refused mail/host not found -- confusion about error source

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

refused mail/host not found -- confusion about error source

Jeff Abrahamson

I've been seeing this error for this one host.  My first reaction was that the host was incorrectly configured, but the IP (92.103.176.37) reverse resolves to mail.mairie-carquefou.fr, which in turn resolves to that IP.  In addition, the MX for mairie-carquefou.fr is mail.mairie-carquefou.fr (and mx3.mail.ovh.net).  So I'm not really sure what the "host not found" is complaining about.

Jan 21 15:05:28 nantes-1 postfix/smtpd[6367]: connect from mail.mairie-carquefou.fr[92.103.176.37]
Jan 21 15:05:29 nantes-1 postfix/smtpd[6367]: Anonymous TLS connection established from mail.mairie-carquefou.fr[92.103.176.37]: TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
Jan 21 15:05:29 nantes-1 postfix/smtpd[6367]: NOQUEUE: reject: RCPT from mail.mairie-carquefou.fr[92.103.176.37]: 450 4.7.1 <SERVDMZMAIL.mairie-carquefou.fr>: Helo command rejected: Host not found; from=[hidden email] to=[hidden email] proto=ESMTP helo=<SERVDMZMAIL.mairie-carquefou.fr>
Jan 21 15:05:29 nantes-1 postfix/smtpd[6367]: disconnect from mail.mairie-carquefou.fr[92.103.176.37] ehlo=2 starttls=1 mail=1 rcpt=0/1 quit=1 commands=5/6

(I'm a bit confused about the SERVDMZMAIL in the helo.  That host does appear not to exist.)

Any suggestions what to look at / if I've likely misconfigured something?

-- 
Jeff Abrahamson
+33 6 24 40 01 57
+44 7920 594 255

http://p27.eu/jeff/
http://transport-nantes.com/
Reply | Threaded
Open this post in threaded view
|

Re: refused mail/host not found -- confusion about error source

Herbert J. Skuhra-3
On Thu, Jan 21, 2021 at 03:15:24PM +0100, Jeff Abrahamson wrote:

> I've been seeing this error for this one host.  My first reaction was
> that the host was incorrectly configured, but the IP (92.103.176.37)
> reverse resolves to mail.mairie-carquefou.fr, which in turn resolves to
> that IP.  In addition, the MX for mairie-carquefou.fr is
> mail.mairie-carquefou.fr (and mx3.mail.ovh.net).  So I'm not really sure
> what the "host not found" is complaining about.
>
> Jan 21 15:05:28 nantes-1 postfix/smtpd[6367]: connect from
> mail.mairie-carquefou.fr[92.103.176.37]
> Jan 21 15:05:29 nantes-1 postfix/smtpd[6367]: Anonymous TLS connection
> established from mail.mairie-carquefou.fr[92.103.176.37]: TLSv1 with
> cipher ECDHE-RSA-AES256-SHA (256/256 bits)
> Jan 21 15:05:29 nantes-1 postfix/smtpd[6367]: NOQUEUE: reject: RCPT from
> mail.mairie-carquefou.fr[92.103.176.37]: 450 4.7.1
> <SERVDMZMAIL.mairie-carquefou.fr>: Helo command rejected: Host not
> found; from=<[hidden email]>
> to=<[hidden email]> proto=ESMTP
> helo=<SERVDMZMAIL.mairie-carquefou.fr>
> Jan 21 15:05:29 nantes-1 postfix/smtpd[6367]: disconnect from
> mail.mairie-carquefou.fr[92.103.176.37] ehlo=2 starttls=1 mail=1
> rcpt=0/1 quit=1 commands=5/6
>
> (I'm a bit confused about the SERVDMZMAIL in the helo.  That host does
> appear not to exist.)
>
> Any suggestions what to look at / if I've likely misconfigured something?

http://www.postfix.org/postconf.5.html#smtpd_helo_restrictions

reject_unknown_helo_hostname (with Postfix < 2.3: reject_unknown_hostname)
    Reject the request when the HELO or EHLO hostname has no DNS A or MX record.

