Rejected due to unknown hostname, DNS Problems?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

Rejected due to unknown hostname, DNS Problems?

Max Zimmermann
Hey there,

I'm sorry to ask a bunch of questions in one mail, but I think they're
quite related. Perhaps I'm just overlooking something, but I hope you
can help.

Yesterday I noticed the following false positive in my logfiles:

Jul  7 12:16:43 uhweb64206 postfix/smtpd[23637]: warning:
217.111.38.131: address not listed for hostname mail.attend.de
Jul  7 12:16:43 uhweb64206 postfix/smtpd[23637]: connect from
unknown[217.111.38.131]
Jul  7 12:16:43 uhweb64206 postfix/smtpd[23637]: NOQUEUE: reject: RCPT
from unknown[217.111.38.131]: 450 4.7.1 Client host rejected: cannot
find your hostname, [217.111.38.131];
from=<[hidden email]> to=<[hidden email]>
proto=ESMTP helo=<mail.comspot.de>
Jul  7 12:16:43 uhweb64206 postfix/smtpd[23637]: disconnect from
unknown[217.111.38.131]

At first I thought, okay, these guys have their DNS configured
incorrectly, because a "host 217.111.38.131" has a reverse PTR to
mail.comspot.de and mail.attend.de BUT mail.attend.de has an A Record to
a totally different IP. So I thought I'd whitelist them for now.

What confused me was the retry of the foreign MX about 15 minutes later:

Jul  7 12:45:30 uhweb64206 postfix/smtpd[8177]: connect from
mail.comspot.de[217.111.38.131]
Jul  7 12:45:31 uhweb64206 postfix/policy-spf[8187]: handler
sender_policy_framework: is decisive.
Jul  7 12:45:31 uhweb64206 postfix/policy-spf[8187]: : Policy
action=PREPEND Received-SPF: none (unitpro.de: No applicable sender
policy available) receiver=uhweb64206.united-hoster.com; identity=mfrom;
envelope-from="[hidden email]"; helo=mail.comspot.de;
client-ip=217.111.38.131
Jul  7 12:45:31 uhweb64206 postfix/smtpd[8177]: CE087151B0242:
client=mail.comspot.de[217.111.38.131]
Jul  7 12:45:31 uhweb64206 postfix/cleanup[8188]: CE087151B0242:
message-id=<001601c8e017$fd6937e0$f83ba7a0$@[hidden email]>

Why did it work this time? Is it possibly that because of the two PTR
entrys für the IP sometimes the correct hostname is picked randomly?


And what confuses me the most is: I tried to send an email connecting
from my mailserver to my mailserver via telnet. I wasn't rejected, but I
got this message:

Jul  8 23:12:42 uhweb64206 postfix/smtpd[22415]: warning: 78.111.64.206:
address not listed for hostname uhweb64206.united-hoster.com
Jul  8 23:12:42 uhweb64206 postfix/smtpd[22415]: connect from
unknown[78.111.64.206]
Jul  8 23:13:01 uhweb64206 postfix/policy-spf[22452]: handler
sender_policy_framework: is decisive.
Jul  8 23:13:01 uhweb64206 postfix/policy-spf[22452]: : Policy
action=PREPEND Received-SPF: none (mail.com: No applicable sender policy
available) receiver=uhweb64206.united-hoster.com; identity=mfrom;
envelope-from="[hidden email]"; helo=uhweb64206.united-hoster.com;
client-ip=78.111.64.206
Jul  8 23:13:01 uhweb64206 postfix/smtpd[22415]: 180B1151B02E6:
client=unknown[78.111.64.206]

So my question is now: Why is 78.111.64.206 not listed for my hostname?
I'm very sure it is, at least "host" and "dig" say so ;)
And the second is: Even if postfix "thinks" it's not listed, why did it
accept email from it? Shouldn't it be rejected then?


I hope you have an idea and appreciate any help.

Thanks a lot!

