Helo command rejected: unknown host reg....

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

Helo command rejected: unknown host reg....

Anant Athavale
Dear List: Following is one line from the postfix logs. --------------------------------------------------------------------------------- May 2 10:05:44 dnserns.isac.gov.in: postfix/smtpd[1536248]: NOQUEUE: reject: RCPT from unknown[72.3.227.162]: 502 5.7.1 <128740-web1.www.extramarks.com>: Helo command rejected: Host not found; from= to= proto=SMTP helo=<128740-web1.www.extramarks.com> ------------------------------------------------------------------------------ As per the above example, as we have used the policy of reject_unknown_hostname and the mails where introducing host is not resolvable are getting rejected. Now, when the users complain that, some mails are not getting delivered to them, we go through logs and find the reason like one above and inform that this is due to this and tell the sender also to look into their configuration and resolve the issue. And most of the times, they solve the issue. But, when they solve, I want to know what their system is now introducing itself as. How can I make it part of log? Can it also become part of Mail headers? Regards, ANANT.

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
Reply | Threaded
Open this post in threaded view
|

Re: Helo command rejected: unknown host reg....

d.hill
On Fri, 2 May 2008 at 10:38 +0530, [hidden email] confabulated:

> Dear List:Following is one line from the postfix logs. --------------------------------------------------------------------------------- May  2 10:05:44 dnserns.isac.gov.in: postfix/smtpd[1536248]: NOQUEUE: reject: RCPT from unknown[72.3.227.162]: 502 5.7.1 : Helo command rejected: Host not found; from= to= proto=SMTP helo= ------------------------------------------------------------------------------As per the above example, as we have used the policy of reject_unknown_hostname and the mails where introducing host is not resolvable are getting rejected.Now, when the users complain that, some mails are not getting delivered to them, we go through logs and find the reason like one above and inform that this is due to this and tell the sender also to look into their configuration and resolve the issue.  And most of the times, they solve the issue.But, when they solve, I want to know what their system is now introducing itself as.  How can I make it part of log?  Can it also b
 ecome part of Mail headers?Regards, ANANT.

It is already known. You should see logs as such:

May  2 02:36:23 duane postfix/smtpd[8682]: NOQUEUE: reject: RCPT from
unknown[221.218.181.126]: 554 5.7.1 <[hidden email]>: Relay
access denied; from=<[hidden email]> to=<[hidden email]>
proto=SMTP helo=<7bd2dbj7vtd3j4k>
Reply | Threaded
Open this post in threaded view
|

Re: Helo command rejected: unknown host reg....

d.hill
In reply to this post by Anant Athavale
On Fri, 2 May 2008 at 10:38 +0530, [hidden email] confabulated:

> Dear List:Following is one line from the postfix logs. --------------------------------------------------------------------------------- May  2 10:05:44 dnserns.isac.gov.in: postfix/smtpd[1536248]: NOQUEUE: reject: RCPT from unknown[72.3.227.162]: 502 5.7.1 : Helo command rejected: Host not found; from= to= proto=SMTP helo= ------------------------------------------------------------------------------As per the above example, as we have used the policy of reject_unknown_hostname and the mails where introducing host is not resolvable are getting rejected.Now, when the users complain that, some mails are not getting delivered to them, we go through logs and find the reason like one above and inform that this is due to this and tell the sender also to look into their configuration and resolve the issue.  And most of the times, they solve the issue.But, when they solve, I want to know what their system is now introducing itself as.  How can I make it part of log?  Can it also b
 ecome part of Mail headers?Regards, ANANT.

Disreguard my previous response. I didn't quite know what the helo log
lines contained. You should be looking for lines that have the content:

   Helo command rejected
Reply | Threaded
Open this post in threaded view
|

Re: Helo command rejected: unknown host reg....

Anant Athavale
Dear D Hill,

I want to know, how to log the entry of introducing host in the logs  
when it is correct and resolvable.  (ie. mail does not get rejected,  
during that time).

Regards,
ANANT.



