Hi,
I've following restriction smtpd_client_restrictions = permit_mynetworks, check_client_access hash:$config_directory/access_client, warn_if_reject reject_unknown_client And I received an email with unknown in the internet header as below "Received: from mx1.mastermindpro.com (unknown [66.199.187.23]) by" Would any one let me know why I'm getting "unknown" here? I would be interest in known the reason why postfix should say "unknown" The PTR record seems to be okay :; host -t ptr 66.199.187.23 23.187.199.66.in-addr.arpa domain name pointer mail1.mastermindpro.com. And I believe mx1.mastermindpro.com is the HELO'ed name and I did not enable smtpd_helo restriction. Thanks for the hints. - Shanmuga |
> Hi,
> > I've following restriction > > smtpd_client_restrictions = permit_mynetworks, > check_client_access > hash:$config_directory/access_client, > warn_if_reject > reject_unknown_client > > And I received an email with unknown in the internet header as below > > "Received: from mx1.mastermindpro.com (unknown [66.199.187.23]) by" > > Would any one let me know why I'm getting "unknown" here? I would be > interest in known the reason why postfix should say "unknown" > > The PTR record seems to be okay > > :; host -t ptr 66.199.187.23 > 23.187.199.66.in-addr.arpa domain name pointer > mail1.mastermindpro.com. > > And I believe mx1.mastermindpro.com is the HELO'ed name and I did not > enable smtpd_helo restriction. > > Thanks for the hints. Postfix cannot do a DNS lookup because you're probably running postfix chroot. http://www.postfix.org/BASIC_CONFIGURATION_README.html#chroot_setup Also, if you installed from source, there's an examples/chroot directory containing some scripts. Grts, Rob |
Sorry,
I'm not running postfix in a chroot jail. Thanks, Shanmuga On 5/5/08, Rob Sterenborg <[hidden email]> wrote: > > Hi, > > > > I've following restriction > > > > smtpd_client_restrictions = permit_mynetworks, > > check_client_access > > hash:$config_directory/access_client, > > warn_if_reject > > reject_unknown_client > > > > And I received an email with unknown in the internet header as below > > > > "Received: from mx1.mastermindpro.com (unknown [66.199.187.23]) by" > > > > Would any one let me know why I'm getting "unknown" here? I would be > > interest in known the reason why postfix should say "unknown" > > > > The PTR record seems to be okay > > > > :; host -t ptr 66.199.187.23 > > 23.187.199.66.in-addr.arpa domain name pointer > > mail1.mastermindpro.com. > > > > And I believe mx1.mastermindpro.com is the HELO'ed name and I did not > > enable smtpd_helo restriction. > > > > Thanks for the hints. > > Postfix cannot do a DNS lookup because you're probably running postfix > chroot. > > http://www.postfix.org/BASIC_CONFIGURATION_README.html#chroot_setup > Also, if you installed from source, there's an examples/chroot directory > containing some scripts. > > > Grts, > Rob > |
>>> Hi,
>>> >>> I've following restriction >>> >>> smtpd_client_restrictions = permit_mynetworks, >>> check_client_access >>> hash:$config_directory/access_client, >>> warn_if_reject >>> reject_unknown_client >>> >>> And I received an email with unknown in the internet header as below >>> >>> "Received: from mx1.mastermindpro.com (unknown [66.199.187.23]) by" >>> >>> Would any one let me know why I'm getting "unknown" here? I would be >>> interest in known the reason why postfix should say "unknown" >>> >>> The PTR record seems to be okay >>> >>> :; host -t ptr 66.199.187.23 >>> 23.187.199.66.in-addr.arpa domain name pointer >>> mail1.mastermindpro.com. >>> >>> And I believe mx1.mastermindpro.com is the HELO'ed name and I did >>> not enable smtpd_helo restriction. >>> >>> Thanks for the hints. >> >> Postfix cannot do a DNS lookup because you're probably running >> postfix chroot. >> >> http://www.postfix.org/BASIC_CONFIGURATION_README.html#chroot_setup >> Also, if you installed from source, there's an examples/chroot >> directory containing some scripts. > > Sorry, > > I'm not running postfix in a chroot jail. Still, for some reason postfix seems to be unable to do a DNS lookup because otherwise it wouldn't say "unknown". The restriction Can you perform the DNS query as user "postfix"? Anyway, what version Postfix are you running? According to the documentation reject_unknown_client is a pre-2.3 configuration parameter. Since 2.3+ you can use reject_unknown_client_hostname but maybe you want to use reject_unknown_reverse_client_hostname instead. Grts, Rob |
