My postfix-2.6.5 is rejecting mail from a host which has a large
PTR RRset -- 44 entries and large enough to require TCP.
host/dig/nslookup actually dumps core on my solaris box (looks like
the bug was fixed in BIND just a few months ago). I don't know for
sure that it is the PTR records that are causing the problem because
all I get in the log is
Jan 12 11:14:42 x.y.z postfix/smtpd[29691]: [ID 197553 mail.info] connect
from unknown[1.2.3.4]
Jan 12 11:14:42 x.y.z postfix/smtpd[29691]: [ID 197553 mail.info] lost
connection after CONNECT from unknown[1.2.3.4]
Jan 12 11:14:42 x.y.z postfix/smtpd[29691]: [ID 197553 mail.info]
disconnect from unknown[1.2.3.4]
I'm not sure what part of my postfix config to even look at since the
log message is fairly uninformative. Or more importantly, how to whitelist
their MX host. (I haven't yet reviewed Victor's recent mail on that.)
I tried putting then in sender_access but apparently postfix doesn't get
that far. Here are the significant parts of postconf -n:
mydestination =
mynetworks = 127.0.0.0/8
myorigin = foo.com
recipient_delimiter = +
relay_domains = foo.com
relay_recipient_maps = dbm:/etc/postfix/relay_recipients
smtpd_data_restrictions = reject_multi_recipient_bounce permit
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks reject_unauth_pipelining
reject_invalid_helo_hostname reject_non_fqdn_helo_hostname
smtpd_recipient_restrictions = reject_non_fqdn_sender
reject_unknown_sender_domain reject_non_fqdn_recipient
reject_unknown_recipient_domain permit_mynetworks check_sender_access
dbm:/etc/postfix/sender_access reject_unauth_destination
reject_non_fqdn_hostname reject_invalid_hostname check_sender_mx_access
cidr:/etc/postfix/bogus_mx reject_rhsbl_sender dsn.rfc-ignorant.org
reject_rhsbl_sender bogusmx.rfc-ignorant.org reject_rhsbl_sender
zen.spamhaus.org reject_rhsbl_sender bl.spamcop.net permit
smtpd_reject_unlisted_sender = yes
transport_maps = dbm:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_alias_maps = dbm:/etc/postfix/virtual
And, I hope you got down this far, I set the debug_peer_level to 2 for
this host and don't get much help:
Jan 12 14:34:27 postfix/smtpd[4318]: [ID 197553 mail.info] connect from
unknown[1.2.3.4]
Jan 12 14:34:27 postfix/smtpd[4318]: [ID 197553 mail.info] match_hostaddr:
1.2.3.4 ~? 127.0.0.0/8
Jan 12 14:34:27 postfix/smtpd[4318]: [ID 197553 mail.info]
match_list_match: 1.2.3.4: no match
Jan 12 14:34:27 postfix/smtpd[4318]: [ID 197553 mail.info] send attr ident
= smtp:1.2.3.4
Jan 12 14:34:27 postfix/smtpd[4318]: [ID 197553 mail.info] >
unknown[1.2.3.4]: 220 ESMTP Postfix
Jan 12 14:34:27 postfix/smtpd[4318]: [ID 197553 mail.info] match_hostaddr:
1.2.3.4 ~? 127.0.0.0/8
Jan 12 14:34:27 postfix/smtpd[4318]: [ID 197553 mail.info]
match_list_match: 1.2.3.4: no match
Jan 12 14:34:27 postfix/smtpd[4318]: [ID 197553 mail.info] send attr ident
= smtp:1.2.3.4
Jan 12 14:34:27 postfix/smtpd[4318]: [ID 197553 mail.info] lost connection
after CONNECT from unknown[1.2.3.4]
Jan 12 14:34:27 postfix/smtpd[4318]: [ID 197553 mail.info] disconnect from
unknown[1.2.3.4]
-frank
