On 29 Oct 2017, at 3:28 (-0400), MRob wrote:
Lately it looks like some zombie bot farm is connecting to submission
(and looks to do nothing except connect), causing many of these in the
logs:
Oct 28 06:15:35 mail postfix/smtpd[12941]: warning: hostname x.y.z
does not resolve to address 11.22.33.44: Name or service not known
For submission service where clients often connect from dynamic IP
address ranges, maybe seeing these is not important - just noise, so I
am curious about why postfix is logging this. Does this mean client is
somehow attempting to send before (without) doing any AUTH?
No. It means that the PTR record in DNS for that IP address resolves to
a name that does not have an A (or CNAME+A) record resolving it back to
the same IP. Not really a major issue.
I tested by hand and MAIL FROM result is "530 5.7.0 Must issue a
STARTTLS command first". I found that I neglected to override
smtpd_sender_restrictions in the submission service, but it shouldn't
matter if the client cant AUTH, right?
Right.
Or is it default postfix behavior and I can ignore these logs?
Yes. Note that this is a warning only. It's an indication that parties
in control of the reverse DNS for the IP address and the forward DNS for
the name it resolves to are not cooperating with each other in a useful
way at the moment. Maybe bad luck (something out of their control is
making YOU see the name->IP resolution fail,) maybe carelessness or
incompetence, maybe a lame attempt by a spammer to misdirect blame. It
is slightly more likely that mail offered on such a connection is in
some way illegitimate, but not to a useful degree. For example: nearly
all of the connections I've see with such warnings this week either were
to impatient to get past postscreen's 6-second delay OR were blacklisted
widely enough to die in postscreen OR ultimately delivered perfectly
legitimate & wanted email.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steady Work: https://linkedin.com/in/billcole
