Re: helo command rejected

Fri, 02 Dec 2022 05:51:44 -0800 

David Dolan:
> On Fri, 2 Dec 2022 at 10:33, David Dolan <[email protected]> wrote:
> 
> >
> >
> > Subject:    Re: helo command rejected
> >> From:       Viktor Dukhovni <postfix-users () dukhovni ! org>
> >> Date:       2022-12-01 16:56:13
> >> Message-ID: Y4jcrRxsEJPsWZVZ () straasha ! imrryr ! org
> >> [Download RAW message or body]
> >>
> >> On Thu, Dec 01, 2022 at 04:06:30PM +0000, David Dolan wrote:
> >>
> >> > This is the full line:
> >> >
> >> >  NOQUEUE: reject: RCPT from unknown[103.246.251.109]:
> >> >  450 4.7.1 <wx-use2.prod.hydra.sophos.com>:
> >> >  Helo command rejected: Host not found;
> >> >  from=<#############> to=<#############>
> >> >  proto=ESMTP helo=<wx-use2.prod.hydra.sophos.com>
> >>
> >> Indeed the hostname "wx-use2.prod.hydra.sophos.com" exists and has
> >> multiple IP addresses, requiring support for either TCP or EDNS with a
> >> UDP buffer larger than 512 bytes   Perhaps your DNS resolver or the C
> >> library stub resolver are configured to limit DNS to 512 bytes of UDP
> >> and also don't retry over TCP?  In that case you'd get only a truncated
> >> response with no answers, and have no way to recover:
> >>
> >>     $ dig +nocmd +ignore +norecur +noedns -t a
> >> wx-use2.prod.hydra.sophos.com @ns-1793.awsdns-32.co.uk
> >>     ;; Got answer:
> >>     ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14328
> >>     ;; flags: qr aa tc; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> >>
> >>     ;; QUESTION SECTION:
> >>     ;wx-use2.prod.hydra.sophos.com. IN      A
> >>
> >>     ;; Query time: 9 msec
> >>     ;; SERVER: 205.251.199.1#53(ns-1793.awsdns-32.co.uk) (UDP)
> >>     ;; WHEN: Thu Dec 01 11:47:53 EST 2022
> >>     ;; MSG SIZE  rcvd: 47
> >>
> >> Are you on a MUSL libc system?  IIRC there's no support for TCP in
> >> MUSL's stub resolver.  See, for example:
> >>
> >>     https://news.ycombinator.com/item?id=28312935
> >>
> > We do use Alpine Linux so maybe truncation is the issue? I thought it may
> > have been initially but couldn't find anything confirming
> >
> This is from the mail relay which says it's truncated and trying tcp mode.
> It does return all 33 IP addresses
> dig wx-use2.prod.hydra.sophos.com
> ;; Warning: Message parser reports malformed message packet.
> ;; Truncated, retrying in TCP mode.
> 
> I guess it's using the musl resolver in Alpine so we need to migrate OS to
> get past this issue?

Yes. Don't use toy software in production.

        Wietse

Reply via email to