--
Herbert
Reply | Threaded
Open this post in threaded view
|

Re: refused mail/host not found -- confusion about error source

Richard-2


> Date: Thursday, January 21, 2021 15:24:10 +0100
> From: "Herbert J. Skuhra" <[hidden email]>
>
> On Thu, Jan 21, 2021 at 03:15:24PM +0100, Jeff Abrahamson wrote:
>> I've been seeing this error for this one host.  My first reaction
>> was that the host was incorrectly configured, but the IP
>> (92.103.176.37) reverse resolves to mail.mairie-carquefou.fr,
>> which in turn resolves to that IP.  In addition, the MX for
>> mairie-carquefou.fr is mail.mairie-carquefou.fr (and
>> mx3.mail.ovh.net).  So I'm not really sure what the "host not
>> found" is complaining about.
>>
>> Jan 21 15:05:28 nantes-1 postfix/smtpd[6367]: connect from
>> mail.mairie-carquefou.fr[92.103.176.37]
>> Jan 21 15:05:29 nantes-1 postfix/smtpd[6367]: Anonymous TLS
>> connection established from
>> mail.mairie-carquefou.fr[92.103.176.37]: TLSv1 with cipher
>> ECDHE-RSA-AES256-SHA (256/256 bits)
>> Jan 21 15:05:29 nantes-1 postfix/smtpd[6367]: NOQUEUE: reject:
>> RCPT from mail.mairie-carquefou.fr[92.103.176.37]: 450 4.7.1
>> <SERVDMZMAIL.mairie-carquefou.fr>: Helo command rejected: Host not
>> found; from=<[hidden email]>
>> to=<[hidden email]> proto=ESMTP
>> helo=<SERVDMZMAIL.mairie-carquefou.fr>
>> Jan 21 15:05:29 nantes-1 postfix/smtpd[6367]: disconnect from
>> mail.mairie-carquefou.fr[92.103.176.37] ehlo=2 starttls=1 mail=1
>> rcpt=0/1 quit=1 commands=5/6
>>
>> (I'm a bit confused about the SERVDMZMAIL in the helo.  That host
>> does appear not to exist.)
>>
>> Any suggestions what to look at / if I've likely misconfigured
>> something?
>
> http://www.postfix.org/postconf.5.html#smtpd_helo_restrictions
>
> reject_unknown_helo_hostname (with Postfix < 2.3:
> reject_unknown_hostname)     Reject the request when the HELO or
> EHLO hostname has no DNS A or MX record.

... and your HELO is from:

   450 4.7.1 <SERVDMZMAIL.mairie-carquefou.fr>:
   Helo command rejected: Host not found;

which doesn't appear to resolve.



Reply | Threaded
Open this post in threaded view
|

Re: refused mail/host not found -- confusion about error source

Jeff Abrahamson
On 21/01/2021 15:31, Richard wrote:

>> Date: Thursday, January 21, 2021 15:24:10 +0100
>> From: "Herbert J. Skuhra" <[hidden email]>
>>
>> On Thu, Jan 21, 2021 at 03:15:24PM +0100, Jeff Abrahamson wrote:
>>> I've been seeing this error for this one host.  My first reaction
>>> was that the host was incorrectly configured, but the IP
>>> (92.103.176.37) reverse resolves to mail.mairie-carquefou.fr,
>>> which in turn resolves to that IP.  In addition, the MX for
>>> mairie-carquefou.fr is mail.mairie-carquefou.fr (and
>>> mx3.mail.ovh.net).  So I'm not really sure what the "host not
>>> found" is complaining about.
>>>
>>> Jan 21 15:05:28 nantes-1 postfix/smtpd[6367]: connect from
>>> mail.mairie-carquefou.fr[92.103.176.37]
>>> Jan 21 15:05:29 nantes-1 postfix/smtpd[6367]: Anonymous TLS
>>> connection established from
>>> mail.mairie-carquefou.fr[92.103.176.37]: TLSv1 with cipher
>>> ECDHE-RSA-AES256-SHA (256/256 bits)
>>> Jan 21 15:05:29 nantes-1 postfix/smtpd[6367]: NOQUEUE: reject:
>>> RCPT from mail.mairie-carquefou.fr[92.103.176.37]: 450 4.7.1
>>> <SERVDMZMAIL.mairie-carquefou.fr>: Helo command rejected: Host not
>>> found; from=<[hidden email]>
>>> to=<[hidden email]> proto=ESMTP
>>> helo=<SERVDMZMAIL.mairie-carquefou.fr>
>>> Jan 21 15:05:29 nantes-1 postfix/smtpd[6367]: disconnect from
>>> mail.mairie-carquefou.fr[92.103.176.37] ehlo=2 starttls=1 mail=1
>>> rcpt=0/1 quit=1 commands=5/6
>>>
>>> (I'm a bit confused about the SERVDMZMAIL in the helo.  That host
>>> does appear not to exist.)
>>>
>>> Any suggestions what to look at / if I've likely misconfigured
>>> something?
>> http://www.postfix.org/postconf.5.html#smtpd_helo_restrictions
>>
>> reject_unknown_helo_hostname (with Postfix < 2.3:
>> reject_unknown_hostname)     Reject the request when the HELO or
>> EHLO hostname has no DNS A or MX record.
> ... and your HELO is from:
>
>    450 4.7.1 <SERVDMZMAIL.mairie-carquefou.fr>:
>    Helo command rejected: Host not found;
>
> which doesn't appear to resolve.