Quoting D Hill <[hidden email]>:

> On Fri, 2 May 2008 at 10:38 +0530, [hidden email] confabulated:
>
>> Dear List:Following is one line from the postfix logs.
---------------------------------------------------------------------------------
May  2 10:05:44 dnserns.isac.gov.in: postfix/smtpd[1536248]: NOQUEUE:
reject: RCPT from unknown[72.3.227.162]: 502 5.7.1 : Helo command
rejected: Host not found; from= to= proto=SMTP helo=
------------------------------------------------------------------------------As
per the above example, as we have used the policy of
reject_unknown_hostname and the mails where introducing host is not
resolvable are getting rejected.Now, when the users complain that,
some mails are not getting delivered to them, we go through logs and
find the reason like one above and inform that this is due to this
and tell the sender also to look into their configuration and resolve
the issue.  And most of the times, they solve the issue.But, when they
solve, I want to know what their system is now introducing itself as.
How can I make it part of log?  Can it also
>> b
> ecome part of Mail headers?Regards, ANANT.
>
> Disreguard my previous response. I didn't quite know what the helo  
> log lines contained. You should be looking for lines that have the  
> content:
>
>   Helo command rejected
>


----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
Reply | Threaded
Open this post in threaded view
|

Re: Helo command rejected: unknown host reg....

d.hill
On Fri, 2 May 2008 at 11:07 +0530, [hidden email] confabulated:

> Dear D Hill,
>
> I want to know, how to log the entry of introducing host in the logs when it
> is correct and resolvable.  (ie. mail does not get rejected, during that
> time).

It is late. Sorry I missed the part where you stated:

   > But, when they solve, I want to know what their system is now
   > introducing itself as.

I am unsure. Your question intrigues me. I'll either figure it out and
provide an answer, or I will use the input from whomever responds with the
answer for future reference.
Reply | Threaded
Open this post in threaded view
|

Re: Helo command rejected: unknown host reg....

MrC-7
In reply to this post by Anant Athavale
Anant S Athavale wrote:

> Dear D Hill,
>
> I want to know, how to log the entry of introducing host in the logs
> when it is correct and resolvable.  (ie. mail does not get rejected,
> during that time).
>
> Regards,
> ANANT.
>
>

I'm not clear if you want to do this for a specific host, set of hosts,
or all.  Regardless, you could create a WARN action in a helo access check:

main.cf:
    smtpd_recipient_restrictions =
        ...
        permit_mynetworks
        reject_unauth_destination
        check_helo_access pcre:/etc/postfix/helo_checks.pcre
        ...

/etc/postfix/helo_checks.pcre:
...
/./                      WARN sample helo WARN log entry

This will generate WARN log entries such as :

May  1 22:57:36 glacier postfix/smtpd[18974]: NOQUEUE: warn: RCPT from
example.com[10.0.0.1]: sample helo warn log entry; from=<[hidden email]>
to=<[hidden email]> proto=ESMTP helo=<example.net>

Perhaps not a good long term solution, but gives you the data you seek.

MrC


>
> Quoting D Hill :
>
>> On Fri, 2 May 2008 at 10:38 +0530, anant at isac.gov.in confabulated:
>>
>>> Dear List:Following is one line from the postfix logs.
> ---------------------------------------------------------------------------------
>
> May  2 10:05:44 dnserns.isac.gov.in: postfix/smtpd[1536248]: NOQUEUE:
> reject: RCPT from unknown[72.3.227.162]: 502 5.7.1 : Helo command
> rejected: Host not found; from= to= proto=SMTP helo=
> ------------------------------------------------------------------------------As
>
> per the above example, as we have used the policy of
> reject_unknown_hostname and the mails where introducing host is not
> resolvable are getting rejected.Now, when the users complain that,
> some mails are not getting delivered to them, we go through logs and
> find the reason like one above and inform that this is due to this
> and tell the sender also to look into their configuration and resolve
> the issue.  And most of the times, they solve the issue.But, when they
> solve, I want to know what their system is now introducing itself as.
> How can I make it part of log?  Can it also
>>> b
>> ecome part of Mail headers?Regards, ANANT.
>>
>> Disreguard my previous response. I didn't quite know what the helo log
>> lines contained. You should be looking for lines that have the content:
>>
>>   Helo command rejected
Reply | Threaded
Open this post in threaded view
|

Re: Helo command rejected: unknown host reg....

