On 02/28/2011 05:22 PM, Timothy Pearson wrote:
Tim,
I went to register for the bugzilla and found that the confirmation request from 74.84.118.181 was rejected by postfix because 74.84.118.181 does not provide a proper reverse lookup causing:
<snip>
It is 'reject_unknown_client' causing the rejection. From: http://www.postfix.org/postconf.5.html the rejection is caused when:
<snip>
Hi David,
How exactly did you get this error? My reverse DNS checks out OK and I don't see any problems with a test registration on the Bugzilla.
Thanks!
Tim
Tim, my postfix setup is:
[17:35 nirvana:/home/david/Documents/law/clients-rlf] # postconf -n alias_database = $alias_maps alias_maps = hash:/etc/postfix/aliases command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/lib/postfix data_directory = /var/lib/postfix debug_peer_level = 2 html_directory = no inet_interfaces = all mail_owner = postfix mail_spool_directory = /var/spool/mail mailbox_command = /usr/bin/procmail -a "$EXTENSION" mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man message_size_limit = 10240000 mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain myhostname = nirvana.3111skyline.com mynetworks_style = subnet myorigin = $mydomain newaliases_path = /usr/bin/newaliases proxy_interfaces = 66.76.63.120 queue_directory = /var/spool/postfix readme_directory = no relay_domains = rlfpllc.com, rbpllc.com, rankinfirm.com, rankinlawfirm.com, drrankin.com sample_directory = /etc/postfix/sample sendmail_path = /usr/sbin/sendmail setgid_group = postdrop smtpd_client_restrictions = reject_rbl_client zen.spamhaus.org
<** I had to remove reject_unknown_client from the line above **>
smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, reject_non_fqdn_hostname smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination unknown_local_recipient_reject_code = 550
Before removing 'reject_unknown_client' from smtpd_client_restrictions, the confirmation email was rejected with (note I've removed the @ signs below and replaced them with ' at '):
Feb 28 16:22:22 nirvana postfix/smtpd[6858]: NOQUEUE: reject: RCPT from unknown[74.84.118.181]: 450 4.7.1 Client host rejected: cannot find your hostname, [74.84.118.181]; from=bugs@pearsoncomputing.net to=<trin at 3111skyline.com> proto=ESMTP helo=<vali.starlink.edu> Feb 28 16:22:22 nirvana postfix/smtpd[6858]: disconnect from unknown[74.84.118.181]
After removing 'reject_unknown_client' the confirmation came through no problem:
Feb 28 16:32:05 nirvana postfix/smtpd[6966]: warning: 74.84.118.181: address not listed for hostname pearsoncomputing.net Feb 28 16:32:05 nirvana postfix/smtpd[6966]: connect from unknown[74.84.118.181] Feb 28 16:32:05 nirvana postfix/smtpd[6966]: 8E24D5FBCD: client=unknown[74.84.118.181] Feb 28 16:32:05 nirvana postfix/cleanup[6968]: 8E24D5FBCD: message-id=201102282222.p1SMMIkD004700@thor.starlink.edu Feb 28 16:32:05 nirvana postfix/smtpd[6966]: disconnect from unknown[74.84.118.181] Feb 28 16:32:05 nirvana postfix/qmgr[6945]: 8E24D5FBCD: from=bugs@pearsoncomputing.net, size=2878, nrcpt=1 (queue active) Feb 28 16:32:05 nirvana postfix/local[6971]: 8E24D5FBCD: to=<me at 3111skyline.com>, orig_to=<trin at 3111skyline.com>, relay=local, delay=0.4, delays=0.31/0.01/0/0.07, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail -a "$EXTENSION") Feb 28 16:32:05 nirvana postfix/qmgr[6945]: 8E24D5FBCD: removed
I wish I could tell you the reason why postfix was rejecting the messages with 'reject_unknown_client' set as a smtpd_client_restrictions entry, but alas, my postfix knowledge doesn't extend that far... But, I can confirm the behavior and let you know what caused the rejection.
I can see the lookup for pearsoncomputing.net just fine as well:
[17:48 nirvana:/home/david/Documents/law/clients-rlf] # nslookup 74.84.118.181 Server: 192.168.6.17 Address: 192.168.6.17#53
Non-authoritative answer: 181.118.84.74.in-addr.arpa name = pearsoncomputing.net.
Authoritative answers can be found from: 118.84.74.in-addr.arpa nameserver = ns2.mcomdc.com. 118.84.74.in-addr.arpa nameserver = ns1.mcomdc.com.
However, I think postfix doesn't like the fact that there is no "hostname.pearsoncomputing.net', provided, just a domainname. Fox example, when I do a lookup on my office server, I get:
[17:48 nirvana:/home/david/Documents/law/clients-rlf] # nslookup 66.76.63.60 Server: 192.168.6.17 Address: 192.168.6.17#53
Non-authoritative answer: 60.63.76.66.in-addr.arpa name = mail.rbpllc.com.
Authoritative answers can be found from: 63.76.66.in-addr.arpa nameserver = ns2.suddenlink.net. 63.76.66.in-addr.arpa nameserver = ns1.suddenlink.net. ns2.suddenlink.net internet address = 66.76.2.133
Notice the "name =" difference. I have a hostname, you just have your domain. Like I said, I'm no postfix expert, but I think that (or something along those lines) is what is happening.