Hi Postfix users mailing list,
I have a Postfix server which is in Docker, using Debian Bullseye
(docker container and host) with postfix from Debian version 3.5.6-1+b1.
The server rejects emails with:
Mar 6 21:44:42 mail postfix/smtpd[129223]: NOQUEUE: reject: RCPT from
unknown[188.39.73.XXX]: 450 4.7.25 Client host rejected: cannot find your
hostname, [188.39.73.XXX]; from=<ring...@yyy.zzz> to=<user@domain> proto=ESMTP
helo=<mail01.mailer.YYY.ZZZ>
(all are correct spam with one exception).
This should be ok but if I do (in the same system):
nslookup 188.39.73.XXX
I get:
root@mail:~# nslookup 188.39.73.166
166.73.39.XXX.in-addr.arpa name = mailcluster.zen.co.uk.
Authoritative answers can be found from:
188.in-addr.arpa nameserver = ns3.afrinic.net.
188.in-addr.arpa nameserver = pri.authdns.ripe.net.
188.in-addr.arpa nameserver = ns4.apnic.net.
[and many more]
I thought that "cannot find your hostname" would be that the reverse DNS
(nslookup) wold not resolve anything. But it works for me. Not for
Postfix?
I would like to understand what is Postfix doing and how I can reproduce
it using nslookup / dig / host / etc.
I'd like to compare a "valid" (no "Client host rejected: cannot find your
hostname,") and a host rejected and see how they differ (using DNS
tools).
The output of postconf -Mf:
smtp is not in chroot so I guess that postfix is using the same
libraries, DNS servers, etc. as I am using testing it:
smtp inet n - n - - smtpd
pickup fifo n - y 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - y 300 1 qmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
flush unix n - y 1000? 0 flush
smtp unix - - n - - smtp
showq unix n - y - - showq
error unix - - y - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
cyrus unix - n n - - pipe flags=R
user=cyrus argv=/usr/sbin/cyrdeliver -e -m ${extension} ${user}
uucp unix - n n - - pipe flags=Fqhu
user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe flags=F user=ftn
argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe flags=Fq.
user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe flags=R
user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop}
${user} ${extension}
proxymap unix - - n - - proxymap
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
relay unix - - n - - smtp
tlsmgr unix - - y 1000? 1 tlsmgr
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
discard unix - - y - - discard
retry unix - - y - - error
submission inet n - n - - smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
-o cleanup_service_name=subcleanup
subcleanup unix n - n - 0 cleanup
-o header_checks=pcre:/etc/postfix/smtp_header_checks
Not sending the output of "postconf -n" because is probably not
relevant. Relevant bits probably are:
smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_unknown_sender_domain, reject_unknown_reverse_client_hostname,
reject_unknown_client_hostname
Thank you very much,
--
Carles Pina i Estany
https://carles.pina.cat