In reply to this post by Shanmuga sundaram Krishnasamy
Shanmuga sundaram Krishnasamy wrote:
> Hi, > > I've following restriction > > smtpd_client_restrictions = permit_mynetworks, > check_client_access > hash:$config_directory/access_client, > warn_if_reject > reject_unknown_client > > And I received an email with unknown in the internet header as below > > "Received: from mx1.mastermindpro.com (unknown [66.199.187.23]) by" > > Would any one let me know why I'm getting "unknown" here? I would be > interest in known the reason why postfix should say "unknown" > > The PTR record seems to be okay > > :; host -t ptr 66.199.187.23 > 23.187.199.66.in-addr.arpa domain name pointer mail1.mastermindpro.com. > > And I believe mx1.mastermindpro.com is the HELO'ed name and I did not > enable smtpd_helo restriction. > > Thanks for the hints. > > - Shanmuga > nslookup mail1.mastermindpro.comName: mail1.mastermindpro.com Address: 66.199.187.23 nslookup mx1 .mastermindpro.com Name: mx1.mastermindpro.com Address: 66.199.187.26 It connects with 66.199.187.23 but says it is mx1.mastermindpro.com. |
Randy Ramsdell wrote:
> Shanmuga sundaram Krishnasamy wrote: >> Hi, >> >> I've following restriction >> >> smtpd_client_restrictions = permit_mynetworks, >> check_client_access >> hash:$config_directory/access_client, >> warn_if_reject >> reject_unknown_client >> >> And I received an email with unknown in the internet header as below >> >> "Received: from mx1.mastermindpro.com (unknown [66.199.187.23]) by" >> >> Would any one let me know why I'm getting "unknown" here? I would be >> interest in known the reason why postfix should say "unknown" >> >> The PTR record seems to be okay >> >> :; host -t ptr 66.199.187.23 >> 23.187.199.66.in-addr.arpa domain name pointer mail1.mastermindpro.com. >> >> And I believe mx1.mastermindpro.com is the HELO'ed name and I did not >> enable smtpd_helo restriction. >> >> Thanks for the hints. >> >> - Shanmuga >> > A guess: > > nslookup mail1.mastermindpro.comName: > mail1.mastermindpro.com > Address: 66.199.187.23 > > nslookup mx1 .mastermindpro.com > Name: mx1.mastermindpro.com > Address: 66.199.187.26 > > It connects with 66.199.187.23 but says it is mx1.mastermindpro.com. This does not explain "unknown". $ host 66.199.187.23 23.187.199.66.in-addr.arpa domain name pointer mail1.mastermindpro.com. $ host mail1.mastermindpro.com mail1.mastermindpro.com has address 66.199.187.23 so the rDNS is ok. OP has a DNS lookup problem. this may be because his DNS server is too slow. it is recommended to run a caching DNS server not far from the postfix server, and not to rely on "toy" DNS servers. |
Hello,
mouss pisze: > Randy Ramsdell wrote: >> Shanmuga sundaram Krishnasamy wrote: >>> Hi, >>> >>> I've following restriction >>> >>> smtpd_client_restrictions = permit_mynetworks, >>> check_client_access >>> hash:$config_directory/access_client, >>> warn_if_reject >>> reject_unknown_client >>> >>> And I received an email with unknown in the internet header as below >>> >>> "Received: from mx1.mastermindpro.com (unknown [66.199.187.23]) by" >>> >>> Would any one let me know why I'm getting "unknown" here? I would be >>> interest in known the reason why postfix should say "unknown" >>> >>> The PTR record seems to be okay >>> >>> :; host -t ptr 66.199.187.23 >>> 23.187.199.66.in-addr.arpa domain name pointer mail1.mastermindpro.com. >>> >>> And I believe mx1.mastermindpro.com is the HELO'ed name and I did not >>> enable smtpd_helo restriction. >>> >>> Thanks for the hints. >>> >>> - Shanmuga >>> >> A guess: >> >> nslookup mail1.mastermindpro.comName: >> mail1.mastermindpro.com >> Address: 66.199.187.23 >> >> nslookup mx1 .mastermindpro.com >> Name: mx1.mastermindpro.com >> Address: 66.199.187.26 >> >> It connects with 66.199.187.23 but says it is mx1.mastermindpro.com. > > This does not explain "unknown". > $ host 66.199.187.23 > 23.187.199.66.in-addr.arpa domain name pointer mail1.mastermindpro.com. > $ host mail1.mastermindpro.com > mail1.mastermindpro.com has address 66.199.187.23 > > so the rDNS is ok. > > OP has a DNS lookup problem. this may be because his DNS server is too > slow. it is recommended to run a caching DNS server not far from the > postfix server, and not to rely on "toy" DNS servers. Sorry to jump in - but I was thinking about this issue today. Which caching dns server would you recommend (I'd be especially interested if it were something in the FreeBSD ports system... :)? I think Bind is a bit of an overkill for that? Many thanks! -- Zbigniew Szalbot www.lc-words.com |
On Mon May 5 2008 10:57:10 Zbigniew Szalbot wrote:
> > OP has a DNS lookup problem. this may be because his DNS server is > > too slow. it is recommended to run a caching DNS server not far > > from the postfix server, and not to rely on "toy" DNS servers. > > Sorry to jump in - but I was thinking about this issue today. Which > caching dns server would you recommend (I'd be especially interested > if it were something in the FreeBSD ports system... :)? I think Bind > is a bit of an overkill for that? Overkill, how so? BIND named is by far the leading choice. I run it on systems large and small. The setup for a caching-only system is very simple, probably already done for you by your distributor. Whilst you might get useful suggestions here, your FBSD questions are more appropriate in a FBSD forum. -- Offlist mail to this address is discarded unless "/dev/rob0" or "not-spam" is in Subject: header |
In reply to this post by Zbigniew Szalbot-9
Zbigniew Szalbot wrote:
> [snip] > > Sorry to jump in - but I was thinking about this issue today. Which > caching dns server would you recommend (I'd be especially interested > if it were something in the FreeBSD ports system... :)? I think Bind > is a bit of an overkill for that? BIND comes with the base system (at least on *BSD, and when it is not, it's easy to install it as a package) and configuring a "caching-only" server is not that difficult. |
I would recommend pdns-recursor v3.1.6 which was just released.
It is very easy to use, secure, performant and functional: http://www.powerdns.com Hopefully, there is a ports version. Ken On Mon, May 05, 2008 at 06:17:18PM +0200, mouss wrote: > Zbigniew Szalbot wrote: >> [snip] >> >> Sorry to jump in - but I was thinking about this issue today. Which >> caching dns server would you recommend (I'd be especially interested if it >> were something in the FreeBSD ports system... :)? I think Bind is a bit of >> an overkill for that? > > BIND comes with the base system (at least on *BSD, and when it is not, it's > easy to install it as a package) and configuring a "caching-only" server is > not that difficult. > |
Kenneth Marshall wrote:
> I would recommend pdns-recursor v3.1.6 which was just released. > It is very easy to use, secure, performant and functional: > > http://www.powerdns.com > > Hopefully, there is a ports version. > it is. That said, http://www.maradns.org/advocacy.html#powerdns says <cite> PowerDNS has more features, but does not have as strong of a security history as MaraDNS. For example, the 3.0.1 release had an update fixing a bug where "Certain malformed packets could crash the recursor", and which could potentially lead to a buffer overflow. </cite> anyway, this is off topic. so let's move the discussion elsewhere... |
In reply to this post by Zbigniew Szalbot-9
Zbigniew Szalbot wrote:
