On Fri, 2 Dec 2022 at 10:33, David Dolan <daithido...@gmail.com> wrote:
> > > Subject: Re: helo command rejected >> From: Viktor Dukhovni <postfix-users () dukhovni ! org> >> Date: 2022-12-01 16:56:13 >> Message-ID: Y4jcrRxsEJPsWZVZ () straasha ! imrryr ! org >> [Download RAW message or body] >> >> On Thu, Dec 01, 2022 at 04:06:30PM +0000, David Dolan wrote: >> >> > This is the full line: >> > >> > NOQUEUE: reject: RCPT from unknown[103.246.251.109]: >> > 450 4.7.1 <wx-use2.prod.hydra.sophos.com>: >> > Helo command rejected: Host not found; >> > from=<#############> to=<#############> >> > proto=ESMTP helo=<wx-use2.prod.hydra.sophos.com> >> >> Indeed the hostname "wx-use2.prod.hydra.sophos.com" exists and has >> multiple IP addresses, requiring support for either TCP or EDNS with a >> UDP buffer larger than 512 bytes Perhaps your DNS resolver or the C >> library stub resolver are configured to limit DNS to 512 bytes of UDP >> and also don't retry over TCP? In that case you'd get only a truncated >> response with no answers, and have no way to recover: >> >> $ dig +nocmd +ignore +norecur +noedns -t a >> wx-use2.prod.hydra.sophos.com @ns-1793.awsdns-32.co.uk >> ;; Got answer: >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14328 >> ;; flags: qr aa tc; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 >> >> ;; QUESTION SECTION: >> ;wx-use2.prod.hydra.sophos.com. IN A >> >> ;; Query time: 9 msec >> ;; SERVER: 205.251.199.1#53(ns-1793.awsdns-32.co.uk) (UDP) >> ;; WHEN: Thu Dec 01 11:47:53 EST 2022 >> ;; MSG SIZE rcvd: 47 >> >> Are you on a MUSL libc system? IIRC there's no support for TCP in >> MUSL's stub resolver. See, for example: >> >> https://news.ycombinator.com/item?id=28312935 >> > We do use Alpine Linux so maybe truncation is the issue? I thought it may > have been initially but couldn't find anything confirming > This is from the mail relay which says it's truncated and trying tcp mode. It does return all 33 IP addresses dig wx-use2.prod.hydra.sophos.com ;; Warning: Message parser reports malformed message packet. ;; Truncated, retrying in TCP mode. I guess it's using the musl resolver in Alpine so we need to migrate OS to get past this issue? > >> I don't know whether it turns on edns0 by default, or whether that has >> to be done explicitly in /etc/resolv.conf. >> > This suggests that Alpine Linux doesn't support tcp or edns0 for dns > queries so we may be stuck > https://christoph.luppri.ch/fixing-dns-resolution-for-ruby-on-alpine-linux > >> >> If adding "options edns0" to /etc/resolv.conf does not solve the >> problem, another solution may be: >> >> https://dilbert.com/strip/1995-06-24 >> >>
