Re: postfix reports no rDNS on a host with many PTR records

Tue, 15 Oct 2013 07:43:44 -0700 


Jeroen Geilman wrote the following on 10/14/2013 7:05 PM:

On 10/14/2013 08:41 PM, Blake Hudson wrote:
I'm seeing the following errors when a prominent North American life insurance vendor attempts to send me email. 


Oct 14 12:57:07 twinc postfix/smtpd[12194]: NOQUEUE: reject: RCPT 
from unknown[216.163.249.229]: 450 4.7.1 Client host rejected: cannot 
find your reverse hostname, [216.163.249.229]; 
from=<redac...@securemail.metlife.com> to=<redac...@redacted.net> 
proto=ESMTP helo=<ms1.metlifecommercial.com>



The crux is that this host does have (an abundance of) rDNS:

[blake@twinc ~]# host 216.163.249.229
;; Truncated, retrying in TCP mode.
229.249.163.216.in-addr.arpa domain name pointer ms2.dmmetlife.com.
229.249.163.216.in-addr.arpa domain name pointer ms2.egadbprod.com.
229.249.163.216.in-addr.arpa domain name pointer ms2.iimetlife.com.
229.249.163.216.in-addr.arpa domain name pointer ms2.afimetlife.com.
...


I've temproarily whitelisted the sending server. However, what to do 
about the DNS issue (this isn't the first sender that I've ran into 
this issue with)? Is this an error in Postfix or with my system (RHEL 
5)?


--Blake




Notwithstanding Wietse's reply (he would know how postfix deals with 
DNS), if you look up that address range from the root on down (dig -4 
+trace ns 216.163.249.229), we get this:


249.163.216.in-addr.arpa. 86400    IN    NS    ns2.metlife.com.
249.163.216.in-addr.arpa. 86400    IN    NS    ns3.metlife.com.
249.163.216.in-addr.arpa. 86400    IN    NS    ns.metlife.com.


Asking each of these in turn leads to ns2 returning that ridiculous 
list you showed.
The other two don't respond at all - that's right: they do not respond 
to DNS queries.



Something is definitely Up with their DNS - from the looks of that 
response, it is comprehensively misconfigured.



Perhaps your resolver gives up when no UDP answer is received for a 
PTR query; that would explain the postfix error.





Hm, no failures here... UDP and TCP both work. I won't disagree with the 
ridiculousness of the response.


# dig @ns.metlife.com -x 216.163.249.229 +ignore


; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 <<>> @ns.metlife.com -x 
216.163.249.229 +ignore

; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40752
;; flags: qr aa tc rd; QUERY: 1, ANSWER: 15, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;229.249.163.216.in-addr.arpa.  IN      PTR

;; ANSWER SECTION:
229.249.163.216.in-addr.arpa. 1800 IN   PTR     ms1.idwmetlife.com.
229.249.163.216.in-addr.arpa. 1800 IN   PTR     ms.metscc.com.
229.249.163.216.in-addr.arpa. 1800 IN   PTR     ms2.witnessgold.com.
229.249.163.216.in-addr.arpa. 1800 IN   PTR     ms2.smrsmetlife.com.
229.249.163.216.in-addr.arpa. 1800 IN   PTR     ms1.metecap.com.
229.249.163.216.in-addr.arpa. 1800 IN   PTR     ms2.ribsmetlife.com.
229.249.163.216.in-addr.arpa. 1800 IN   PTR     ms2.tlait.com.
229.249.163.216.in-addr.arpa. 1800 IN   PTR     ms1.metpaybase.com.
229.249.163.216.in-addr.arpa. 1800 IN   PTR     ms2.prfmetlife.com.

229.249.163.216.in-addr.arpa. 1800 IN   PTR 
ms.metlifecorporateactuarial.com.

229.249.163.216.in-addr.arpa. 1800 IN   PTR     ms2.mmpmetlife.com.
229.249.163.216.in-addr.arpa. 1800 IN   PTR     ms.metconnect.com.
229.249.163.216.in-addr.arpa. 1800 IN   PTR     ms1.ahreports.com.
229.249.163.216.in-addr.arpa. 1800 IN   PTR     ms1.metptgweb.com.
229.249.163.216.in-addr.arpa. 1800 IN   PTR ms.genamservices.com.

