* Michael Monnerie <michael.monne...@is.it-management.at>: > I've just had a very strange bug which cost me an hour to find. > > mailserver: postfix-2.5.1-28.5 > > On the mailserver, I should receive mail from 212.69.162.205. > > # dig -x 212.69.162.205 > showed me a correct, existing PTR: > 205.192-28.162.69.212.in-addr.arpa. 3600 IN PTR protegate5.zmi.at. > > Just the forward request doesn't fit the IP: > # dig +short protegate5.zmi.at > 212.69.164.56 > > and postfix refused to take the e-mail with this message: > 450 4.7.1 Client host rejected: cannot find your hostname, > [212.69.162.205]
As documented in http://www.postfix.org/postconf.5.html#smtpd_client_restrictions reject_unknown_client_hostname is triggered if 1) the client IP address->name mapping fails[, or] 2) the name->address mapping fails, or 3) the name->address mapping does not match the client IP address This is often reffered to as "forward confirmed reverse DNS": http://en.wikipedia.org/wiki/Forward_Confirmed_reverse_DNS > The log text is not correct, it should say "your PTR 212.69.162.205 > doesn't fit the forward IP of protegate5.zmi.at". The log text ist correct. A host with an IP resolved to "protegate5.zmi.at" connected, but the host with that name has a different IP. So Postfix was not able to find a host name that resolved to that IP address. > I changed the PTR to now be > 205.192-28.162.69.212.in-addr.arpa. 3600 IN PTR protegate5old.zmi.at. > and this fits the forward: > # dig +short protegate5old.zmi.at > 212.69.162.205 > > and then the e-mail passes through. I don't know if that has already > been fixed, but it really should as the log messages suggests that we > had a DNS issue while it really only was the misfit of forward/reverse > lookups. This kind of "misfit" is commonly referred to as a "DNS issue" when postmasters talk to each other ;-) Cheers Stefan > I also looked at > http://www.postfix.org/postconf.5.html#reject_unknown_client_hostname > but found no mentioning of the message that's logged. But a "cannot find > your hostname" is really not a good answer here. > > mfg zmi > -- > // Michael Monnerie, Ing.BSc ----- http://it-management.at > // Tel: 0660 / 415 65 31 .network.your.ideas. > // PGP Key: "curl -s http://zmi.at/zmi.asc | gpg --import" > // Fingerprint: AC19 F9D5 36ED CD8A EF38 500E CE14 91F7 1C12 09B4 > // Keyserver: wwwkeys.eu.pgp.net Key-ID: 1C1209B4 >
