smtpd_recipients_restrictions block my local outgoing outlook email?

hi.

I have currently configure a postfix server using the tutorial from
http:/jimsun.linuxnet.com/misc/postfix-anti-UCE.txt . I use exactly
the same configuration there but somehow all outlook email sending out
from my LAN got block by the postfix server. I have to move the
"reject_invalid_hostname", and " reject_non_fqdn_hostname" after
permit_mynetworks for email to pass through postfix.

What i don't understand is , isn't smptd_recipients_restrictions
meant for the "recipient" restriction rather then sender ?


====main.cf======

smtpd_helo_required = yes
disable_vrfy_command = yes

smtpd_recipient_restrictions =
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
permit_mynetworks,
reject_unauth_destination,
check_recipient_access pcre:/etc/postfix/recipient_checks.pcre,
check_helo_access hash:/etc/postfix/helo_checks,
check_sender_access hash:/etc/postfix/sender_checks,
check_client_access hash:/etc/postfix/client_checks,
# check_client_access pcre:/etc/postfix/client_checks.pcre,
reject_rbl_client relays.ordb.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client dul.dnsbl.sorbs.net,
permit

smtpd_data_restrictions =
reject_unauth_pipelining,
permit


====/var/log/mail.log=======
Sep 15 15:16:39 stock99 postfix/master[4684]: terminating on signal 15
Sep 15 15:16:42 stock99 postfix/master[4787]: daemon started -- version
2.2.10, configuration /etc/postfix
Sep 15 15:16:53 stock99 postfix/smtpd[4791]: connect from
unknown[192.168.1.3]
Sep 15 15:16:53 stock99 postfix/smtpd[4791]: NOQUEUE: reject: RCPT from
unknown[192.168.1.3]: 504 <celeronserver>: Helo command rejected: need
fully-qualified hostname; from=<taiwf@stock99.homelinux.com>
to=<dfeng@fdrive.com.au> proto=ESMTP helo=<celeronserver>
Sep 15 15:16:54 stock99 courierpop3login: Connection,
ip=[::ffff:192.168.1.3]

dav.stock99@gmail.com wrote:

> reject_non_fqdn_hostname,

> Helo command rejected: need
> fully-qualified hostname; from=<taiwf@stock99.homelinux.com>
> to=<dfeng@fdrive.com.au> proto=ESMTP helo=<celeronserver>


It was blocked by "reject_non_fqdn_hostname" because the HELO string
of "celeronserver" doesn't include a domain name.


An excerpt from "man 5 postconf":

reject_non_fqdn_hostname
Reject the request when the HELO or EHLO hostname is not in
fully-qualified domain form, as required by the RFC.

To make it work, you can either fix the systems that's sending the
"celeronserver" HELO string, or you can remove the "reject_non_fqdn_hostname" entry.

--
Greg