Reverse DNS Rejection Problem

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
30 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Reverse DNS Rejection Problem

Dennis Putnam
I have my Postfix configured to require proper DNS resolution in both  
directions. However, I have a situation that is giving me problems  
perhaps due to multiple PTR records for the IP address. I am getting  
the error:

450 Client host rejected: cannot find your hostname

When I 'dig' the hostname the IP address matches that of the server  
making contact with my Postfix. When I 'dig -x' that same IP address,  
among the many PTR records, the hostname used in the 'HELO' matches.  
The from doesn't match but that is not what it is comparing, right?

Can someone tell me what might get going on here? I am running version  
2.1.5 so perhaps that is part of the problem.

Thanks.

Dennis Putnam
Sr. IT Systems Administrator
AIM Systems, Inc.
11675 Rainwater Dr., Suite 200
Alpharetta, GA  30009
Phone: 678-240-4112
Main Phone: 678-297-0700
FAX: 678-297-2666 or 770-576-1000
The information contained in this e-mail and any attachments is  
strictly confidential. If you are not the intended recipient, any use,  
dissemination, distribution, or duplication of any part of this e-mail  
or any attachment is prohibited. If you are not the intended  
recipient, please notify the sender by return e-mail and delete all  
copies, including the attachments.



Reply | Threaded
Open this post in threaded view
|

Re: Reverse DNS Rejection Problem

Wietse Venema
Dennis Putnam:

> I have my Postfix configured to require proper DNS resolution in both  
> directions. However, I have a situation that is giving me problems  
> perhaps due to multiple PTR records for the IP address. I am getting  
> the error:
>
> 450 Client host rejected: cannot find your hostname
>
> When I 'dig' the hostname the IP address matches that of the server  
> making contact with my Postfix. When I 'dig -x' that same IP address,  
> among the many PTR records, the hostname used in the 'HELO' matches.  
> The from doesn't match but that is not what it is comparing, right?
>
> Can someone tell me what might get going on here? I am running version  
> 2.1.5 so perhaps that is part of the problem.

Postfix takes the first hostname that is returned by the getnameinfo()
system library function. If that first name does not resolve to
the client IP address, then Postfix will not try the the second
etc, name.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Reverse DNS Rejection Problem

Charles Marcus
In reply to this post by Dennis Putnam
On 10/27/2009, Dennis Putnam ([hidden email]) wrote:
> I have my Postfix configured to require proper DNS resolution in both
> directions. However, I have a situation that is giving me problems
> perhaps due to multiple PTR records for the IP address. I am getting the
> error:
>
> 450 Client host rejected: cannot find your hostname

Per the welcome message you received when you joined the list:

TO REPORT A PROBLEM see:
http://www.postfix.org/DEBUG_README.html#mail

At a minimum, postfix version and output of postconf -n should be
provided...

> Can someone tell me what might get going on here? I am running
> version 2.1.5 so perhaps that is part of the problem.

Its a problem, for sure, but maybe not the cause of *this* problem.

Upograding is most definitely in order, regardless...

> 11675 Rainwater Dr., Suite 200
> Alpharetta, GA  30009

Howdy neighbor... I'm in Alpharetta too (Old Milton & 400)... :)

--

Best regards,

Charles
Reply | Threaded
Open this post in threaded view
|

Re: Reverse DNS Rejection Problem

Dennis Putnam
In reply to this post by Wietse Venema
Thanks or the reply. That sucks. Is there a way around this, short of  
turning that off or whitelisting?

