----- Message from Phil Biggs <[email protected]> ---------
Date: Mon, 22 Mar 2021 13:35:12 +1100
From: Phil Biggs <[email protected]>
Subject: Double-bounce to ISP's server
To: [email protected]
Hello all,
I'm running the postfix-sasl-3.5.8,1 pkg on FreeBSD 12.2-RELEASE-p4 GENERIC
Yesterday I plugged my public IP into the mxtoolbox diags page and my logs
recorded this:
Mar 21 14:50:35 postfix/postscreen[3804]: CONNECT from
[18.205.72.90]:43471 to [192.168.11.2]:25
Mar 21 14:50:41 postfix/postscreen[3804]: PASS NEW [18.205.72.90]:43471
Mar 21 14:50:43 postfix/smtpd[3806]: connect from
keeper-us-east-1c.mxtoolbox.com[18.205.72.90]
Mar 21 14:50:45 postfix/cleanup[3810]: 05625DF30B:
message-id=<[email protected]>
Mar 21 14:50:45 postfix/qmgr[735]: 05625DF30B:
from=<[email protected]>, size=233, nrcpt=1 (queue active)
Mar 21 14:50:45 postfix/smtp[3811]: Trusted TLS connection
established to mail.aussiebroadband.com.au[121.200.0.25]:25: TLSv1.3
with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange
X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
Mar 21 14:50:46 postfix/smtp[3811]: 05625DF30B:
to=<[email protected]>,
relay=mail.aussiebroadband.com.au[121.200.0.25]:25, delay=1.1,
delays=0.01/0.02/0.99/0.03, dsn=2.1.5, status=deliverable (250 2.1.5
Ok)
Mar 21 14:50:46 postfix/qmgr[735]: 05625DF30B: removed
Mar 21 14:50:48 postfix/smtpd[3806]: NOQUEUE: reject: RCPT from
keeper-us-east-1c.mxtoolbox.com[18.205.72.90]: 554 5.7.1
<[email protected]>: Relay access denied;
from=<[email protected]>
to=<[email protected]> proto=ESMTP
helo=<keeper-us-east-1c.mxtoolbox.com>
Mar 21 14:50:48 postfix/smtpd[3806]: disconnect from
keeper-us-east-1c.mxtoolbox.com[18.205.72.90] ehlo=1 mail=1 rcpt=0/1
quit=1 commands=3/4
The relay was rejected but I've never seen an attempted relay
generate a probe
to my ISP's mail server before.
Just curious as to how/why this probe would happen.
Something wrong in my configuration?
Many thanks,
Phil
Your IP address resolves back to aussiebb:
[root@emp87 ~]# dig pjb.cc mx
; <<>> DiG 9.11.20-RedHat-9.11.20-5.el8_3.1 <<>> pjb.cc mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20478
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 6
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: d0513ee68cc2ce4ef2bc0f8760580554a7ad92184239a6ba (good)
;; QUESTION SECTION:
;pjb.cc. IN MX
;; ANSWER SECTION:
pjb.cc. 1091 IN MX 10 mail.pjb.cc.
[root@emp87 ~]# nslookup mail.pjb.cc
Server: 192.168.1.145
Address: 192.168.1.145#53
Non-authoritative answer:
Name: mail.pjb.cc
Address: 180.150.6.110
[root@emp87 ~]# nslookup 180.150.6.110
110.6.150.180.IN-ADDR.ARPA name =
180-150-6-110.b49606.syd.nbn.aussiebb.net
You need Aussie BB to setup your reverse DNS. I am with Aussie BB too:
[root@emp87 ~]# dig simonandkate.net mx
; <<>> DiG 9.11.20-RedHat-9.11.20-5.el8_3.1 <<>> simonandkate.net mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42204
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 3, ADDITIONAL: 4
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: bc9bdebc279b88fc955229e6605805a086b8818a7f8a1be0 (good)
;; QUESTION SECTION:
;simonandkate.net. IN MX
;; ANSWER SECTION:
simonandkate.net. 5333 IN MX 10 mail.simonandkate.net.
[root@emp87 ~]# nslookup mail.simonandkate.net 1.1.1.1
Server: 1.1.1.1
Address: 1.1.1.1#53
Non-authoritative answer:
Name: mail.simonandkate.net
Address: 119.18.34.29
[root@emp87 ~]# nslookup 119.18.34.29
29.34.18.119.IN-ADDR.ARPA name = mail.simonandkate.net.
Simon
--
Simon Wilson
M: 0400 12 11 16
