The isi.edu DNS nameservers were apparently being DoSed today, and
reverse and forward lookups (from my MX host) were failing. I was
however surprised to then see:
postfix/smtpd[2530673]: NOQUEUE: reject: RCPT from unknown[128.9.29.254]:
550 5.7.1 Client host rejected: cannot find your reverse hostname,
[128.9.29.254];
from=<dane-survey-noti...@dnssec-stats.ant.isi.edu>
to=<ietf-d...@dukhovni.org> proto=ESMTP helo=<dnssec-stats.ant.isi.edu>
This should have been a soft error, but with recent-enough Fedora (I
have 39), the default nsswitch.conf has:
hosts: files myhostname resolve [!UNAVAIL=return] dns
and this (specifically, !UNAVAIL=return) turns soft DNS failures into
hard errors.
The solution, on any production mail server, is to remove (with
prejudice)
resolve [!UNAVAIL=return]
from the "hosts" nsswitch.conf entry. If you don't want to randomly
reject mail when there's a brief network glitch, your MUST simplify
nsswitch.conf to:
hosts: files myhostname dns
or even just:
hosts: files dns
--
Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