;; Query time: 54 msec
;; SERVER: 216.163.249.248#53(216.163.249.248)
;; WHEN: Tue Oct 15 09:40:59 2013
;; MSG SIZE  rcvd: 487

#  dig @ns2.metlife.com -x 216.163.249.229 +ignore


; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 <<>> @ns2.metlife.com -x 
216.163.249.229 +ignore

; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32222
;; flags: qr aa tc rd ra; QUERY: 1, ANSWER: 15, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;229.249.163.216.in-addr.arpa.  IN      PTR

;; ANSWER SECTION:
229.249.163.216.in-addr.arpa. 1800 IN   PTR ms2.sbcpricingmetlife.com.
229.249.163.216.in-addr.arpa. 1800 IN   PTR ms1.nbcwebsitemetlife.com.
229.249.163.216.in-addr.arpa. 1800 IN   PTR ms2.metcaretngdrmetlife.com.
229.249.163.216.in-addr.arpa. 1800 IN   PTR     ms2.lifemetlife.com.
229.249.163.216.in-addr.arpa. 1800 IN   PTR     ms1.isprmetlife.com.

229.249.163.216.in-addr.arpa. 1800 IN   PTR 
www.fegli04.com.249.163.216.in-addr.arpa.

229.249.163.216.in-addr.arpa. 1800 IN   PTR     ms1.efametlife.com.
229.249.163.216.in-addr.arpa. 1800 IN   PTR     ms.wpsnefn.com.
229.249.163.216.in-addr.arpa. 1800 IN   PTR ms1.meticontactreg.com.
229.249.163.216.in-addr.arpa. 1800 IN   PTR     ms2.epmmetlife.com.
229.249.163.216.in-addr.arpa. 1800 IN   PTR     ms2.lsmsmetlife.com.
229.249.163.216.in-addr.arpa. 1800 IN   PTR     ms1.ahreports.com.
229.249.163.216.in-addr.arpa. 1800 IN   PTR     ms.metlifetech.com.

229.249.163.216.in-addr.arpa. 1800 IN   PTR 
www.fegli2004.org.249.163.216.in-addr.arpa.

229.249.163.216.in-addr.arpa. 1800 IN   PTR     ms.mettpm.com.

;; Query time: 61 msec
;; SERVER: 216.163.240.251#53(216.163.240.251)
;; WHEN: Tue Oct 15 09:41:03 2013
;; MSG SIZE  rcvd: 508

# dig @ns3.metlife.com -x 216.163.249.229 +ignore


; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 <<>> @ns3.metlife.com -x 
216.163.249.229 +ignore

; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3067
;; flags: qr aa tc rd; QUERY: 1, ANSWER: 16, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;229.249.163.216.in-addr.arpa.  IN      PTR

;; ANSWER SECTION:
229.249.163.216.in-addr.arpa. 1800 IN   PTR     ms1.metcrtsdb.com.
229.249.163.216.in-addr.arpa. 1800 IN   PTR     ms1.metetad.com.
229.249.163.216.in-addr.arpa. 1800 IN   PTR ms1.itpm-metlifeqa.com.
229.249.163.216.in-addr.arpa. 1800 IN   PTR     ms.metproject.com.
229.249.163.216.in-addr.arpa. 1800 IN   PTR ms2.siebelmetlife.com.
229.249.163.216.in-addr.arpa. 1800 IN   PTR     ms.metcommpipe.com.
229.249.163.216.in-addr.arpa. 1800 IN   PTR     ms1.metables.com.
229.249.163.216.in-addr.arpa. 1800 IN   PTR ms2.powerimageprod.com.
229.249.163.216.in-addr.arpa. 1800 IN   PTR     ms.metdir.com.
229.249.163.216.in-addr.arpa. 1800 IN   PTR     ms1.metables.
229.249.163.216.in-addr.arpa. 1800 IN   PTR     ms2.crpsysmet.com.

229.249.163.216.in-addr.arpa. 1800 IN   PTR 
www.fegli2004.com.249.163.216.in-addr.arpa.

229.249.163.216.in-addr.arpa. 1800 IN   PTR     metmis.com.
229.249.163.216.in-addr.arpa. 1800 IN   PTR     ms2.bdproddb.com.
229.249.163.216.in-addr.arpa. 1800 IN   PTR ms1.metlifeahdirect.com.
229.249.163.216.in-addr.arpa. 1800 IN   PTR ms2.metlife-ihub.com.

;; Query time: 54 msec
;; SERVER: 204.146.159.27#53(204.146.159.27)
;; WHEN: Tue Oct 15 09:41:07 2013
;; MSG SIZE  rcvd: 508


























					Reply via email to