On Oct 27, 2009, at 11:34 AM, Wietse Venema wrote:

> Dennis Putnam:
>> I have my Postfix configured to require proper DNS resolution in both
>> directions. However, I have a situation that is giving me problems
>> perhaps due to multiple PTR records for the IP address. I am getting
>> the error:
>>
>> 450 Client host rejected: cannot find your hostname
>>
>> When I 'dig' the hostname the IP address matches that of the server
>> making contact with my Postfix. When I 'dig -x' that same IP address,
>> among the many PTR records, the hostname used in the 'HELO' matches.
>> The from doesn't match but that is not what it is comparing, right?
>>
>> Can someone tell me what might get going on here? I am running  
>> version
>> 2.1.5 so perhaps that is part of the problem.
>
> Postfix takes the first hostname that is returned by the getnameinfo()
> system library function. If that first name does not resolve to
> the client IP address, then Postfix will not try the the second
> etc, name.
>
> Wietse
>



Dennis Putnam
Sr. IT Systems Administrator
AIM Systems, Inc.
11675 Rainwater Dr., Suite 200
Alpharetta, GA  30009
Phone: 678-240-4112
Main Phone: 678-297-0700
FAX: 678-297-2666 or 770-576-1000
The information contained in this e-mail and any attachments is  
strictly confidential. If you are not the intended recipient, any use,  
dissemination, distribution, or duplication of any part of this e-mail  
or any attachment is prohibited. If you are not the intended  
recipient, please notify the sender by return e-mail and delete all  
copies, including the attachments.



Reply | Threaded
Open this post in threaded view
|

Re: Reverse DNS Rejection Problem

Victor Duchovni
On Tue, Oct 27, 2009 at 01:14:05PM -0400, Dennis Putnam wrote:

> Thanks or the reply. That sucks. Is there a way around this, short of
> turning that off or whitelisting?

Don't use "reject_unknown_client" uncondionally. Use it selectively
in a

        check_client_access cidr:/etc/postfix/client_access.cidr

rule that subjects "high-value" CIDR blocks (lots of junk with no
reverse mappings in a block, with some legit clients "mixed-in"
whose PTRs are valid), for example:

        192.0.2.0/24 reject_unknown_client

--
        Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[hidden email]?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
Reply | Threaded
Open this post in threaded view
|

Re: Reverse DNS Rejection Problem

Dennis Putnam
That is not much different than whitelisting, right? I still have to  
maintain a list of permitted networks, do I not?

On Oct 27, 2009, at 1:24 PM, Victor Duchovni wrote:

> On Tue, Oct 27, 2009 at 01:14:05PM -0400, Dennis Putnam wrote:
>
>> Thanks or the reply. That sucks. Is there a way around this, short of
>> turning that off or whitelisting?
>
> Don't use "reject_unknown_client" uncondionally. Use it selectively
> in a
>
> check_client_access cidr:/etc/postfix/client_access.cidr
>
> rule that subjects "high-value" CIDR blocks (lots of junk with no
> reverse mappings in a block, with some legit clients "mixed-in"
> whose PTRs are valid), for example:
>
> 192.0.2.0/24 reject_unknown_client
>
> --
> Viktor.
>
> Disclaimer: off-list followups get on-list replies or get ignored.
> Please do not ignore the "Reply-To" header.
>
> To unsubscribe from the postfix-users list, visit
> http://www.postfix.org/lists.html or click the link below:
> <mailto:[hidden email]?body=unsubscribe%20postfix-users>
>
> If my response solves your problem, the best way to thank me is to not
> send an "it worked, thanks" follow-up. If you must respond, please put
> "It worked, thanks" in the "Subject" so I can delete these quickly.
>



Dennis Putnam
Sr. IT Systems Administrator
AIM Systems, Inc.
11675 Rainwater Dr., Suite 200
Alpharetta, GA  30009
Phone: 678-240-4112
Main Phone: 678-297-0700
FAX: 678-297-2666 or 770-576-1000
The information contained in this e-mail and any attachments is  
strictly confidential. If you are not the intended recipient, any use,  
dissemination, distribution, or duplication of any part of this e-mail  
or any attachment is prohibited. If you are not the intended  
recipient, please notify the sender by return e-mail and delete all  
copies, including the attachments.



