Configure Postfix to allow a non fully-qualified hostname to send email
I have a Mushroom Networks Porcini box that sends notifications from email address bbna@bbna
When I set up the Porcini to send notifications to my email address using a Mac Mini running Snow Leopard Server the email session aborts:
macbookenet:~ pderby$ telnet red.pderby.com 25
Trying 208.37.99.226...
Connected to red.pderby.com.
Escape character is '^]'.
220 red.pderby.com ESMTP Postfix
HELO bbna
250 red.pderby.com
MAIL FROM:<bbna@bbna>
250 2.1.0 Ok
RCPT TO:<[email protected]>
504 5.5.2 <bbna>: Helo command rejected: need fully-qualified hostname
I would like to configure Postfix to accept mail from this MAIL FROM address as an exception, rejecting any other addresses that are not fully-qualified.
Is there a way to do that?
Thanks for any help!
Launch Terminal.app and buried in the usual postconf -n output for your host, you should find this line:
smtpd_helo_restrictions = reject_invalid_helo_hostname reject_non_fqdn_helo_hostname
If so, then edit it with the following two lines (that first line is one long line) to tweak that:
sudo postconf -e "smtpd_helo_restrictions = permit_mynetworks reject_invalid_helo_hostname reject_non_fqdn_helo_hostname"
sudo postfix reload
That will cause local hosts (from the mynetworks setting) to bypass the SMTP HELO check that's tripping your "underpowered" box here.
Similar Messages
-
"need fully-qualified hostname" error
Can someone please help me with a basic problem with setting up the mail server, I can't seem to get to first base. The following is a Terminal session using telnet to do some basic testing (with personal info substituted for generic names) -
==============================
mbp-5:~ Tony$ telnet mailserver.mydomain 25
Trying 82.7.140.46...
Connected to mailserver.mydomain.
Escape character is '^]'.
220 mailserver.mydomain ESMTP Postfix
helo me
250 mailserver.mydomain
Mail from:myaddress@somedomain
250 2.1.0 Ok
Rcpt to:[email protected]
504 5.5.2 <me>: Helo command rejected: need fully-qualified hostname
=============================================
In my Server Admin/Mail/General settings I have the host name set to mailserver.mydomain
Can anyone give me a pointer pleaseThanks for that info.
However, is the FQDN mailserver.example.com or example.com ?
Hey guys - old thread, but was poking about and came across this. I'll assume you've fix this, but the reason for the behavior (in case others find this) is that Postfix's default configuration requires a FQHN at HELO. This helps with spam and reverse DNS. If you want to turn this behavior off, then change this line in main.cf from:
[smtpd_helo_restrictions = reject_non_fqdn_helo_hostname reject_invalid_helo_hostname]
To:
[smtpd_helo_restrictions = reject_invalid_helo_hostname]
Personally, I do NOT like changing this. However, mail clients on Windows (Outlook, OE and maybe others) pull the hostname off the TCP/IP stack. So if your machine is named FOO, even if you have a domain suffix of "bar.com" which is forced, or if you force it in the "Computer Name" tab with the "More" button, Win7 will only send FOO to Outlook or OE which is sloppy. RFC1123 states you MUST send FQHN, but MSFT doesn't allways care about RFC. And actually, it is a lack of communication between OS and Apps.
Many people have asked how to force Outlook to send the FQHN. This is a misnomer as it is the OS that sends it. Regardless, once can force the hostname by editing the registry. Note this regards the TCP/IP parameters only. These two values can be changed:
In [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\services\Tcpip\Parameters]
For the [Hostname] value, you would change [FOO] to [foo.bar.com]
Likewise for the [NV Hostname] value, you would change [FOO] to [foo.bar.com]
If you have many systems, you could always write a .reg file to do it for you.
In this way, you can leave your server more secure and provide functionality to your Windows clients.
Hope this helps.
t -
Error: Helo command rejected: need fully-qualified hostname
Im trying to setup a SL Server as mail server for internal and external use (company.lan and company.net).
When I try to send to the internal (company.lan) I get the following error:
Helo command rejected: need fully-qualified hostname.
Here is my postconf -n output
I guess the error is in the line with the bold letters. How can I change it and should I?
