Why does SMTP fail for some users: Helo command rejected
By default, OS X Servers expect a fully qualified domain name (FQDN) as a greeting (helo) for all SMTP connections.
The server expects:
helo mail.mydomain.com
Many apps (Outlook and some phones) don’t send a FQDN and instead send something like:
helo computer1
The server will reject this connection, and you will see this in your server’s mail.log:
Helo command rejected: need fully-qualified hostname
To resolve the issue
OS X Server 10.8
Check your current helo restrictions with:
sudo postconf -c /Library/Server/Mail/Config/postfix/ smtpd_helo_restrictions
Your results will likely be:
smtpd_helo_restrictions = reject_non_fqdn_helo_hostname reject_invalid_helo_hostname
We’d like to allow local-lan and smtp-authenticated users to bypass the restriction, so we allow their access before the reject lines.
Issue this to fix:
postconf -c /Library/Server/Mail/Config/postfix/ -e "smtpd_helo_restrictions = permit_mynetworks permit_sasl_authenticated reject_non_fqdn_helo_hostname reject_invalid_helo_hostname"
Then activate the change with:
sudo postfix reload
OS X Server 10.5 – 10.7
Check your current helo restrictions with:
sudo postconf smtpd_helo_restrictions
Look at your results.. You’ll probably want to keep the same restrictions but add permit_mynetworks and permis_sasl_authenticated before the reject lines.
If you had only these restrictions “reject_non_fqdn_helo_hostname reject_invalid_helo_hostname”, then you would issue:
postconf -e "smtpd_helo_restrictions = permit_mynetworks permit_sasl_authenticated reject_non_fqdn_helo_hostname reject_invalid_helo_hostname"
Then activate the change with:
sudo postfix reload