Max Zimmermann


Some additional info:

First conscerning my server and DNS: Everything works fine actually, I
can do host and dig lookups from my server, connect to other server both
http and ftp, so I think DNS resolving works quite fine.
And here's why I think that 78.111.64.206 should not be 'unknown':

uhweb64206:/etc/postfix# host uhweb64206.united-hoster.com
uhweb64206.united-hoster.com has address 78.111.64.206
uhweb64206:/etc/postfix# host 78.111.64.206
206.64.111.78.in-addr.arpa domain name pointer uhweb64206.united-hoster.com.

(Queries done from my server)

And finally the output of postconf -n: (note that I added all the
warn_if_rejects today for testing purposes)



alias_maps = $alias_database
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
message_size_limit = 10240000
mydestination = $myhostname $mydomain localhost localhost.$mydomain
mydomain = uhweb64206.united-hoster.com
myhostname = uhweb64206.united-hoster.com
mynetworks = 127.0.0.0/8
qmgr_fudge_factor = 50
qmgr_message_active_limit = 2000
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_client_restrictions = permit_sasl_authenticated              
permit_mynetworks                warn_if_reject
reject_unknown_reverse_client_hostname                              
reject_rbl_client zen.spamhaus.org                   reject_rbl_client
*.dnsbl.karmasphere.com                   reject_rbl_client
dnsbl.njabl.org                   reject_rbl_client cbl.anti-spam.org.cn
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_sasl_authenticated  
permit_mynetworks    permit_tls_clientcerts    warn_if_reject
reject_invalid_helo_hostname    warn_if_reject
reject_non_fqdn_helo_hostname    warn_if_reject
reject_unknown_helo_hostname    reject_unauth_pipelining
smtpd_recipient_restrictions = permit_sasl_authenticated              
permit_mynetworks                              
reject_unauth_destination                              
reject_unauth_pipelining                   warn_if_reject
reject_unknown_recipient_domain                   warn_if_reject
reject_non_fqdn_recipient                              
check_policy_service unix:private/policy
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = permit_sasl_authenticated              
permit_mynetworks                warn_if_reject
reject_unknown_sender_domain        warn_if_reject reject_non_fqdn_sender
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/certs/cacert/postfix.cert.pem
smtpd_tls_key_file = /etc/ssl/certs/cacert/postfix.key.pem
smtpd_tls_loglevel = 0
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_alias_maps.cf
virtual_gid_maps = static:2000
virtual_mailbox_base = /var/kunden/mail/
virtual_mailbox_domains =
mysql:/etc/postfix/mysql-virtual_mailbox_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf
virtual_uid_maps = static:2000




signature.asc (916 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Rejected due to unknown hostname, DNS Problems?

Wietse Venema
What kind of DNS server are you using? Perhaps the one that's built
into a DSL router? They may be adequate for web surfing.

Keep in mind that Postfix is only the messenger of the bad news.
If behavior appears to change over time, then that is because
Postfix receives changing information from the getnameinfo() and
getaddrinfo() SYSTEM LIBRARY routines, which get the information
from the nearest DNS server, which turn gets it from another DNS
server. To find out what is flip-flopping, you have to look beyond
the endpoint (i.e.  Postfix).

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Rejected due to unknown hostname, DNS Problems?

Max Zimmermann
Hello Wietse and thanks for your reply,

excuse my bad english in the previous mail, it's quite late where I am.

So, I tested as much as I could.

But one after the other.

My Server is a Vserver located in a Datacenter. As DNS-Servers I use two
Server owned by opendns.com, 208.67.222.222 and 208.67.220.220.

Since commands like host and dig workout fine, I experimented like you
said using getaddrinfo() and getnameinfo() as described in this thread:

http://lists.debian.org/debian-amd64/2007/11/msg00180.html

They both work like they're supposed to (according to the threa), I get
the same output as the people there do.

Then I tried to connect from another server (78.47.102.41), and I got no
warning, nothing. Postfix correctly identifies it.

Jul  9 00:25:27 uhweb64206 postfix/smtpd[30557]: connect from
static.51.133.47.78.clients.your-server.de[78.47.133.51]

Only when I connect from the server where postfix is running on to
itself, using a domain that links to the server, (I run telnet on
78.111.64.206 to klappspaten.info), it fails to identify my hsotname
over and over again, but still does NOT reject incoming mail.