Reply | Threaded
Open this post in threaded view
|

Re: Reverse DNS Rejection Problem

Phillip Smith-8
In reply to this post by Dennis Putnam
2009/10/28 Dennis Putnam <[hidden email]>
Thanks or the reply. That sucks. Is there a way around this, short of turning that off or whitelisting?

Tell the admin of the remote domain to fix their PTR records and/or MX helo configuration because in the meantime, you're going to have to implement a dirty hack to make their server work.
Reply | Threaded
Open this post in threaded view
|

Re: Reverse DNS Rejection Problem

Dennis Putnam
In reply to this post by Victor Duchovni
It is beginning to appear this is my only alternative. However,  
maintaining a whilelist will require some special approvals by our  
security auditors. In any case, assuming I can get approval, is the  
syntax for this the same as the other hash files (ie. IP address  
followed by REJECT, OK, etc.)? Also, how do I set the default to be  
reject? My best hope for approval is to only need to add exceptions.  
Thanks.

On Oct 27, 2009, at 1:24 PM, Victor Duchovni wrote:

> On Tue, Oct 27, 2009 at 01:14:05PM -0400, Dennis Putnam wrote:
>
>> Thanks or the reply. That sucks. Is there a way around this, short of
>> turning that off or whitelisting?
>
> Don't use "reject_unknown_client" uncondionally. Use it selectively
> in a
>
> check_client_access cidr:/etc/postfix/client_access.cidr
>
> rule that subjects "high-value" CIDR blocks (lots of junk with no
> reverse mappings in a block, with some legit clients "mixed-in"
> whose PTRs are valid), for example:
>
> 192.0.2.0/24 reject_unknown_client
>
> --
> Viktor.
>
> Disclaimer: off-list followups get on-list replies or get ignored.
> Please do not ignore the "Reply-To" header.
>
> To unsubscribe from the postfix-users list, visit
> http://www.postfix.org/lists.html or click the link below:
> <mailto:[hidden email]?body=unsubscribe%20postfix-users>
>
> If my response solves your problem, the best way to thank me is to not
> send an "it worked, thanks" follow-up. If you must respond, please put
> "It worked, thanks" in the "Subject" so I can delete these quickly.
>



Dennis Putnam
Sr. IT Systems Administrator
AIM Systems, Inc.
11675 Rainwater Dr., Suite 200
Alpharetta, GA  30009
Phone: 678-240-4112
Main Phone: 678-297-0700
FAX: 678-297-2666 or 770-576-1000
The information contained in this e-mail and any attachments is  
strictly confidential. If you are not the intended recipient, any use,  
dissemination, distribution, or duplication of any part of this e-mail  
or any attachment is prohibited. If you are not the intended  
recipient, please notify the sender by return e-mail and delete all  
copies, including the attachments.



Reply | Threaded
Open this post in threaded view
|

Re: Reverse DNS Rejection Problem

Wietse Venema
Dennis Putnam:
> It is beginning to appear this is my only alternative. However,  
> maintaining a whilelist will require some special approvals by our  
> security auditors. In any case, assuming I can get approval, is the  
> syntax for this the same as the other hash files (ie. IP address  
> followed by REJECT, OK, etc.)? Also, how do I set the default to be  
> reject? My best hope for approval is to only need to add exceptions.  

I suggest using a CIDR table. These tables are read sequentially,
and the first matching pattern wins. The following makes exceptions
for two networks and applies reject_unknown_client for everyone else.

/etc/postfix/main.cf:
    smtpd_???_restrictions =
        ...
        check_client_access pcre:/etc/postfix/client_access.pcre
        ...

/etc/postfix/client_access.pcre:
    1.2.3.0/24      dunno
    5.6.7.0/24      dunno
    0.0.0.0/0       reject_unknown_client

The syntax of the left-hand side is in the cidr_table(5) manpage
(man 5 cidr_table).  The syntax of the right-hand side is in the
access(5) manpage (man 5 access).