Thanks
Kostas
Last login: Mon Nov 16 23:42:18 on console
server:~ admin$ postconf -n
biff = no
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debugpeerlevel = 2
enableserveroptions = yes
header_checks = pcre:/etc/postfix/customheaderchecks
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
mail_owner = _postfix
mailboxsizelimit = 0
mailbox_transport = dovecot
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
messagesizelimit = 10485760
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = COMPANY.lan
mydomain_fallback = localhost
myhostname = server.COMPANY.lan
mynetworks = 127.0.0.0/8,192.168.16.0
newaliases_path = /usr/bin/newaliases
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
relayhost =
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = _postdrop
smtpdclientrestrictions = permit_mynetworks permitsaslauthenticated permit
smtpdenforcetls = no
smtpdhelorequired = yes
*smtpdhelorestrictions = rejectinvalid_helohostname rejectnon_fqdn_helohostname*
smtpdpw_server_securityoptions = cram-md5
smtpdrecipientrestrictions = permitsaslauthenticated permit_mynetworks rejectunauthdestination checkpolicyservice unix:private/policy permit
smtpdsasl_authenable = yes
smtpdtlsCAfile = /etc/certificates/server.COMPANY.lan.57680B96FCEC7F50F59A01D8F7DC4E841B2DB453.c hain.pem
smtpdtls_certfile = /etc/certificates/server.COMPANY.lan.57680B96FCEC7F50F59A01D8F7DC4E841B2DB453.c ert.pem
smtpdtls_excludeciphers = SSLv2, aNULL, ADH, eNULL
smtpdtls_keyfile = /etc/certificates/server.COMPANY.lan.57680B96FCEC7F50F59A01D8F7DC4E841B2DB453.k ey.pem
smtpduse_pwserver = yes
smtpdusetls = yes
unknownlocal_recipient_rejectcode = 550
virtualaliasdomains = $virtualaliasmaps hash:/etc/postfix/virtual_domains
virtualaliasmaps = hash:/etc/postfix/virtual_users
server:~ admin$Παρακαλώ (you are welcome) Kostas,
If mail is for internal use only, you can keep the .lan address as long as you authenticate to send.
If you need to send to external addresses, then make sure you use a valid e-mail address or your mails will be rejected by other mail servers.
HTH,
Alex -
Fail to install 9iAS9.0.2-a fully qualified hostname has not be specified
hello
in order to study oracle9iAS,i download the 9iAS9.0.2 from your website,but at the first disk installation,it tell me:
"installation has detected that a fully qualified hostname has not be specified for this host,oracle9i Application server installation need a default domain name to be specified..........................."
and my host file under "C:\WINNT\system32\drivers\etc" is as following:
# Copyright (c) 1993-1999 Microsoft Corp.
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
# For example:
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
who can help me to solve the problem?
thank youYou should enter another ip-address like
199.999.99.0 hostename.domain
127.0.0.1 localhost
If you don't intend to publish the website outside your own domain you can use a localdomain If you do want to be able to see the website from outside then you will need a fully qualified internet adress like web.oracle.com.
Try a ping from a commandbox (start > run > cmd) and you can see what adress your machine has now.
If you have windows 2000 SP 3 operating system don't even begin trying to install Portal
Oracle Portal is not working op service pack 3.
Regards
Arnoud
Senior Oracle Internet Consultant
http://www.thedoc.nl -
Relay Access denied /fully-qualified hostname
hello guys,
I have made an application that sends emails (with attachments) to different users. It works fine when I use an email account (smtp server) from my network but not otherwise.... For example if i use it from my university then uni's smtp server must be used. But when i run it from my job, my uni's server does not work (vice versa).
I get the following exceptions:
Thu Feb 05 12:46:40 CET 2004
ERROR MESSAGE: javax.mail.SendFailedException: Sending failed;
nested exception is:
class javax.mail.SendFailedException: Invalid Addresses;
nested exception is:
class javax.mail.SendFailedException: 554 <[email protected]>: Recipient address rejected: Relay access denied
at javax.mail.Transport.send0(Transport.java:218)
at javax.mail.Transport.send(Transport.java:80)
at MailUtil.testOutgoingSmtp(Main.java:692)
at EmailConfigDialog.testBtActionPerformed(Main.java:1578)....
Thu Feb 05 12:30:58 CET 2004
ERROR MESSAGE: javax.mail.SendFailedException: Sending failed;
nested exception is:
class javax.mail.SendFailedException: Invalid Addresses;
nested exception is:
class javax.mail.SendFailedException: 504 <cube>: Helo command rejected: need fully-qualified hostname
at javax.mail.Transport.send0(Transport.java:218)
at javax.mail.Transport.send(Transport.java:80)
at MailUtil.testOutgoingSmtp(Main.java:692)
at EmailConfigDialog.testBtActionPerformed(Main.java:1578)
my hostname is cube. Can someone please help? It is driving me crazy :::(.