Jul  9 00:20:41 uhweb64206 postfix/smtpd[28410]: disconnect from
unknown[78.111.64.206]


Do you have an explanation for that behaviour? Or am I mixing things up?

Thanks again. See you in a few hours.

Regards.

Max Zimmermann



Wietse Venema schrieb:

> What kind of DNS server are you using? Perhaps the one that's built
> into a DSL router? They may be adequate for web surfing.
>
> Keep in mind that Postfix is only the messenger of the bad news.
> If behavior appears to change over time, then that is because
> Postfix receives changing information from the getnameinfo() and
> getaddrinfo() SYSTEM LIBRARY routines, which get the information
> from the nearest DNS server, which turn gets it from another DNS
> server. To find out what is flip-flopping, you have to look beyond
> the endpoint (i.e.  Postfix).
>
> Wietse
>  


signature.asc (916 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Rejected due to unknown hostname, DNS Problems?

Wietse Venema
Max Zimmermann:

> Hello Wietse and thanks for your reply,
>
> excuse my bad english in the previous mail, it's quite late where I am.
>
> So, I tested as much as I could.
>
> But one after the other.
>
> My Server is a Vserver located in a Datacenter. As DNS-Servers I use two
> Server owned by opendns.com, 208.67.222.222 and 208.67.220.220.
>
> Since commands like host and dig workout fine, I experimented like you
> said using getaddrinfo() and getnameinfo() as described in this thread:
>
> http://lists.debian.org/debian-amd64/2007/11/msg00180.html
>
> They both work like they're supposed to (according to the threa), I get
> the same output as the people there do.
>
> Then I tried to connect from another server (78.47.102.41), and I got no
> warning, nothing. Postfix correctly identifies it.
>
> Jul  9 00:25:27 uhweb64206 postfix/smtpd[30557]: connect from
> static.51.133.47.78.clients.your-server.de[78.47.133.51]
>
> Only when I connect from the server where postfix is running on to
> itself, using a domain that links to the server, (I run telnet on
> 78.111.64.206 to klappspaten.info), it fails to identify my hsotname
> over and over again, but still does NOT reject incoming mail.
>
> Jul  9 00:20:41 uhweb64206 postfix/smtpd[28410]: disconnect from
> unknown[78.111.64.206]
>
>
> Do you have an explanation for that behaviour? Or am I mixing things up?

Sorry, I am not telepathic. What is the output from the getnameinfo
and getaddrinfo commands?

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Rejected due to unknown hostname, DNS Problems?

Wietse Venema
Wietse Venema:

> Max Zimmermann:
> > Hello Wietse and thanks for your reply,
> >
> > excuse my bad english in the previous mail, it's quite late where I am.
> >
> > So, I tested as much as I could.
> >
> > But one after the other.
> >
> > My Server is a Vserver located in a Datacenter. As DNS-Servers I use two
> > Server owned by opendns.com, 208.67.222.222 and 208.67.220.220.
> >
> > Since commands like host and dig workout fine, I experimented like you
> > said using getaddrinfo() and getnameinfo() as described in this thread:
> >
> > http://lists.debian.org/debian-amd64/2007/11/msg00180.html
> >
> > They both work like they're supposed to (according to the threa), I get
> > the same output as the people there do.
> >
> > Then I tried to connect from another server (78.47.102.41), and I got no
> > warning, nothing. Postfix correctly identifies it.
> >
> > Jul  9 00:25:27 uhweb64206 postfix/smtpd[30557]: connect from
> > static.51.133.47.78.clients.your-server.de[78.47.133.51]
> >
> > Only when I connect from the server where postfix is running on to
> > itself, using a domain that links to the server, (I run telnet on
> > 78.111.64.206 to klappspaten.info), it fails to identify my hsotname
> > over and over again, but still does NOT reject incoming mail.
> >
> > Jul  9 00:20:41 uhweb64206 postfix/smtpd[28410]: disconnect from
> > unknown[78.111.64.206]
> >
> >
> > Do you have an explanation for that behaviour? Or am I mixing things up?
>
> Sorry, I am not telepathic. What is the output from the getnameinfo
> and getaddrinfo commands?

And be sure to execute them as a NON-ROOT user.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Rejected due to unknown hostname, DNS Problems?

