On Sun, Mar 24, 2019 at 10:28:27PM +0000, Nick Howitt wrote:
> >> Received: from hz.cn (unknown [220.191.208.116])
> >> by howitts.co.uk (Postfix) with ESMTP id 6614E401361E
> >> for <usern...@howitts.co.uk>; Sun, 24 Mar 2019 10:09:30 +0000
> >> (GMT)
> >
> > The "unknown" means that either:
> >
> > 1. The IP did not resolve to a PTR (name) record
> > 2. The name did not resolve back to the same IP
> >
> > In case 2. the IP could have had a reverse name.
> >
> >> Mar 24 10:09:30 server postfix/smtpd[8102]: warning: hostname
> >> mail.hz.cn does not resolve to address 220.191.208.116
> >> Mar 24 10:09:30 server postfix/smtpd[8102]: connect from
> >> unknown[220.191.208.116]
> >
> > This is case 2.
We know it is case 2., because Postfix logged failure to map
"mail.hz.cn" back to the address. So it got the "220.191.208.116"
from somewhere, the only possible source being the PTR record, the
IP address had one at the time the message was received.
> Sorry but I am unfamiliar with the term "non-breaking space". Is pasting
> from PuTTy or Notepad++ causing an issue?
The text you posted had lots of Unicode non-breaking spaces (U+00A0),
rather than ASCII spaces (U+0020).
> As far as I can see 220.191.208.116 has no PTR so should fall under your
> case 1? Or have I misunderstood?
It may not now, but it did then.
> [root@server ~]# dig -x 220.191.208.116 @8.8.8.8
>
> ; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7_5.1 <<>> -x 220.191.208.116 @8.8.8.8
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 29403
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
[ Yet more non-breaking spaces in the pasted dig output. :-( ]
This is not an NXDOMAIN, rather a lookup failure, so the PTR may
be there, just not working presently:
http://dnsviz.net/d/116.208.191.220.in-addr.arpa/dnssec/
[220.191 is at this time a lame delegation]
--
Viktor.
