Re: Double-bounce to ISP's server

Sun, 21 Mar 2021 20:11:37 -0700 

----- Message from Simon Wilson <si...@simonandkate.net> ---------
    Date: Mon, 22 Mar 2021 12:49:53 +1000
    From: Simon Wilson <si...@simonandkate.net>
Reply-To: si...@simonandkate.net
 Subject: Re: Double-bounce to ISP's server
      To: postfix-users@postfix.org



----- Message from Phil Biggs <mb170...@pjb.cc> ---------
   Date: Mon, 22 Mar 2021 13:35:12 +1100
   From: Phil Biggs <mb170...@pjb.cc>
Subject: Double-bounce to ISP's server
     To: postfix-users@postfix.org



Hello all,

I'm running the postfix-sasl-3.5.8,1 pkg on FreeBSD 12.2-RELEASE-p4 GENERIC

Yesterday I plugged my public IP into the mxtoolbox diags page and my logs
recorded this:
Mar 21 14:50:35 postfix/postscreen[3804]: CONNECT from [18.205.72.90]:43471 to [192.168.11.2]:25 
Mar 21 14:50:41 postfix/postscreen[3804]: PASS NEW [18.205.72.90]:43471
Mar 21 14:50:43 postfix/smtpd[3806]: connect from keeper-us-east-1c.mxtoolbox.com[18.205.72.90] Mar 21 14:50:45 postfix/cleanup[3810]: 05625DF30B: message-id=<20210321035045.05625df...@postfix.pjb.cc> Mar 21 14:50:45 postfix/qmgr[735]: 05625DF30B: from=<double-bou...@postfix.pjb.cc>, size=233, nrcpt=1 (queue active) Mar 21 14:50:45 postfix/smtp[3811]: Trusted TLS connection established to mail.aussiebroadband.com.au[121.200.0.25]:25: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256 Mar 21 14:50:46 postfix/smtp[3811]: 05625DF30B: to=<t...@mxtoolboxsmtpdiag.com>, relay=mail.aussiebroadband.com.au[121.200.0.25]:25, delay=1.1, delays=0.01/0.02/0.99/0.03, dsn=2.1.5, status=deliverable (250 2.1.5 Ok) 
Mar 21 14:50:46 postfix/qmgr[735]: 05625DF30B: removed
Mar 21 14:50:48 postfix/smtpd[3806]: NOQUEUE: reject: RCPT from keeper-us-east-1c.mxtoolbox.com[18.205.72.90]: 554 5.7.1 <t...@mxtoolboxsmtpdiag.com>: Relay access denied; from=<supert...@mxtoolboxsmtpdiag.com> to=<t...@mxtoolboxsmtpdiag.com> proto=ESMTP helo=<keeper-us-east-1c.mxtoolbox.com> Mar 21 14:50:48 postfix/smtpd[3806]: disconnect from keeper-us-east-1c.mxtoolbox.com[18.205.72.90] ehlo=1 mail=1 rcpt=0/1 quit=1 commands=3/4
The relay was rejected but I've never seen an attempted relay generate a probe 
to my ISP's mail server before.

Just curious as to how/why this probe would happen.
Something wrong in my configuration?

Many thanks,
Phil



Your IP address resolves back to aussiebb:

[root@emp87 ~]# dig pjb.cc mx

; <<>> DiG 9.11.20-RedHat-9.11.20-5.el8_3.1 <<>> pjb.cc mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20478
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 6

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: d0513ee68cc2ce4ef2bc0f8760580554a7ad92184239a6ba (good)
;; QUESTION SECTION:
;pjb.cc.                                IN      MX

;; ANSWER SECTION:
pjb.cc.                 1091    IN      MX      10 mail.pjb.cc.

[root@emp87 ~]# nslookup mail.pjb.cc
Server:         192.168.1.145
Address:        192.168.1.145#53

Non-authoritative answer:
Name:   mail.pjb.cc
Address: 180.150.6.110

[root@emp87 ~]# nslookup 180.150.6.110
110.6.150.180.IN-ADDR.ARPA name = 180-150-6-110.b49606.syd.nbn.aussiebb.net 


You need Aussie BB to setup your reverse DNS. I am with Aussie BB too:

[root@emp87 ~]# dig simonandkate.net mx

; <<>> DiG 9.11.20-RedHat-9.11.20-5.el8_3.1 <<>> simonandkate.net mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42204
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 3, ADDITIONAL: 4

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: bc9bdebc279b88fc955229e6605805a086b8818a7f8a1be0 (good)
;; QUESTION SECTION:
;simonandkate.net.              IN      MX

;; ANSWER SECTION:
simonandkate.net.       5333    IN      MX      10 mail.simonandkate.net.

[root@emp87 ~]# nslookup mail.simonandkate.net 1.1.1.1
Server:         1.1.1.1
Address:        1.1.1.1#53

Non-authoritative answer:
Name:   mail.simonandkate.net
Address: 119.18.34.29

[root@emp87 ~]# nslookup 119.18.34.29
29.34.18.119.IN-ADDR.ARPA       name = mail.simonandkate.net.


Simon


----- End message from Simon Wilson <si...@simonandkate.net> -----

Phil,
Your config has:

 relay_domains = pjb.cc
 relayhost = mail.aussiebroadband.com.au

From the postfix doco:
- $relay_domains: domains that match $relay_domains are delivered with the $relay_transport mail delivery transport. 
...and...
- $relay_transport: The default mail delivery transport and next-hop destination for remote delivery to domains listed with $relay_domains. In order of decreasing precedence, the nexthop destination is taken from $relay_transport, $sender_dependent_relayhost_maps, $relayhost, or from the recipient domain.
You are sending email for pjb.cc on to Aussie's mail host (which is accepting it). 

What are you aiming to do with email for pjb.cc?


--
Simon Wilson
M: 0400 12 11 16

Reply via email to