I am using windows xp
cheers
AwanSorry, hit the post button before addressing the other problem. While your getting the DNS problem solved find the guy that is administering the SMTP server and tell him it is not relaying messages for you. He'll probably want to know the address so bring the stack trace with you and show him the 500 series error.
-
Fully Qualified Hostname problem with 9iAS install on WinNT
I am working within a corporate lan and installing 9ias to a Windows NT Sp 6 PC. I am using a fixed ip address and a fixed dns server. Although in the tcp/ip properties, dns tab I specify the hostname (shashi_build) and the domain (optus.com.au) and have an entry in the hosts and lmhosts files (192.168.218.238 shashi_build.optus.com.au shashi_build), the installer keeps coming up with an error message saying:
"Installation has detected that a fully qualified hostname has not been specified for this host. Oracle 91AS installation requires a default domain name to be specified for each host where it is installed. Please consult your operating system instructions for detials on assigning a default domain name. If you are not using a DNS server, then the file c:\winnt\system32\drivers\etc\hosts must also include a line of the the form:
<IP_ADDRESS> <FULLY_QUALIFIED_HOSTNAME< <ALIASES>
After making these changes, please reboot the host and restart the install."
Unquote.
The use dns for name resolution box is checked on the wins tab. Use lmhosts is checked too.
I even tried using DHCP, but to no effect.
I have ensured that the temp directory has sufficient space, page file is a minimum 1024 mb etc.
Can someone please help urgently? Thanks in anticipation.This is a big deal. Please search the forum for "fully qualified host name" or "fully qualified domain name." You must get this right at install because you cannot make any changes later.
I made several posts relating to this issue in detail ca. Jan. 2003.
Mike -
Revision: 14749
Revision: 14749
Author: [email protected]
Date: 2010-03-14 05:43:14 -0700 (Sun, 14 Mar 2010)
Log Message:
Change tests to use fully qualified hostname of flexteam.corp.adobe.com as flexteam was not resolving on all regression boxes.
Modified Paths:
blazeds/trunk/qa/apps/qa-regress/testsuites/mxunit/tests/proxyService/202863/bug202863Doc Lit.mxml
blazeds/trunk/qa/apps/qa-regress/testsuites/mxunit/tests/proxyService/202863/bug202863Rpc Enc.mxml -
Helo command rejected: need fully-qualified hostname
Hi,
I am using iPlanet messaging server 5.2. My email is rejected by some mail servers with following reason:
Helo command rejected: need fully-qualified hostname
Could you please give me some sujjestions to fix this problem?
Thanks in advance!
FrancisWithout knowing what os you're on, I'll assume solaris . .
You can address your helo/ehlo greeting two ways:
1. Fix your /etc/hosts so that the fqdn comes before your nickname
xx.xx.xx.xx hostname.domain hostname
or
2. Add the fqdn to the daemon line in the imta.cnf file:
! tcp_local
tcp_local smtp mx single_sys remotehost inner \ switchchannel identnonelimited subdirs 20\
maxjobs 20 pool SMTP_POOL maytlsserver\ maysaslserver saslswitchchannel tcp_auth\
threaddepth 64 dequeue_removeroute
tcp-daemon HOSTNAME.YOUR_DOMAIN -
504 5.5.2 windows : Helo command rejected: need fully-qualified hostname
Hello2all!
Just try to send e-mail from PC client running Outlook 2003 clien, and can't, the returning message is *504 5.5.2 <windows>: Helo command rejected: need fully-qualified hostname*
From other e-mail client e-mail's sending and recieving very well, but Outlook 2003 return this message.
Anybody has idea?I am so sorry, found great answer from Apple.
May be someone will be interested.
http://support.apple.com/kb/TS3023 -
Non fully qualified class names in parameter list
Hi Folks,
When I generate my documentation the fully qualified class names (for each parameter) appear in the parameter list for methods. In looking at the documentation on this site, a hyperlink to the class using the only the class name appears. Can anyone provide thoughts on how this is achieved? Thanks.The -link and -linkoffline options enable the documents to link to other API documentation
generated in separate runs of javadoc. Linkoffline is usually the one you want.
http://java.sun.com/j2se/1.4/docs/tooldocs/win32/javadoc.html#linkoffline
With 1.4.0, you can also choose to omit the package name even if -link or -linkoffline
is not used by using -noqualifier.