The real problem is that the DNS gives out (some or all) bad PTR
records for this client IP address.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Reverse DNS Rejection Problem

Dennis Putnam
Thanks for the reply. It appears this is not supported with my version  
of Postfix (2.1.5). When I try this syntax:

smtpd_helo_restrictions =
         check_client_access pcre:/etc/postfix/heloaccept.pcre

I get this error:

fatal: unsupported dictionary type: pcre

On Oct 28, 2009, at 8:16 AM, Wietse Venema wrote:

> Dennis Putnam:
>> It is beginning to appear this is my only alternative. However,
>> maintaining a whilelist will require some special approvals by our
>> security auditors. In any case, assuming I can get approval, is the
>> syntax for this the same as the other hash files (ie. IP address
>> followed by REJECT, OK, etc.)? Also, how do I set the default to be
>> reject? My best hope for approval is to only need to add exceptions.
>
> I suggest using a CIDR table. These tables are read sequentially,
> and the first matching pattern wins. The following makes exceptions
> for two networks and applies reject_unknown_client for everyone else.
>
> /etc/postfix/main.cf:
>    smtpd_???_restrictions =
> ...
> check_client_access pcre:/etc/postfix/client_access.pcre
> ...
>
> /etc/postfix/client_access.pcre:
>    1.2.3.0/24      dunno
>    5.6.7.0/24      dunno
>    0.0.0.0/0       reject_unknown_client
>
> The syntax of the left-hand side is in the cidr_table(5) manpage
> (man 5 cidr_table).  The syntax of the right-hand side is in the
> access(5) manpage (man 5 access).
>
> The real problem is that the DNS gives out (some or all) bad PTR
> records for this client IP address.
>
> Wietse
>



Dennis Putnam
Sr. IT Systems Administrator
AIM Systems, Inc.
11675 Rainwater Dr., Suite 200
Alpharetta, GA  30009
Phone: 678-240-4112
Main Phone: 678-297-0700
FAX: 678-297-2666 or 770-576-1000
The information contained in this e-mail and any attachments is  
strictly confidential. If you are not the intended recipient, any use,  
dissemination, distribution, or duplication of any part of this e-mail  
or any attachment is prohibited. If you are not the intended  
recipient, please notify the sender by return e-mail and delete all  
copies, including the attachments.



Reply | Threaded
Open this post in threaded view
|

Re: Reverse DNS Rejection Problem

Mikael Bak
Dennis Putnam wrote:

> Thanks for the reply. It appears this is not supported with my version
> of Postfix (2.1.5). When I try this syntax:
>
> smtpd_helo_restrictions =
>         check_client_access pcre:/etc/postfix/heloaccept.pcre
>
> I get this error:
>
> fatal: unsupported dictionary type: pcre
>

On a Debian type system this is packaged separately:

# apt-cache search postfix
[snip]
postfix - High-performance mail transport agent
postfix-cdb - CDB map support for Postfix
postfix-dev - Loadable modules development environment for Postfix
postfix-doc - Documentation for Postfix
postfix-gld - greylisting daemon for postfix, written in C, uses MySQL
postfix-ldap - LDAP map support for Postfix
postfix-mysql - MySQL map support for Postfix
postfix-pcre - PCRE map support for Postfix
postfix-pgsql - PostgreSQL map support for Postfix
[snip]

I guess you should install the missing package on your system.

HTH,
Mikael
Reply | Threaded
Open this post in threaded view
|

Re: Reverse DNS Rejection Problem

Wietse Venema
In reply to this post by Dennis Putnam
Dennis Putnam:
> Thanks for the reply. It appears this is not supported with my version  
> of Postfix (2.1.5). When I try this syntax:
>
> smtpd_helo_restrictions =
>          check_client_access pcre:/etc/postfix/heloaccept.pcre

Sorry. "pcre" should be "cidr" everywhere in my reply. Some neurons
got crossed.