Anant Athavale
Dear ALL:

To make the things clear, please note the following:

Whenever REJECT happens, it logs the helo hostname in the logs.  But,  
when the sender is informed of this and he corrects the problem, we  
start receiving the mails.  But, I want to log the new helo hostname  
which he would have set to solve the problem.  How do I achieve it.  
This is not be a permanent requirement.

Regards,
ANANT.


Quoting MrC <[hidden email]>:

> Anant S Athavale wrote:
>> Dear D Hill,
>>
>> I want to know, how to log the entry of introducing host in the
logs
>> when it is correct and resolvable.  (ie. mail does not get
rejected,
>> during that time).
>>
>> Regards,
>> ANANT.
>>
>>
>
> I'm not clear if you want to do this for a specific host, set of  
> hosts, or all.  Regardless, you could create a WARN action in a
helo

> access check:
>
> main.cf:
>    smtpd_recipient_restrictions =
>        ...
>        permit_mynetworks
>        reject_unauth_destination
>        check_helo_access pcre:/etc/postfix/helo_checks.pcre
>        ...
>
> /etc/postfix/helo_checks.pcre:
> ...
> /./                      WARN sample helo WARN log entry
>
> This will generate WARN log entries such as :
>
> May  1 22:57:36 glacier postfix/smtpd[18974]: NOQUEUE: warn: RCPT  
> from example.com[10.0.0.1]: sample helo warn log entry;  
> from=<[hidden email]> to=<[hidden email]> proto=ESMTP  
> helo=<example.net>
>
> Perhaps not a good long term solution, but gives you the data you
seek.
>
> MrC
>
>
>>
>> Quoting D Hill :
>>
>>> On Fri, 2 May 2008 at 10:38 +0530, anant at isac.gov.in
confabulated:
>>>
>>>> Dear List:Following is one line from the postfix logs.
>>
---------------------------------------------------------------------------------
May  2 10:05:44 dnserns.isac.gov.in: postfix/smtpd[1536248]:
>> NOQUEUE:
>> reject: RCPT from unknown[72.3.227.162]: 502 5.7.1 : Helo command
>> rejected: Host not found; from= to= proto=SMTP helo=
>>
------------------------------------------------------------------------------As
per the above example, as we have used the policy
>> of
>> reject_unknown_hostname and the mails where introducing host is
not
>> resolvable are getting rejected.Now, when the users complain that,
>> some mails are not getting delivered to them, we go through logs
and
>> find the reason like one above and inform that this is due to this
>> and tell the sender also to look into their configuration and
resolve
>> the issue.  And most of the times, they solve the issue.But, when
they
>> solve, I want to know what their system is now introducing itself
as.
>> How can I make it part of log?  Can it also
>>>> b
>>> ecome part of Mail headers?Regards, ANANT.
>>>
>>> Disreguard my previous response. I didn't quite know what the
helo
>>> log lines contained. You should be looking for lines that have
the
>>> content:
>>>
>>>  Helo command rejected
>


----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
Reply | Threaded
Open this post in threaded view
|

Re: Helo command rejected: unknown host reg....

d.hill
In reply to this post by MrC-7
On Thu, 1 May 2008 at 23:10 -0700, [hidden email] confabulated:

> Anant S Athavale wrote:
>> Dear D Hill,
>>
>> I want to know, how to log the entry of introducing host in the logs when
>> it is correct and resolvable.  (ie. mail does not get rejected, during that
>> time).
>
> I'm not clear if you want to do this for a specific host, set of hosts, or
> all.  Regardless, you could create a WARN action in a helo access check:
>
> main.cf:
>   smtpd_recipient_restrictions =
>       ...
>       permit_mynetworks
>       reject_unauth_destination
>       check_helo_access pcre:/etc/postfix/helo_checks.pcre
>       ...
>
> /etc/postfix/helo_checks.pcre:
> ...
> /./                      WARN sample helo WARN log entry
>
> This will generate WARN log entries such as :
>
> May  1 22:57:36 glacier postfix/smtpd[18974]: NOQUEUE: warn: RCPT from
> example.com[10.0.0.1]: sample helo warn log entry; from=<[hidden email]>
> to=<[hidden email]> proto=ESMTP helo=<example.net>
>
> Perhaps not a good long term solution, but gives you the data you seek.