-Doug Kramer
Javadoc team -
How can I configure radius to allow a non-windows device to authenticate with a certificate?
I currently have a 2008r2 server with NPS acting as a radius server for our wireless network. The existing rules are setup to allow access based on windows group membership. I need to get a wireless jetdirect connected to the wifi network.
If I create a certificate for this device with key usage settings for client auth / server auth, can it authenticate to radius with that cert?
How would I set up a NPS policy to allow this device, since it's not a domain member and not a member of the windows groups?Hi there -
I asked the NPS team about this, and following is their response:
Yes, it’s possible but it’s a very manual process. I will give you the easy steps then the hard ones.
Easy(relative):
Using a domain joined machine, request a certificate from a template that allows the private key to be exported.
Export the cert with the private key
Import on all workstations/devices that require it.
Pros:
Relatively easy to create the cert and manage the account
Cons:
Single certificate used on multiple machines
Certificate does not accurately reflect the name of the device
Hard:
Create an account in AD
Issue a certificate from a template that allows the private key to be exported
Using name mappings, attach the certificate to the account
Create an SPN that matches the SAN on the certificate..i.e. if the SAN is computer.domain.com, you need to create a SPN on the account host/computer.domain.com
Install certificate on to target workstation/device
Pros:
Relatively, more secure than previous steps as you create a single account/certificate pair per device
Cons:
Not very manageable
Thanks -
James McIllece -
Clearly I've messed up my DNS.
Non of my Windows clients using Outlook can send mail, though they can all receive mail.
what am i missing?
tks,I am so sorry, found great answer from Apple.
May be someone will be interested.
http://support.apple.com/kb/TS3023 -
With the new OSX system, whenever I send an email with multiple recipients, I need to physically add a comma after each address. I never needed to do that with all the other older systems, it was done automatically. How can I fix this frustrating glitch?
option discovered in preferences. Really this and any feature that moves deletes or edits a users data should as far as possible be OFF BY DEFAULT. It shouldn't by default and without the users specific say do this dangerous and unnecessary thing without even letting the user know what it's doing!!! And then cause me a few hours (as i'm new to mac) searching for the option so as to switch it off. If i hadn't noticed the status cage declaring that it was copying files then i might never have twigged that this insane thing was occurring. And if i hadn't of noticed i would have been left maintaining the contents of the folder i copied the files to, the folder which as far as i was informed and so believed was also the location of the music files i was playing. How does Apple justify this 'genius' piece of software non-design? Surely it will hurt no one if this was off by default for new users - overall at least i dare say it would cause a lot less distress in the future for the unsuspecting public at large. Thanks for the support.
-
Configuring postfix on Mountain Lion Server
I'm trying to upgrade from Snow Leopard Server to Mountain Lion Server and did an install of Mountain Lion Server on top of a working instance of Snow Leopard Server. The "crippled" GUI on Mountain Lion Server is forcing me into using terminal to configure Postfix to handle incoming email.
I would like to configure Postfix to only accept email that is forwarded from a gmail business account. The public email address is [email protected] which is received by Google Mail, goes through their spam filters and then is auto-forwarded to [email protected]
The server WAN domain is nonpublic.com The ip address is 96.231.165.126
The server LAN is nonpublic.local The ip address is 10.6.18.201
The server is a MacMini running Mountain Lion Server 10.6.8 hostname server so the FQDN is server.public.com.
The network on the MacMini is configured to handle both LAN and WAN traffic through the 1GB physical ethernet port which plugs into a CISCO 3750 switch. The external traffic to the WAN flows through the switch as tagged packets. The LAN traffic is not tagged. The VLAN connection is running 802.1q
When an email is sent through the WAN to [email protected] the Postfix SMTP log shows:
Jun 7 19:29:22 server.public.com postfix/smtpd[42181]: connect from cisco.public.com[96.231.165.123]
Jun 7 19:29:22 server.public.com postfix/smtpd[42181]: disconnect from cisco.public.com[96.231.165.123]
I can send emails from a client on the LAN through this server with no problems. The incoming mail server can connect to the machine via the Cisco router/switch but Postfix just shows "cisco" as the connection (that's the router's DNS name) and provides no more info. I suspect Postfix possibly doesn't like the 802.1q connection and drops the SMTP request to connect on port 25.