        Wietse

> I get this error:
>
> fatal: unsupported dictionary type: pcre
>
> On Oct 28, 2009, at 8:16 AM, Wietse Venema wrote:
>
> > Dennis Putnam:
> >> It is beginning to appear this is my only alternative. However,
> >> maintaining a whilelist will require some special approvals by our
> >> security auditors. In any case, assuming I can get approval, is the
> >> syntax for this the same as the other hash files (ie. IP address
> >> followed by REJECT, OK, etc.)? Also, how do I set the default to be
> >> reject? My best hope for approval is to only need to add exceptions.
> >
> > I suggest using a CIDR table. These tables are read sequentially,
> > and the first matching pattern wins. The following makes exceptions
> > for two networks and applies reject_unknown_client for everyone else.
> >
> > /etc/postfix/main.cf:
> >    smtpd_???_restrictions =
> > ...
> > check_client_access pcre:/etc/postfix/client_access.pcre
> > ...
> >
> > /etc/postfix/client_access.pcre:
> >    1.2.3.0/24      dunno
> >    5.6.7.0/24      dunno
> >    0.0.0.0/0       reject_unknown_client
> >
> > The syntax of the left-hand side is in the cidr_table(5) manpage
> > (man 5 cidr_table).  The syntax of the right-hand side is in the
> > access(5) manpage (man 5 access).
> >
> > The real problem is that the DNS gives out (some or all) bad PTR
> > records for this client IP address.
> >
> > Wietse
> >
>
>
>
> Dennis Putnam
> Sr. IT Systems Administrator
> AIM Systems, Inc.
> 11675 Rainwater Dr., Suite 200
> Alpharetta, GA  30009
> Phone: 678-240-4112
> Main Phone: 678-297-0700
> FAX: 678-297-2666 or 770-576-1000
> The information contained in this e-mail and any attachments is  
> strictly confidential. If you are not the intended recipient, any use,  
> dissemination, distribution, or duplication of any part of this e-mail  
> or any attachment is prohibited. If you are not the intended  
> recipient, please notify the sender by return e-mail and delete all  
> copies, including the attachments.
>
>
>
>
>

Reply | Threaded
Open this post in threaded view
|

Reverse DNS Rejection Problem

Stan Hoeppner
In reply to this post by Dennis Putnam
Dennis Putnam put forth on 10/28/2009 8:57 AM:
> Thanks for the reply. It appears this is not supported with my version
> of Postfix (2.1.5). When I try this syntax:

You do realize that 2.1.5 is dated around mid 2004, yes?  Over 5 years
old.  Any Postfix installation older than 2.3.x is no longer supported.
 (Apparently Wietse was kind in this instance and gave you a pass)  If
at all possible, you really should upgrade to at least the 2.3.x series.
 I'm surprised no one else mentioned this up to this point.

http://postfix.energybeam.com/source/index.html

--
Stan


Reply | Threaded
Open this post in threaded view
|

Re: Reverse DNS Rejection Problem

Dennis Putnam
Yes. However, that is the version Apple provides with OS X 10.4. OS X  
10.6, which has the latest version of Postfix, will not run on PPC  
servers so we are in the process of acquiring Intel servers (dictated  
by budget issues beyond my control). Unfortunately, I have to deal  
with this immediate problem until then.

It has been mentioned but as I said, that is out of my hands while  
this problem is not.

Thanks.