You are correct. I didn't thing of creating a warn after the helo checks
so the entry would be logged.

>> Quoting D Hill :
>>
>>> On Fri, 2 May 2008 at 10:38 +0530, anant at isac.gov.in confabulated:
>>>
>>>> Dear List:Following is one line from the postfix logs.
>>
>> ---------------------------------------------------------------------------------
>> May  2 10:05:44 dnserns.isac.gov.in: postfix/smtpd[1536248]: NOQUEUE:
>> reject: RCPT from unknown[72.3.227.162]: 502 5.7.1 : Helo command
>> rejected: Host not found; from= to= proto=SMTP helo=
>>
>> ------------------------------------------------------------------------------As
>> per the above example, as we have used the policy of
>> reject_unknown_hostname and the mails where introducing host is not
>> resolvable are getting rejected.Now, when the users complain that,
>> some mails are not getting delivered to them, we go through logs and
>> find the reason like one above and inform that this is due to this
>> and tell the sender also to look into their configuration and resolve
>> the issue.  And most of the times, they solve the issue.But, when they
>> solve, I want to know what their system is now introducing itself as.
>> How can I make it part of log?  Can it also
>>>> b
>>> ecome part of Mail headers?Regards, ANANT.
>>>
>>> Disreguard my previous response. I didn't quite know what the helo log
>>> lines contained. You should be looking for lines that have the content:
>>>
>>>   Helo command rejected
>
Reply | Threaded
Open this post in threaded view
|

Re: Helo command rejected: unknown host reg....

/dev/rob0
In reply to this post by Anant Athavale
The top-posting made this thread hard to follow. Please don't do that.

On Fri May 2 2008 01:33:42 Anant S Athavale wrote:
> Whenever REJECT happens, it logs the helo hostname in the logs.  But,
> when the sender is informed of this and he corrects the problem, we
> start receiving the mails.  But, I want to log the new helo hostname
> which he would have set to solve the problem.  How do I achieve it.
> This is not be a permanent requirement.

1. You reject using reject_unknown_helo_hostname
2. A miracle happens, and the rejected postmaster fixes the HELO
3. Same client reconnects and message is delivered.

You want #3 to be noted in your logs. This is not possible natively in
Postfix. You would have to write a policy service which would maintain
a database of unresolvable HELO hostnames, and check new connections
against that database.

Regarding #2 above, it doesn't seem likely to happen in my part of the
Internet. In fact I don't consider reject_unknown_helo_hostname safe.
If you have a lot of leverage over your correspondents, maybe.
--
    Offlist mail to this address is discarded unless
    "/dev/rob0" or "not-spam" is in Subject: header
Reply | Threaded
Open this post in threaded view
|

Re: Helo command rejected: unknown host reg....

mouss-2
In reply to this post by Anant Athavale
Anant S Athavale wrote:
> Dear List:Following is one line from the postfix logs. --------------------------------------------------------------------------------- May  2 10:05:44 dnserns.isac.gov.in: postfix/smtpd[1536248]: NOQUEUE: reject: RCPT from unknown[72.3.227.162]: 502 5.7.1 : Helo command rejected: Host not found; from= to= proto=SMTP helo= ------------------------------------------------------------------------------As per the above example, as we have used the policy of reject_unknown_hostname and the mails where introducing host is not resolvable are getting rejected.Now, when the users complain that, some mails are not getting delivered to them, we go through logs and find the reason like one above and inform that this is due to this and tell the sender also to look into their configuration and resolve the issue.  And most of the times, they solve the issue.But, when they solve, I want to know what their system is now introducing itself as.  How can I make it part of log?  Can it also become part of Mail headers?


helo is in the Received headers just after "from".  for example, your
message to this list has

Received: from dnserns.isac.gov.in (dnserns8.isac.gov.in [218.248.39.236])

which means that your server helo'ed as "dnserns.isac.gov.in".

you need to find the Received header added by your server (which will have a "by foo.isac.gov.in...")


Google for how to parse Received headers.


Alternatively, use WARN as suggested by MrC. you can do this for a few IPs only using restriction classes.