OK, thanks, that's what I'd tentatively concluded, but it's a kind of
big ISP (OVH), so I have to at least ask myself if I've misunderstood
before being too convinced that they've misconfigured their DNS.

--
Jeff Abrahamson
+33 6 24 40 01 57
+44 7920 594 255

http://p27.eu/jeff/
http://transport-nantes.com/

Reply | Threaded
Open this post in threaded view
|

Re: refused mail/host not found -- confusion about error source

Jaroslaw Rafa
Dnia 21.01.2021 o godz. 15:44:04 Jeff Abrahamson pisze:
> >    450 4.7.1 <SERVDMZMAIL.mairie-carquefou.fr>:
> >    Helo command rejected: Host not found;
> >
> > which doesn't appear to resolve.
>
> OK, thanks, that's what I'd tentatively concluded, but it's a kind of
> big ISP (OVH), so I have to at least ask myself if I've misunderstood
> before being too convinced that they've misconfigured their DNS.

I don't see a DNS misconfiguration here.

I see a misconfiguration of the sending MTA, that completely unnecessary
advertises itself with the internal name that isn't configured in the DNS.

It could just do "HELO mairie-carquefou.fr".
--
Regards,
   Jaroslaw Rafa
   [hidden email]
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
Reply | Threaded
Open this post in threaded view
|

Re: refused mail/host not found -- confusion about error source

Viktor Dukhovni
In reply to this post by Jeff Abrahamson
On Thu, Jan 21, 2021 at 03:44:04PM +0100, Jeff Abrahamson wrote:

> >> http://www.postfix.org/postconf.5.html#smtpd_helo_restrictions
> >>
> >> reject_unknown_helo_hostname (with Postfix < 2.3: reject_unknown_hostname)
> >> Reject the request when the HELO or EHLO hostname has no DNS A or MX record.
> > ... and your HELO is from:
> >
> >    450 4.7.1 <SERVDMZMAIL.mairie-carquefou.fr>:
> >    Helo command rejected: Host not found;
> >
> > which doesn't appear to resolve.
>
> OK, thanks, that's what I'd tentatively concluded, but it's a kind of
> big ISP (OVH), so I have to at least ask myself if I've misunderstood
> before being too convinced that they've misconfigured their DNS.

You have elected to require that the EHLO hostname of SMTP clients
(sending MTAs) (if not a domain [literal]) be an extant domain name,
that resolves to an IP address or MX RRset.

While this is an RFC requirement:

   https://tools.ietf.org/html/rfc5321#section-4.1.1.1

   These commands are used to identify the SMTP client to the SMTP
   server.  The argument clause contains the fully-qualified domain name
   of the SMTP client, if one is available.  In situations in which the
   SMTP client system does not have a meaningful domain name (e.g., when
   its address is dynamically allocated and no reverse mapping record is
   available), the client SHOULD send an address literal (see
   Section 4.1.3).

This optional restriction is known to have a non-trivial false-positive
rate, such as the one you observed.  You can (with care to avoid making
your server into an accidental open-relay) whitelist some names, or
avoid using the restriction.  The latter is probably the simplest.

--
    Viktor.