On Oct 28, 2009, at 11:27 AM, Stan Hoeppner wrote:

> Dennis Putnam put forth on 10/28/2009 8:57 AM:
>> Thanks for the reply. It appears this is not supported with my  
>> version
>> of Postfix (2.1.5). When I try this syntax:
>
> You do realize that 2.1.5 is dated around mid 2004, yes?  Over 5 years
> old.  Any Postfix installation older than 2.3.x is no longer  
> supported.
> (Apparently Wietse was kind in this instance and gave you a pass)  If
> at all possible, you really should upgrade to at least the 2.3.x  
> series.
> I'm surprised no one else mentioned this up to this point.
>
> http://postfix.energybeam.com/source/index.html
>
> --
> Stan
>
>
>



Dennis Putnam
Sr. IT Systems Administrator
AIM Systems, Inc.
11675 Rainwater Dr., Suite 200
Alpharetta, GA  30009
Phone: 678-240-4112
Main Phone: 678-297-0700
FAX: 678-297-2666 or 770-576-1000
The information contained in this e-mail and any attachments is  
strictly confidential. If you are not the intended recipient, any use,  
dissemination, distribution, or duplication of any part of this e-mail  
or any attachment is prohibited. If you are not the intended  
recipient, please notify the sender by return e-mail and delete all  
copies, including the attachments.



Reply | Threaded
Open this post in threaded view
|

Re: Reverse DNS Rejection Problem

Eero Volotinen-2
Dennis Putnam kirjoitti:
> Yes. However, that is the version Apple provides with OS X 10.4. OS X
> 10.6, which has the latest version of Postfix, will not run on PPC
> servers so we are in the process of acquiring Intel servers (dictated by
> budget issues beyond my control). Unfortunately, I have to deal with
> this immediate problem until then.
>
> It has been mentioned but as I said, that is out of my hands while this
> problem is not.

Well, source version works on all platforms? Maybe you need to recompile
one version by hand?

--
Eero
Reply | Threaded
Open this post in threaded view
|

Re: Reverse DNS Rejection Problem

Dennis Putnam
Management doesn't want me to spend the time doing that since we are  
upgrading the servers. Welcome to my world between a rock and a hard  
place. :-)

The really bad part is all this configuration stuff will need to be  
migrated to the new version of Postfix anyway.

On Oct 28, 2009, at 12:00 PM, Eero Volotinen wrote:

> Dennis Putnam kirjoitti:
>> Yes. However, that is the version Apple provides with OS X 10.4. OS  
>> X 10.6, which has the latest version of Postfix, will not run on  
>> PPC servers so we are in the process of acquiring Intel servers  
>> (dictated by budget issues beyond my control). Unfortunately, I  
>> have to deal with this immediate problem until then.
>> It has been mentioned but as I said, that is out of my hands while  
>> this problem is not.
>
> Well, source version works on all platforms? Maybe you need to  
> recompile one version by hand?
>
> --
> Eero
>



Dennis Putnam
Sr. IT Systems Administrator
AIM Systems, Inc.
11675 Rainwater Dr., Suite 200
Alpharetta, GA  30009
Phone: 678-240-4112
Main Phone: 678-297-0700
FAX: 678-297-2666 or 770-576-1000
The information contained in this e-mail and any attachments is  
strictly confidential. If you are not the intended recipient, any use,  
dissemination, distribution, or duplication of any part of this e-mail  
or any attachment is prohibited. If you are not the intended  
recipient, please notify the sender by return e-mail and delete all  
copies, including the attachments.



Reply | Threaded
Open this post in threaded view
|

Reverse DNS Rejection Problem

Stan Hoeppner
In reply to this post by Dennis Putnam
Dennis Putnam put forth on 10/28/2009 10:53 AM:
> Yes. However, that is the version Apple provides with OS X 10.4. OS X
> 10.6, which has the latest version of Postfix, will not run on PPC
> servers so we are in the process of acquiring Intel servers (dictated by
> budget issues beyond my control). Unfortunately, I have to deal with
> this immediate problem until then.

That's a tight spot to be in.  I feel for ya.

> It has been mentioned but as I said, that is out of my hands while this
> problem is not.

Migrating data and settings for various things may be a bit tricky, but
current PowerPC Postfix is available, 2.5.5-1.1, on Debian PowerPC:

http://www.debian.org/distrib/netinst

Debian GNU/Linux isn't OSX (it's better).  Dunno if this is a
possibility for you, but it is an option if you want to keep that PPC
hardware humming away with fully up to date modern code.

