On Sat, Aug 21, 2021 at 10:34:36AM +0200, ludic...@gmail.com wrote:
> Hi,
>
> I am having trouble receiving mail from this specific host:
>
> Aug 21 10:22:59 stretch postfix/smtpd[8394]: warning: hostname
> mail.radio-z.net does not resolve to address 136.243.54.124
> Aug 21 10:22:59 stretch postfix/smtpd[8394]: connect from
> unknown[136.243.54.124]
> Aug 21 10:22:59 stretch postfix/smtpd[8394]: 18D3F6A40A2B:
> client=unknown[136.243.54.124]
>
> And the same error with the according IPv6 address of that host.
>
> It requires me to change my client_restrictions:
>
> reject_unknown_client_hostname -> reject_unknown_reverse_client_hostname
>
> The reverse DNS for that host is set (IPv4 and IPv6) and seems to work.
>
> When I
>
> dig mail.radio-z.net
> ;; ANSWER SECTION:
> mail.radio-z.net. 53273 IN A 136.243.54.124
>
> I see no DNS troubles.
>
> What could be the problem with that system?
>
> Greets,
> Ludi
Hi Ludi,
Could it be a transient DNS/network problem? If it only
happens for that hostname, and it happens all the time,
that's probably not it.
The "unknown[IPADDR]" makes it look like the
PTR/reverse lookups also failed, or weren't performed.
I see that a lot but never worried about it. I assume
it's so as to not waste time with DNS lookups if it's
just for logging purposes.
I vaguely remember hearing once that "unknown" showing
up in log messages can be caused by something wrong in
the chrooted environment (but maybe it was something
else). Is your /var/spool/postfix/etc/resolv.conf the
same as your /etc/resolv.conf? It should be, and
probably is. But it's something to check.
If it keeps happening, and you run a local DNS resolver
like Bind9 or Unbound, you could check its logfiles,
and maybe turn on extra logging there if necessary.
But the fact that using reverse lookups instead fixes
the problemr should mean that DNS is OK. Wierd.
If you just want to fix the problem without necessarily
understanding it, another alternative to replacing
reject_unknown_client_hostname with
reject_unknown_reverse_client_hostname is to just allow
that host explicitly with:
/etc/postfix/main.cf:
smtpd_client_restrictions =
...
check_client_access hash:/etc/postfix/client_access
reject_unknown_client_hostname
...
/etc/postfix/client_access:
mail.radio-z.net OK
And run "postmap hash:/etc/postfix/client_access"
whenever you make changes to the client_access file.
The above assumes that you are using
reject_unknown_client_hostname in the
smtpd_client_restrictions setting.
If it's in some other smtpd_*_restrictions
setting, modify that setting instead.
cheers,
raf