>> OP has a DNS lookup problem. this may be because his DNS server is too >> slow. it is recommended to run a caching DNS server not far from the >> postfix server, and not to rely on "toy" DNS servers. > > > Sorry to jump in - but I was thinking about this issue today. Which > caching dns server would you recommend (I'd be especially interested if > it were something in the FreeBSD ports system... :)? I think Bind is a > bit of an overkill for that? djbdns. There is a FreeBSD port. -- Sahil Tandon <[hidden email]> |
In reply to this post by Randy Ramsdell
Hi Randy,
Could you elaborate more on what do you mean by here 'It connects with 66.199.187.23 but says it is mx1.mastermindpro.com.' Does mx1.mastermindpro.com HELO/EHLO name? I think I failed to understand the 3rd point in http://www.postfix.org/postconf.5.html, reject_unknown_client_hostname (with Postfix < 2.3: reject_unknown_client) Reject the request when 1) the client IP address->name mapping fails, 2) the name->address mapping fails, or 3) the name->address mapping does not match the client IP address. This is a stronger restriction than the reject_unknown_reverse_client_hostname feature, which triggers only under condition 1) above. If the third ponit is okay and only one option I could think of having a DNS cache server. And yes, i run postfix 2.1.5 and in the path of upgrading it. And also, Mouss, you are right, I dont have a DNS caching server. Thanks for your posting. Kind regards, Shanmuga On 5/5/08, Randy Ramsdell <[hidden email]> wrote: > Shanmuga sundaram Krishnasamy wrote: > > Hi, > > > > I've following restriction > > > > smtpd_client_restrictions = permit_mynetworks, > > check_client_access > > hash:$config_directory/access_client, > > warn_if_reject > > reject_unknown_client > > > > And I received an email with unknown in the internet header as below > > > > "Received: from mx1.mastermindpro.com (unknown [66.199.187.23]) by" > > > > Would any one let me know why I'm getting "unknown" here? I would be > > interest in known the reason why postfix should say "unknown" > > > > The PTR record seems to be okay > > > > :; host -t ptr 66.199.187.23 > > 23.187.199.66.in-addr.arpa domain name pointer mail1.mastermindpro.com. > > > > And I believe mx1.mastermindpro.com is the HELO'ed name and I did not > > enable smtpd_helo restriction. > > > > Thanks for the hints. > > > > - Shanmuga > > > > > A guess: > > nslookup mail1.mastermindpro.comName: > mail1.mastermindpro.com > Address: 66.199.187.23 > > nslookup mx1 .mastermindpro.com > Name: mx1.mastermindpro.com > Address: 66.199.187.26 > > It connects with 66.199.187.23 but says it is mx1.mastermindpro.com. > |
Shanmuga sundaram Krishnasamy wrote:
> Hi Randy, > > Could you elaborate more on what do you mean by here 'It connects with > 66.199.187.23 but says it is mx1.mastermindpro.com.' > Ignore this. This doesn't result in an "unknown" client (reject_unknown_client doesn't care about helo). > Does mx1.mastermindpro.com HELO/EHLO name? > > I think I failed to understand the 3rd point in > > http://www.postfix.org/postconf.5.html, > > > reject_unknown_client_hostname (with Postfix < 2.3: reject_unknown_client) > Reject the request when 1) the client IP address->name mapping fails, > 2) the name->address mapping fails, or 3) the name->address mapping > does not match the client IP address. > This is a stronger restriction than the > reject_unknown_reverse_client_hostname feature, which triggers only > under condition 1) above. > > If the third ponit is okay and only one option I could think of having > a DNS cache server. > As I said, $ host 66.199.187.23 23.187.199.66.in-addr.arpa domain name pointer mail1.mastermindpro.com. $ host mail1.mastermindpro.com mail1.mastermindpro.com has address 66.199.187.23 so the rDNS is ok. but for some reason, at the time of the connection, postfix couldn't find these results. > And yes, i run postfix 2.1.5 and in the path of upgrading it. > > And also, Mouss, you are right, I dont have a DNS caching server. > It is recommended to have a _real_ (not a toy) DNS server installed on or "near" ther box. Also, using an ISP as a forwarder sometimes create problems. |
Free forum by Nabble | Edit this page |