Max Zimmermann
Hallo Wietse,

I found the error now. I feel kind of stupid right now...

The reason for my own hostname not being looked up correctly was a
missspelled entry in my /etc/hosts. I corrected it, and it works fine now :)


So thank you for your help :)

One final thing, can you confirm me that the IP 217.111.38.131 is not
correctly configured? Meaning that it has reverse PTRs to 2 hostnames,
but only one of them has an A record with that IP.

I believe that is the reason for postfix rejecting mail from that
address one time, (because it cannot find the hostname) but accepting
mail from it 30 minutes later (finding mail.comspot.de as the hostname)?

again, thanks a lot :)

Cheers.

Max Zimmermann




Wietse Venema schrieb:

> Wietse Venema:
>  
>> Max Zimmermann:
>>    
>>> Hello Wietse and thanks for your reply,
>>>
>>> excuse my bad english in the previous mail, it's quite late where I am.
>>>
>>> So, I tested as much as I could.
>>>
>>> But one after the other.
>>>
>>> My Server is a Vserver located in a Datacenter. As DNS-Servers I use two
>>> Server owned by opendns.com, 208.67.222.222 and 208.67.220.220.
>>>
>>> Since commands like host and dig workout fine, I experimented like you
>>> said using getaddrinfo() and getnameinfo() as described in this thread:
>>>
>>> http://lists.debian.org/debian-amd64/2007/11/msg00180.html
>>>
>>> They both work like they're supposed to (according to the threa), I get
>>> the same output as the people there do.
>>>
>>> Then I tried to connect from another server (78.47.102.41), and I got no
>>> warning, nothing. Postfix correctly identifies it.
>>>
>>> Jul  9 00:25:27 uhweb64206 postfix/smtpd[30557]: connect from
>>> static.51.133.47.78.clients.your-server.de[78.47.133.51]
>>>
>>> Only when I connect from the server where postfix is running on to
>>> itself, using a domain that links to the server, (I run telnet on
>>> 78.111.64.206 to klappspaten.info), it fails to identify my hsotname
>>> over and over again, but still does NOT reject incoming mail.
>>>
>>> Jul  9 00:20:41 uhweb64206 postfix/smtpd[28410]: disconnect from
>>> unknown[78.111.64.206]
>>>
>>>
>>> Do you have an explanation for that behaviour? Or am I mixing things up?
>>>      
>> Sorry, I am not telepathic. What is the output from the getnameinfo
>> and getaddrinfo commands?
>>    
>
> And be sure to execute them as a NON-ROOT user.
>
> Wietse
>  


signature.asc (916 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Rejected due to unknown hostname, DNS Problems?

Wietse Venema
Max Zimmermann:
> One final thing, can you confirm me that the IP 217.111.38.131 is not
> correctly configured? Meaning that it has reverse PTRs to 2 hostnames,
> but only one of them has an A record with that IP.
>
> I believe that is the reason for postfix rejecting mail from that
> address one time, (because it cannot find the hostname) but accepting
> mail from it 30 minutes later (finding mail.comspot.de as the hostname)?

Postfix tries the "first" hostname (which can differ for each lookup
attempt). If the name->address lookup does not match the client IP
address, Postfix declares a failure.

Having multiple PTR records per IP address serves no useful purpose.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Rejected due to unknown hostname, DNS Problems?

Max Zimmermann
Okay, I understand that.

Thank you again :)

Wietse Venema wrote:

> Max Zimmermann:
>  
>> One final thing, can you confirm me that the IP 217.111.38.131 is not
>> correctly configured? Meaning that it has reverse PTRs to 2 hostnames,
>> but only one of them has an A record with that IP.
>>
>> I believe that is the reason for postfix rejecting mail from that
>> address one time, (because it cannot find the hostname) but accepting
>> mail from it 30 minutes later (finding mail.comspot.de as the hostname)?
>>    
>
> Postfix tries the "first" hostname (which can differ for each lookup
> attempt). If the name->address lookup does not match the client IP
> address, Postfix declares a failure.
>
> Having multiple PTR records per IP address serves no useful purpose.
>
> Wietse
>