I have turned on "debug" logging in Postfix, but that is all that appears in the SMTP log file
I've spent most of the week reading through everything I can find on how to install and configure postfix on Mountain Lion Server and work around the cripled GUI in the "server" application. I'm barely OK using Terminal and not familiar at all with configuring Postfix directling editing the config file.
What is the best approach to configure Postfix to allow SMTP connections from the outside to deliver incoming email that is forwarded from gmail.com?
I did find an "aliases" file in /etc/postfix/aliases but I'm not sure how to add the aliases and if adding aliases with a text editor is going to cause the "server" app problems and if the changes will be lost when the machine is restarted.
Any help would be appreciated.MrHoffman, thank you for your response to my challenge to get the new test server working. This is a migration from Snow Leopard Server to Mountain Lion Server.
Here is the "checkhostname" test results:
blue:~ admin$ sudo changeip -checkhostname
Password:
Primary address = 96.231.165.211
Current HostName = blue.pderby.com
DNS HostName = blue.pderby.com
The names match. There is nothing to change.
dirserv:success = "success"
blue:~ admin$
Here is the response from postconf -n
blue:~ admin$ postconf -n
biff = no
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5
dovecot_destination_recipient_limit = 1
html_directory = /usr/share/doc/postfix/html
imap_submit_cred_file = /Library/Server/Mail/Config/postfix/submit.cred
inet_interfaces = loopback-only
inet_protocols = all
mail_owner = _postfix
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
message_size_limit = 10485760
mydomain_fallback = localhost
newaliases_path = /usr/bin/newaliases
queue_directory = /Library/Server/Mail/Data/spool
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = _postdrop
smtpd_tls_ciphers = medium
smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
use_sacl_cache = yes
blue:~ admin$
I agree that I should change the LAN domain from .local to something like .internal or whatever. I've been running with .local for 5 years on snow leopard server and never had any problems so that was a low priority.
I hope I'm just not seeing some obvious setting in main.cf -
Oracle 9i Application server installation problem(MSG:Fully qualified domain name)
I have installed Oracle 9i database.Now downloaded application server 9iAs,when i am installing I have got this error message(J2ee and web cache)
Message begin
Installation has detected that a fully qualified hostname has not been specified for this host.Oracle 9i application server requires a default domain name to be specified for each host where it is installed .Please consult your OS instructions for details on assigning a default domain name If u are not using DNS server then the file d:\windows\system32\drivers\etc hostsmust also include a line of a form
<IP_ADDRESS><FULLY_QUALIFIED_HOST_NAME><ALIESES>
Message End
Could some one suggest the procedure to follow.
Pl ,mailme to [email protected]
I appriciate your help
Tahnq
RaviSearch this forum for answers and discussions.
Basically, your machine will need a "fully qualified hostname" e.g. myhostname.mydomain.com, only myhostname is not enough.
Also, AS does not allow the IP to change after install e.g. no DHCP (dynamically allocated IP) allowed!
Hth,
Fredrik
Maybe you are looking for
-
Creating database using DBCA stuck at 85% for about 7minutes~
when i create DB using DBCA , it stuck in 85% for a long time ,and the a waring appears it says : EM configuration failed due to the following error -error starting database control refer to the log file at emConfig.log for more details so i checked
-
Error running applet, java.lang.UnsatisfiedLinkError: enableModeless
hi guys I write an applet with JDevloper 3.1 using Oracle's B4J to connect to oracle 8.1.5. In Jdev all works fine. After deploying with the wizard to a webserver und running the applet using JRE 1.2.2 i got the following exception: Opening http://te
-
Hi, I'm using iPhoto '11 to manage my pictures and I like a lot the "Faces" tool to tag people and find all the photos related to them in one click. I've shared several albums to Facebook hoping that the tagging was maintained and consistent. Unfotun
-
BT Desktop Help still won't work with Windows 7 64...
THis has been going on for a while now. It just won't launch. Emails and screen sharing sessions have produced nothing. One phone call to a representative resuilted in them telling me that the 64 bit Windows 7 version was not available yet - but w
-
Code tuning on SELECT SINGLE statement
Hi, Is there a way to optimize a SINGLE SELECT statement ? SELECT SINGLE pernr bukrs FROM pa0001 INTO (it_pernr-pernr,it_pernr-bukrs) WHERE pernr = lv_pa9070-pernr AND endda GE lv_yhr_py_pdidom-begda A