intermittent "cannot find your reverse hostname" for outbound.protection.outlook.com senders. Best workaround?

PGNet Dev Tue, 21 May 2019 09:40:07 -0700

I run postfix 3.4.5.

I typically reject on unknown reverse hostname; it's a policy I'm comfortable 
with.


For a number of correspondents that use outlook.com for outbound, I 
occasionally see failures crop up for the same sender, then just 
'automagically' resolve.

E.g., for a single sender, here "them @theirdomain.com", in my logs

        postfix.log:Apr 24 13:18:19 mx postfix/postscreen-internal/smtpd[6816]: 
NOQUEUE: client=mail-eopbgr770049.outbound.protection.outlook.com[40.107.77.49]
        postfix.log:Apr 26 11:15:00 mx 
postfix/postscreen-internal/smtpd[18428]: NOQUEUE: 
client=mail-eopbgr790080.outbound.protection.outlook.com[40.107.79.80]
        postfix.log:May  4 22:45:01 mx postfix/postscreen-internal/smtpd[6790]: 
NOQUEUE: client=mail-eopbgr790083.outbound.protection.outlook.com[40.107.79.83]
        postfix.log:May  6 08:22:44 mx 
postfix/postscreen-internal/smtpd[45305]: NOQUEUE: 
client=mail-eopbgr680058.outbound.protection.outlook.com[40.107.68.58]
        postfix.log:May  9 10:19:32 mx 
postfix/postscreen-internal/smtpd[51399]: NOQUEUE: 
client=mail-eopbgr810078.outbound.protection.outlook.com[40.107.81.78]
        postfix.log:May 16 11:36:11 mx 
postfix/postscreen-internal/smtpd[19036]: NOQUEUE: 
client=mail-eopbgr790048.outbound.protection.outlook.com[40.107.79.48]
??      postfix.log:May 17 9:41:37 mx postfix/postscreen-internal/smtpd[58594]: 
NOQUEUE: reject: RCPT from unknown[40.107.72.40]: 550 5.7.1 Client host 
rejected: cannot find your reverse hostname, [40.107.72.40]; 
from=<t...@theirdomain.com> to=<m...@mydomain.com> proto=ESMTP 
helo=<NAM05-CO1-obe.outbound.protection.outlook.com>
??      postfix.log:May 17 10:22:22 mx 
postfix/postscreen-internal/smtpd[58594]: NOQUEUE: reject: RCPT from 
unknown[40.107.81.79]: 550 5.7.1 Client host rejected: cannot find your reverse 
hostname, [40.107.81.79]; from=<t...@theirdomain.com> to=<m...@mydomain.com> 
proto=ESMTP helo=<NAM01-BY2-obe.outbound.protection.outlook.com>
??      postfix.log:May 17 13:19:52 mx 
postfix/postscreen-internal/smtpd[58644]: NOQUEUE: reject: RCPT from 
unknown[40.107.82.59]: 550 5.7.1 Client host rejected: cannot find your reverse 
hostname, [40.107.82.59]; from=<t...@theirdomain.com> to=<m...@mydomain.com> 
proto=ESMTP helo=<NAM01-SN1-obe.outbound.protection.outlook.com>
        postfix.log:May 18 22:14:14 mx 
postfix/postscreen-internal/smtpd[42996]: NOQUEUE: 
client=mail-eopbgr770125.outbound.protection.outlook.com[40.107.77.125]
        postfix.log:May 19 08:09:01 mx 
postfix/postscreen-internal/smtpd[18025]: NOQUEUE: 
client=mail-eopbgr80095.outbound.protection.outlook.com[40.107.8.95]

Checking around those fail times, there's no other legit/expected messages 
rejected for reverse hostname; as such, I'm assuming that there's no blip in my 
_own_ DNS resolver.

It seems to my this is possibly Microsoft/Outlook-specific ...

What's a reasonable way to make this more resilient -- without completely 
disabling reverse hostname checks?
A DNS re-check before reject?
A whitelist for outlook.com?

intermittent "cannot find your reverse hostname" for outbound.protection.outlook.com senders. Best workaround?

Reply via email to