[original post at bottom]
in the meantime I've upgraded the OS to OpenBSD v5.2, which offers 2 postfix
versions as packages:
postfix-2.10.20120630
postfix-2.9.3
I chose v2.9.3.
bind is still "BIND 9.4.2-P2"
On 11/13/2012 10:50 PM, /dev/rob0 wrote:
> On Tue, Nov 13, 2012 at 09:55:11PM +0100,
> IMAP List Administration wrote:
>> I'm running a postfix (postfix-2.9.20120102-sasl2) server on
> That's a pre-release snapshot. Postfix 2.9 is up to patchlevel 4.
so now I have a release version of postfix.
> That's very old. 9.4.3 was EOL almost three years ago.
>
so no change here.
I still see the intermittent DNS lookup failures in postfix when querying my
local named.
For kicks, I changed /etc/resolv.conf to point to the nameserver of my provider,
which means the local named is no longer queried by postfix.
There was no change -- the intermittent failures still occur.
I tried using nsping to all the nameservers authoritative for one of the domains
for which I had a lookup failure. There was no indication of any problem.
Summary:
- upgraded OS
- upgraded Postfix
- cut local named out of system
but no change. Anyone have a suggestion as to how to pursue this problem?
cheers,
Robert Urban
-- original post --
I'm running a postfix (postfix-2.9.20120102-sasl2) server on OpenBSD v5.1. We
have a number of anti-UCE postfix measures in place, including
"reject_unknown_client_hostname", which we quite like. It's hard to believe
there are so many spammers that can't overcome such a low obstacle.
At any rate, we periodically see (1-5 times per day) a "Client host rejected:
cannot find your hostname" rejection, followed by a successful retry from the
remote MTA. When we check the DNS records, they always appear to be in order.
The remote MTAs belong to various organizations, but typically ones where one
would expect the DNS config to be well-maintained. (see bottom for an example
rejection and the ensuing successful retry).
I've tried to configure DNS (BIND 9.4.2-P2) to log debug information, and it
logs a fantastic amount, but I am unable to get it to log such queries and their
results, or maybe I just haven't found the magic combination of logging settings
yet, or maybe I don't understand the logging output.
The Questions:
1) is it possible that we are observing a bug in postfix in conjunction with
DNS-queries? Are there any such known bugs?
2) can someone give me a tip on how to configure BIND to log the information I
need to figure out why DNS lookups may be failing intermittently, and how to
read it properly?
