On 02/28/2011 05:22 PM, Timothy Pearson wrote:
Tim,
I went to register for the bugzilla and found that the confirmation request from 74.84.118.181 was rejected by postfix because 74.84.118.181 does not provide a proper reverse lookup causing:
<snip> >> It is 'reject_unknown_client' causing the rejection. From: >> http://www.postfix.org/postconf.5.html the rejection is caused when: >> <snip> > Hi David, > > How exactly did you get this error? My reverse DNS checks out OK and I > don't see any problems with a test registration on the Bugzilla. > > Thanks! > > Tim
Tim, my postfix setup is:
[17:35 nirvana:/home/david/Documents/law/clients-rlf] # postconf -n alias_database = $alias_maps alias_maps = hash:/etc/postfix/aliases command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/lib/postfix data_directory = /var/lib/postfix debug_peer_level = 2 html_directory = no inet_interfaces = all mail_owner = postfix mail_spool_directory = /var/spool/mail mailbox_command = /usr/bin/procmail -a "$EXTENSION" mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man message_size_limit = 10240000 mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain myhostname = nirvana.3111skyline.com mynetworks_style = subnet myorigin = $mydomain newaliases_path = /usr/bin/newaliases proxy_interfaces = 66.76.63.120 queue_directory = /var/spool/postfix readme_directory = no relay_domains = rlfpllc.com, rbpllc.com, rankinfirm.com, rankinlawfirm.com, drrankin.com sample_directory = /etc/postfix/sample sendmail_path = /usr/sbin/sendmail setgid_group = postdrop smtpd_client_restrictions = reject_rbl_client zen.spamhaus.org
<** I had to remove reject_unknown_client from the line above **>
smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, reject_non_fqdn_hostname smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination unknown_local_recipient_reject_code = 550
Before removing 'reject_unknown_client' from smtpd_client_restrictions, the confirmation email was rejected with (note I've removed the @ signs below and replaced them with ' at '):
Feb 28 16:22:22 nirvana postfix/smtpd[6858]: NOQUEUE: reject: RCPT from unknown[74.84.118.181]: 450 4.7.1 Client host rejected: cannot find your hostname, [74.84.118.181]; from=bugs@pearsoncomputing.net to=<trin at 3111skyline.com> proto=ESMTP helo=<vali.starlink.edu> Feb 28 16:22:22 nirvana postfix/smtpd[6858]: disconnect from unknown[74.84.118.181]
After removing 'reject_unknown_client' the confirmation came through no problem:
Feb 28 16:32:05 nirvana postfix/smtpd[6966]: warning: 74.84.118.181: address not listed for hostname pearsoncomputing.net Feb 28 16:32:05 nirvana postfix/smtpd[6966]: connect from unknown[74.84.118.181] Feb 28 16:32:05 nirvana postfix/smtpd[6966]: 8E24D5FBCD: client=unknown[74.84.118.181] Feb 28 16:32:05 nirvana postfix/cleanup[6968]: 8E24D5FBCD: message-id=201102282222.p1SMMIkD004700@thor.starlink.edu Feb 28 16:32:05 nirvana postfix/smtpd[6966]: disconnect from unknown[74.84.118.181] Feb 28 16:32:05 nirvana postfix/qmgr[6945]: 8E24D5FBCD: from=bugs@pearsoncomputing.net, size=2878, nrcpt=1 (queue active) Feb 28 16:32:05 nirvana postfix/local[6971]: 8E24D5FBCD: to=<me at 3111skyline.com>, orig_to=<trin at 3111skyline.com>, relay=local, delay=0.4, delays=0.31/0.01/0/0.07, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail -a "$EXTENSION") Feb 28 16:32:05 nirvana postfix/qmgr[6945]: 8E24D5FBCD: removed
I wish I could tell you the reason why postfix was rejecting the messages with 'reject_unknown_client' set as a smtpd_client_restrictions entry, but alas, my postfix knowledge doesn't extend that far... But, I can confirm the behavior and let you know what caused the rejection.
I can see the lookup for pearsoncomputing.net just fine as well:
[17:48 nirvana:/home/david/Documents/law/clients-rlf] # nslookup 74.84.118.181 Server: 192.168.6.17 Address: 192.168.6.17#53
Non-authoritative answer: 181.118.84.74.in-addr.arpa name = pearsoncomputing.net.
Authoritative answers can be found from: 118.84.74.in-addr.arpa nameserver = ns2.mcomdc.com. 118.84.74.in-addr.arpa nameserver = ns1.mcomdc.com.
However, I think postfix doesn't like the fact that there is no "hostname.pearsoncomputing.net', provided, just a domainname. Fox example, when I do a lookup on my office server, I get:
[17:48 nirvana:/home/david/Documents/law/clients-rlf] # nslookup 66.76.63.60 Server: 192.168.6.17 Address: 192.168.6.17#53
Non-authoritative answer: 60.63.76.66.in-addr.arpa name = mail.rbpllc.com.
Authoritative answers can be found from: 63.76.66.in-addr.arpa nameserver = ns2.suddenlink.net. 63.76.66.in-addr.arpa nameserver = ns1.suddenlink.net. ns2.suddenlink.net internet address = 66.76.2.133
Notice the "name =" difference. I have a hostname, you just have your domain. Like I said, I'm no postfix expert, but I think that (or something along those lines) is what is happening.
Do you mind checking to see if the problem is still occurring? Other people have mentioned that there were some DNS issues a few days ago which have since been resolved; I would like to know if this issues was resolved along with them.
Thanks!
Tim