Hello Noel/Jim,
Thank you for the replies. Ok, thats clear, so multple A are allowed but i thing its the way around here. I'll explain bit more. I did run also that way, one host multiple ip's but both ip's has a different helo name to match a/ptr and mx records with it. But this customer has 1 helo hostname (A) and multiple ip's, to me this looks like a mess. This is what I see for this customer for the PTR. 43.22.aa.bb.in-addr.arpa. 1398 IN PTR host.domain.tld. 206.8.xx.yy.in-addr.arpa. 81644 IN PTR host.domain.tld. The MX setup. MX 10 host.domain.tld MX 20 host2.domain.tld MX 30 host3.domain.tld A domain test with this site : https://ssl-tools.net/mailservers did find the mx 20 and 30 but not the MX 10 server host.domain.tld. 30 IN A bb.aa.22.43 host.domain.tld. 30 IN A yy.xx.8.206 host2.domain.tld. 3347 IN A yy.xx.8.206 host3.domain.tld. 2032 IN A bb.aa.22.43 2 complete different ip adresses from different providers. 3 hostnames. The exact logs lines: warning: hostname host.domain.tld does not resolve to address bb.aa.22.43: Name or service not known connect from unknown[bb.aa.22.43] Untrusted TLS connection established from unknown[bb.aa.22.43]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) Policy action=PREPEND Received-SPF: pass ... (censored) identity (mechanism 'a:host3.domain.tld matched)) And this is really ok? host3.domain.tld matched. I hardly have problems with rejecting legit servers. I looks to me and incorrect implementation, what do you guys think. @Jim, >Your starting assumption is wrong or mistaken. If the postfix logs are saying >"unknown[1.2.3.4]” it means reverse lookups of that IP address are not >returning a hostname. And this is not because it resolve back to the other IP. I tested the PTRs and thesare are ok. And gmail yahoo hotmail etc etc, never any problems with them. Even with having these in my setup. smtpd_helo_restrictions = permit_mynetworks, check_helo_access pcre:/etc/postfix/pcre/helo.pcre check_helo_access hash:/etc/postfix/overrule/allow_helo_access.map reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname, Best regards, Louis > -----Oorspronkelijk bericht----- > Van: njo...@megan.vbhcs.org [mailto:owner-postfix-us...@postfix.org] > Namens Noel Jones > Verzonden: donderdag 15 december 2016 16:20 > Aan: postfix-users@postfix.org > Onderwerp: Re: DNS round robin on helo? > > On 12/15/2016 8:56 AM, L.P.H. van Belle wrote: > > Hello, > > > > > > > > I couldnt find this on the internet and is was thinking, the postfix > > list wil know this. > > > > Customer send email which are rejected by my server. I thinks that > > is correctly rejected. > > > > > > > > Now i digged into this and i found the following but i dont know if > > this is allowed by RFC. > > > > To me this should not be done but if someone can conform this, that > > would make me happy. > > > > > > > > Log part > > > > Dec 15 14:22:23 mailrelay postfix/smtpd[3361]: NOQUEUE: reject: RCPT > > from unknown[1.2.3.4]: 554 5.7.1 ,<host.domain.tld>: Helo command > > rejected: Host not found; from=<XXXX@DOMAIN2.TLD2> > > to=<mym...@myoffice.tld> proto=ESMTP helo=<host.domain.tld > > > > > > > > > The message was rejected because the HELO name had no A nor MX > record *at that time*. > > Hosts are allowed to have multiple A records, but the client may be > labeled as "unknown" because postfix won't walk through all possible > hostname/IP combinations looking for a match. > > Many legit hosts will fail reject_unknown_helo_hostname. Use with > caution. > > > > > -- Noel Jones
