Viktor Dukhovni:
> On Tue, Nov 26, 2013 at 03:54:57PM -0500, Wietse Venema wrote:
>
> > Lucas Bergman:
> >
> > > Nov 25 14:06:23 gob postfix/smtpd[19293]: NOQUEUE: reject: RCPT from
> > > unknown[12.229.68.221]: 450 4.1.8 <circ...@lcplin.org>: Sender address
> > > rejected: Domain not found; from=<circ...@lcplin.org> to=<[REDACTED]@
> > > BERGMANS.US> proto=ESMTP helo=<sangria.lcplin.org>
> >
> > 450 Means that Postfix did not receive a DNS reply. There could
> > have been a network outage, or your link was saturated, or whatever.
>
> And in any case PTR lookups have nothing to do with
> reject_unknown_sender_domain. The lookups in question are basically:
>
> $ dig +short -t mx lcplin.org
> 20 grid2i.seg.att.com.
> 10 grid1i.seg.att.com.
>
> $ dig +noall +ans -t a grid1i.seg.att.com.
> grid1i.seg.att.com. 28800 IN A 209.65.160.81
> grid1i.seg.att.com. 28800 IN A 209.65.160.73
>
> $ dig +noall +ans -t a grid2i.seg.att.com.
> grid2i.seg.att.com. 28800 IN A 209.65.160.89
> grid2i.seg.att.com. 28800 IN A 209.65.176.73
> grid2i.seg.att.com. 28800 IN A 209.65.176.81
>
> Either the MX lookup or the A record lookups tempfailed.
IIRC Postfix looks up lcplin.org MX, and if that is not found,
it looks up lcplin.org A or lcplin.org AAAA (the latter only
when the DNS library routines understand AAAA lookups).
This is the lighter extreme of the testing spectrum. The heavy
extreme would involve connecting to the server(s) and confirming
that they provide SMTP service for the sender address. That extreme
is implemented with sender address verification.
Wietse