Or you could always grab the Postfix source and compile/install it
yourself, assuming you have current OSX dev tools installed on the host
and prerequisite libraries etc.

--
Stan
Reply | Threaded
Open this post in threaded view
|

Re: Reverse DNS Rejection Problem

Paul Beard-2
On Oct 28, 2009, at 9:13 AM, Stan Hoeppner <[hidden email]>  
wrote:

> Debian GNU/Linux isn't OSX (it's better).  Dunno if this is a
> possibility for you, but it is an option if you want to keep that PPC
> hardware humming away with fully up to date modern code.
>

If mgmt doesn't want someone compiling a native version, how does  
arguing for a different OS help? (and FreeBSD is better still. Let the  
flames rage. )

> Or you could always grab the Postfix source and compile/install it
> yourself, assuming you have current OSX dev tools installed on the  
> host
> and prerequisite libraries etc.


This is the easiest approach. There are certainly docs available for  
building postfix on OS X. And the MacPorts toolchain is worth  
installing for things like this though bootstrapping that may take  
more time than you have.
--
If this was a real .signature it would be more interesting.


Reply | Threaded
Open this post in threaded view
|

Reverse DNS Rejection Problem

Stan Hoeppner
Paul Beard put forth on 10/28/2009 11:48 AM:

> On Oct 28, 2009, at 9:13 AM, Stan Hoeppner <[hidden email]> wrote:
>
>> Debian GNU/Linux isn't OSX (it's better).  Dunno if this is a
>> possibility for you, but it is an option if you want to keep that PPC
>> hardware humming away with fully up to date modern code.
>>
>
> If mgmt doesn't want someone compiling a native version, how does
> arguing for a different OS help? (and FreeBSD is better still. Let the
> flames rage. )

I think you may have misunderstood me.  I was merely pointing out that
there is a mature and supported Power(PC) OS available for his hardware
now that Apple stopped supporting PowerPC, in the event the hardware
itself will continue to be sufficient for his needs for a while longer.
 I say "mature" as the FreeBSD site seems to indicate the PowerPC
FreeBSD port is not fully baked at the moment (otherwise I'd have
mentioned that option as well).  The Debian PowerPC is fully baked,
along with S/390, Alpha, IA-64, SPARC, and many other architectures.
Just one of the many nice things about Debian--full supported releases
simultaneously across the most diverse set of architectures of any *inux
distribution.

>> Or you could always grab the Postfix source and compile/install it
>> yourself, assuming you have current OSX dev tools installed on the host
>> and prerequisite libraries etc.
>
> This is the easiest approach. There are certainly docs available for
> building postfix on OS X. And the MacPorts toolchain is worth installing
> for things like this though bootstrapping that may take more time than
> you have.

I agree.  But like you said, it may be more worth his time to just wait
until the aforementioned new x86-64 servers arrive, if indeed this new
hardware is a done deal.  In that case there's no good reason to
duplicate effort, as the OP previously mentioned.

--
Stan
Reply | Threaded
Open this post in threaded view
|

Re: Reverse DNS Rejection Problem

Ramprasad-5
In reply to this post by Phillip Smith-8
On Wed, 2009-10-28 at 08:45 +1100, Phillip Smith wrote:
> 2009/10/28 Dennis Putnam <[hidden email]>
>         Thanks or the reply. That sucks. Is there a way around this,
>         short of turning that off or whitelisting?
>
> Tell the admin of the remote domain to fix their PTR records and/or MX
> helo configuration because in the meantime, you're going to have to
> implement a dirty hack to make their server work.

But the PTR needs no "fix".

The IP resolves to a hostname perfectly fine , only that the hostname
does not resolve.

Is that a valid reason to reject mails ?
I had to remove the reject_unknown_client because of this.

I hope postfix would have a *reject_no_ptr* .. that just checks for PTR
record exists.








Thanks
Ram


12