Re: Problem with reject_rbl_client when a wildcard entry for mydomain exists

Mon, 08 Dec 2014 08:32:30 -0800 

Wietse Venema:
> [email protected]:
> > Hi all,
> > 
> > I can reproduce this on a "stock" openBSD 5.6 with default main.cf (except 
> > for the smtpd_client_restrictions, of course).
> > 
> > /var/spool/postfix/etc/resolv.conf contains
> > 
> > lookup file bind
> > nameserver 172.16.161.2
> 
> Does the problem go away with:
> 
>     lookup bind
> 
> i.e. remove "file" lookups.

Never mind. According to the OpenBSD 5.6 resolv.conf manpage, the
"lookup" option is used by gethostbyxxxx() (and presumably also by
getxxxxinfo()). Postfix uses res_search() when it queries a DNSBL
server.

        Wietse

> > and  /var/spool/postfix/etc/hosts contains
> > 
> > #       $OpenBSD: hosts,v 1.12 2009/03/10 00:42:13 deraadt Exp $
> > #
> > # Host Database
> > #
> > # RFC 1918 specifies that these networks are "internal".
> > # 10.0.0.0      10.255.255.255
> > # 172.16.0.0    172.31.255.255
> > # 192.168.0.0   192.168.255.255
> > #
> > 127.0.0.1       localhost
> > ::1             localhost
> > 
> > But NOT on a stock Ubuntu with the same config.
> > 
> > I guess this means that I have to ak openBSD?
> > 
> > cheers
> > Steven
> > 
> > 
> > -----Urspr?ngliche Nachricht----- 
> > From: Wietse Venema
> > Sent: Thursday, December 4, 2014 8:01 PM
> > To: A. Schulze
> > Cc: [email protected]
> > Subject: Re: Problem with reject_rbl_client when a wildcard entry for 
> > mydomain exists
> > 
> > A. Schulze:
> > >
> > > Viktor Dukhovni:
> > >
> > > >> general advice: check your /etc/resolv.conf
> > > >> usually there is no need for other lines then "nameserver 
> > > >> $NAMESERVER_IP"
> > > >> especially check if "searchdomain" is present and needed and should be
> > > >> removed.
> > > >
> > > > This advice is not right,  Postfix works ...
> > >
> > > Yes, BUT:
> > >
> > > I had not only postfix in mind. Other server software does not so many 
> > > things
> > > right as postfix does. For that reason "general" ...
> > >
> > > A server should generally be well configured to use only fully
> > > qualified domainnames.
> > > As a consequence a server does not need a searchdomain in /etc/resolv.conf
> > > and therefor it could be removed.
> > > I do so for many years and saw some strange things went away.
> > > That's simply my experience running numerous different server over the 
> > > years.
> > 
> > If some vendor appends domains despite Postfix turning that off,
> > please file a complaint.  That vendor is not helping.
> > 
> > Wietse 
> > 
> > 
>

Reply via email to