

  With the new OSX system, whenever I send an email with multiple recipients, I need to physically add a comma after each address. I never needed to do that with all the other older systems, it was done automatically. How can I fix this frustrating glitch?

  option discovered in preferences. Really this and any feature that moves deletes or edits a users data should as far as possible be OFF BY DEFAULT. It shouldn't by default and without the users specific say do this dangerous and unnecessary thing without even letting the user know what it's doing!!! And then cause me a few hours (as i'm new to mac) searching for the option so as to switch it off. If i hadn't noticed the status cage declaring that it was copying files then i might never have twigged that this insane thing was occurring. And if i hadn't of noticed i would have been left maintaining the contents of the folder i copied the files to, the folder which as far as i was informed and so believed was also the location of the music files i was playing. How does Apple justify this 'genius' piece of software non-design? Surely it will hurt no one if this was off by default for new users - overall at least i dare say it would cause a lot less distress in the future for the unsuspecting public at large. Thanks for the support.

• Configuring postfix on Mountain Lion Server

  I'm trying to upgrade from Snow Leopard Server to Mountain Lion Server and did an install of Mountain Lion Server on top of a working instance of Snow Leopard Server.  The "crippled" GUI on Mountain Lion Server is forcing me into using terminal to configure Postfix to handle incoming email.
  I would like to configure Postfix to only accept email that is forwarded from a gmail business account.  The public email address is [email protected] which is received by Google Mail, goes through their spam filters and then is auto-forwarded to  [email protected]
  The server WAN domain is nonpublic.com  The ip address is 96.231.165.126
  The server LAN is nonpublic.local  The ip address is 10.6.18.201
  The server is a MacMini running Mountain Lion Server 10.6.8 hostname server so the FQDN is server.public.com.
  The network on the MacMini is configured to handle both LAN and WAN traffic through the 1GB physical ethernet port which plugs into a CISCO 3750 switch.  The external traffic to the WAN flows through the switch as tagged packets.  The LAN traffic is not tagged.  The VLAN connection is running 802.1q
  When an email is sent through the WAN to [email protected] the Postfix SMTP log shows:
  Jun  7 19:29:22 server.public.com postfix/smtpd[42181]: connect from cisco.public.com[96.231.165.123]
  Jun  7 19:29:22 server.public.com postfix/smtpd[42181]: disconnect from cisco.public.com[96.231.165.123]
  I can send emails from a client on the LAN through this server with no problems.  The incoming mail server can connect to the machine via the Cisco router/switch but Postfix just shows "cisco" as the connection (that's the router's DNS name) and provides no more info.  I suspect Postfix possibly doesn't like the 802.1q connection and drops the SMTP request to connect on port 25.
  I have turned on "debug" logging in Postfix, but that is all that appears in the SMTP log file
  I've spent most of the week reading through everything I can find on how to install and configure postfix on Mountain Lion Server and work around the cripled GUI in the "server" application.  I'm barely OK using Terminal and not familiar at all with configuring Postfix directling editing the config file.
  What is the best approach to configure Postfix to allow SMTP connections from the outside to deliver incoming email that is forwarded from gmail.com?
  I did find an "aliases" file in /etc/postfix/aliases but I'm not sure how to add the aliases and if adding aliases with a text editor is going to cause the "server" app problems and if the changes will be lost when the machine is restarted.
  Any help would be appreciated.

  MrHoffman, thank you for your response to my challenge to get the new test server working.  This is a migration from Snow Leopard Server to Mountain Lion Server.
  Here is the "checkhostname" test results:
  blue:~ admin$ sudo changeip -checkhostname
  Password:
  Primary address     = 96.231.165.211
  Current HostName    = blue.pderby.com
  DNS HostName        = blue.pderby.com
  The names match. There is nothing to change.
  dirserv:success = "success"
  blue:~ admin$
  Here is the response from postconf -n
  blue:~ admin$ postconf -n
  biff = no
  command_directory = /usr/sbin
  config_directory = /etc/postfix
  daemon_directory = /usr/libexec/postfix
  data_directory = /var/lib/postfix
  debug_peer_level = 2
  debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5
  dovecot_destination_recipient_limit = 1
  html_directory = /usr/share/doc/postfix/html
  imap_submit_cred_file = /Library/Server/Mail/Config/postfix/submit.cred
  inet_interfaces = loopback-only
  inet_protocols = all
  mail_owner = _postfix
  mailbox_size_limit = 0
  mailq_path = /usr/bin/mailq
  manpage_directory = /usr/share/man
  message_size_limit = 10485760
  mydomain_fallback = localhost
  newaliases_path = /usr/bin/newaliases
  queue_directory = /Library/Server/Mail/Data/spool
  readme_directory = /usr/share/doc/postfix
  recipient_delimiter = +
  sample_directory = /usr/share/doc/postfix/examples
  sendmail_path = /usr/sbin/sendmail
  setgid_group = _postdrop
  smtpd_tls_ciphers = medium
  smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL
  tls_random_source = dev:/dev/urandom
  unknown_local_recipient_reject_code = 550
  use_sacl_cache = yes
  blue:~ admin$
  I agree that I should change the LAN domain from .local to something like .internal or whatever.   I've been running with .local for 5 years  on snow leopard server and never had any problems so that was a low priority.
  I hope I'm just not seeing some obvious setting in main.cf

• Oracle 9i Application server installation problem(MSG:Fully qualified domain name)

  I have installed Oracle 9i database.Now downloaded application server 9iAs,when i am installing I have got this error message(J2ee and web cache)
  Message begin
  Installation has detected that a fully qualified hostname has not been specified for this host.Oracle 9i application server requires a default domain name to be specified for each host where it is installed .Please consult your OS instructions for details on assigning a default domain name If u are not using DNS server then the file d:\windows\system32\drivers\etc hostsmust also include a line of a form
  <IP_ADDRESS><FULLY_QUALIFIED_HOST_NAME><ALIESES>
  Message End
  Could some one suggest the procedure to follow.
  Pl ,mailme to [email protected]
  I appriciate your help
  Tahnq
  Ravi

  Search this forum for answers and discussions.
  Basically, your machine will need a "fully qualified hostname" e.g. myhostname.mydomain.com, only myhostname is not enough.
  Also, AS does not allow the IP to change after install e.g. no DHCP (dynamically allocated IP) allowed!
  Hth,
  Fredrik