Helo command rejected: Host not found - Setup postfix to accept sending mails from my home server through my public server

email tunnel postfix openvpn email-server

Here's the issue:

smtpd_helo_restrictions = reject_invalid_helo_hostname,
    reject_non_fqdn_helo_hostname,
    reject_unknown_helo_hostname

The last of those, reject_unknown_helo_hostname, tells Postfix to reject mail if the hostname given in the HELO command cannot be resolved. If you remove that, your problem should go away.

You should reverse the change you did (setting smtpd_helo_required to no). That change made it so that a client can connect and start sending mails without doing a HELO at all - but if the client does do a HELO, the restrictions in smtpd_helo_restrictions would still apply, as you've found.


You can change your HELO policy to:

smtpd_helo_restrictions = 
    permit_mynetworks,
    reject_invalid_helo_hostname,
    reject_non_fqdn_helo_hostname,
    reject_unknown_helo_hostname

...and add your home mail server's address to mynetworks = ... line.

Although the answer by @JennyD is valid and should solve your problem, it can be better to keep your current HELO policy for external hosts. This has an advantage: misconfigured MTAs won't be able to send messages to your server, which will save you from some spam (although rather a little bit). Anyway, hosts with improper HELO configuration are to be suspected.

Going a bit further, make sure you have at least reject_unknown_client_hostname among the list under ie. smtpd_client_restrictions = .... This will prevent messages from MTA hosts without proper reverse DNS record and thus many botnet relays. Another important antispam measure would be SPF policy deamon (ie. milter-greylist) and, obviously, SpamAssassin.


If you don't have fine grained control over clients, you should be using SASL anyway:

smtpd_delay_reject = yes

smtp_helo_restrictions =
    permit_sasl_authenticated,
    reject_unknown_helo_hostname

This allows SASL authenticated hosts to send a helo without restriction

Note that in some configurations, master.cf sets smtp_helo_restrictions for both submission and smtps to $mua_helo_restrictions, so in that case set mua_helo_restrictions instead.

Related

Can you have NS records pointing to different providers?
Getting a 404 error after upgrading to ASP.NET 4.5
Check for file by wildcard and store as variable in batch file [closed]
Why does Ubuntu want to reboot so often after installing updates?
Server corrosion, air conditioning and climate control
Laravel 8 passport installation failed
go channel doesn't output the data it passed [duplicate]
ttk creating and using a custom theme
How to return a unique record
Encrypted ID in URLs
Python datetime.today() Showing different time in different python programms
addEventListener submit and jQuery submit