I was having some issues with my personal mail server (Postfix) and my phone (Android). The logs depicted the below issue:

Jan  9 09:19:53 ip-11-222-23-223 postfix/smtpd[12345]: NOQUEUE: reject: RCPT from 12-13-14-15.abc.com.au[12.13.14.15]: 504 5.5.2 <localhost>: Helo command rejected: need fully-qualified hostname; from=<emailaddr kelvinism.com="kelvinism.com"> to=<emailaddr gmail.com="gmail.com"> proto=ESMTP helo=<localhost>
</localhost></emailaddr></emailaddr></localhost>

We can see here that the stock Android email client is doing a ‘helo localhost’. One part of my main.cf file specifies this:

smtpd_helo_required = yes
smtpd_helo_restrictions =
    permit_mynetworks,
    reject_non_fqdn_helo_hostname,
    reject_invalid_helo_hostname,
    permit_sasl_authenticated,
    permit

To resolve, unfortunately, just change the order to authenticated clients are permitted earlier:

smtpd_helo_required = yes
smtpd_helo_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_non_fqdn_helo_hostname,
    reject_invalid_helo_hostname,
    permit

You also may need to do the same for smtpd_recipient_restrictions and/or smtpd_sender_restrictions (i.e. put permit_sasl_authenticated above the reject lines).

One thing I love about open source stuff is that the developers usually take great care to allow awesome debug messages. There’s a catch-22, however: how much logging to enable? Today I was creating a Postfix/Dovecot/Postgresql install and I kept getting an error message in mail.log, but it wasn’t very helpful.

Luckily you can turn up the verbosity in Postfix for error messages. You’ll need to find out what component is in error, e.g. “postfix/virtual[4467]: warning:”, and then open master.cf. Add a -v to the end of the daemon that’s faulting, and you’ll get more logging than you know what to do with.

virtual   unix  -       n       n       -       -       virtual -v

I hope this helps somebody. You can read more debugging tips on the Postfix DEBUG readme.