|
|
|
|
Hi,
I've following restriction
smtpd_client_restrictions = permit_mynetworks,
check_client_access
hash:$config_directory/access_client,
warn_if_reject
reject_unknown_client
And I received an email with unknown in the internet header as below
"Received: from mx1.mastermindpro.com (unknown [66.199.187.23]) by"
Would any one let me know why I'm getting "unknown" here? I would be
interest in known the reason why postfix should say "unknown"
The PTR record seems to be okay
:; host -t ptr 66.199.187.23
23.187.199.66.in-addr.arpa domain name pointer mail1.mastermindpro.com.
And I believe mx1.mastermindpro.com is the HELO'ed name and I did not
enable smtpd_helo restriction.
Thanks for the hints.
- Shanmuga
|
|
|
> Hi,
>
> I've following restriction
>
> smtpd_client_restrictions = permit_mynetworks,
> check_client_access
> hash:$config_directory/access_client,
> warn_if_reject
> reject_unknown_client
>
> And I received an email with unknown in the internet header as below
>
> "Received: from mx1.mastermindpro.com (unknown [66.199.187.23]) by"
>
> Would any one let me know why I'm getting "unknown" here? I would be
> interest in known the reason why postfix should say "unknown"
>
> The PTR record seems to be okay
>
> :; host -t ptr 66.199.187.23
> 23.187.199.66.in-addr.arpa domain name pointer
> mail1.mastermindpro.com.
>
> And I believe mx1.mastermindpro.com is the HELO'ed name and I did not
> enable smtpd_helo restriction.
>
> Thanks for the hints.
Postfix cannot do a DNS lookup because you're probably running postfix
chroot.
http://www.postfix.org/BASIC_CONFIGURATION_README.html#chroot_setupAlso, if you installed from source, there's an examples/chroot directory
containing some scripts.
Grts,
Rob
|
|
|
Sorry,
I'm not running postfix in a chroot jail.
Thanks,
Shanmuga
On 5/5/08, Rob Sterenborg < [hidden email]> wrote:
> > Hi,
> >
> > I've following restriction
> >
> > smtpd_client_restrictions = permit_mynetworks,
> > check_client_access
> > hash:$config_directory/access_client,
> > warn_if_reject
> > reject_unknown_client
> >
> > And I received an email with unknown in the internet header as below
> >
> > "Received: from mx1.mastermindpro.com (unknown [66.199.187.23]) by"
> >
> > Would any one let me know why I'm getting "unknown" here? I would be
> > interest in known the reason why postfix should say "unknown"
> >
> > The PTR record seems to be okay
> >
> > :; host -t ptr 66.199.187.23
> > 23.187.199.66.in-addr.arpa domain name pointer
> > mail1.mastermindpro.com.
> >
> > And I believe mx1.mastermindpro.com is the HELO'ed name and I did not
> > enable smtpd_helo restriction.
> >
> > Thanks for the hints.
>
> Postfix cannot do a DNS lookup because you're probably running postfix
> chroot.
>
> http://www.postfix.org/BASIC_CONFIGURATION_README.html#chroot_setup> Also, if you installed from source, there's an examples/chroot directory
> containing some scripts.
>
>
> Grts,
> Rob
>
|
|
|
>>> Hi,
>>>
>>> I've following restriction
>>>
>>> smtpd_client_restrictions = permit_mynetworks,
>>> check_client_access
>>> hash:$config_directory/access_client,
>>> warn_if_reject
>>> reject_unknown_client
>>>
>>> And I received an email with unknown in the internet header as below
>>>
>>> "Received: from mx1.mastermindpro.com (unknown [66.199.187.23]) by"
>>>
>>> Would any one let me know why I'm getting "unknown" here? I would be
>>> interest in known the reason why postfix should say "unknown"
>>>
>>> The PTR record seems to be okay
>>>
>>> :; host -t ptr 66.199.187.23
>>> 23.187.199.66.in-addr.arpa domain name pointer
>>> mail1.mastermindpro.com.
>>>
>>> And I believe mx1.mastermindpro.com is the HELO'ed name and I did
>>> not enable smtpd_helo restriction.
>>>
>>> Thanks for the hints.
>>
>> Postfix cannot do a DNS lookup because you're probably running
>> postfix chroot.
>>
>> http://www.postfix.org/BASIC_CONFIGURATION_README.html#chroot_setup>> Also, if you installed from source, there's an examples/chroot
>> directory containing some scripts.
>
> Sorry,
>
> I'm not running postfix in a chroot jail.
Still, for some reason postfix seems to be unable to do a DNS lookup
because otherwise it wouldn't say "unknown". The restriction Can you
perform the DNS query as user "postfix"?
Anyway, what version Postfix are you running? According to the
documentation reject_unknown_client is a pre-2.3 configuration
parameter. Since 2.3+ you can use reject_unknown_client_hostname but
maybe you want to use reject_unknown_reverse_client_hostname instead.
Grts,
Rob
|
|
|
In reply to this post by Shanmuga sundaram Krishnasamy
Shanmuga sundaram Krishnasamy wrote:
> Hi,
>
> I've following restriction
>
> smtpd_client_restrictions = permit_mynetworks,
> check_client_access
> hash:$config_directory/access_client,
> warn_if_reject
> reject_unknown_client
>
> And I received an email with unknown in the internet header as below
>
> "Received: from mx1.mastermindpro.com (unknown [66.199.187.23]) by"
>
> Would any one let me know why I'm getting "unknown" here? I would be
> interest in known the reason why postfix should say "unknown"
>
> The PTR record seems to be okay
>
> :; host -t ptr 66.199.187.23
> 23.187.199.66.in-addr.arpa domain name pointer mail1.mastermindpro.com.
>
> And I believe mx1.mastermindpro.com is the HELO'ed name and I did not
> enable smtpd_helo restriction.
>
> Thanks for the hints.
>
> - Shanmuga
>
A guess:
nslookup mail1.mastermindpro.comName:
mail1.mastermindpro.com
Address: 66.199.187.23
nslookup mx1 .mastermindpro.com
Name: mx1.mastermindpro.com
Address: 66.199.187.26
It connects with 66.199.187.23 but says it is mx1.mastermindpro.com.
|
|
|
Randy Ramsdell wrote:
> Shanmuga sundaram Krishnasamy wrote:
>> Hi,
>>
>> I've following restriction
>>
>> smtpd_client_restrictions = permit_mynetworks,
>> check_client_access
>> hash:$config_directory/access_client,
>> warn_if_reject
>> reject_unknown_client
>>
>> And I received an email with unknown in the internet header as below
>>
>> "Received: from mx1.mastermindpro.com (unknown [66.199.187.23]) by"
>>
>> Would any one let me know why I'm getting "unknown" here? I would be
>> interest in known the reason why postfix should say "unknown"
>>
>> The PTR record seems to be okay
>>
>> :; host -t ptr 66.199.187.23
>> 23.187.199.66.in-addr.arpa domain name pointer mail1.mastermindpro.com.
>>
>> And I believe mx1.mastermindpro.com is the HELO'ed name and I did not
>> enable smtpd_helo restriction.
>>
>> Thanks for the hints.
>>
>> - Shanmuga
>>
> A guess:
>
> nslookup mail1.mastermindpro.comName:
> mail1.mastermindpro.com
> Address: 66.199.187.23
>
> nslookup mx1 .mastermindpro.com
> Name: mx1.mastermindpro.com
> Address: 66.199.187.26
>
> It connects with 66.199.187.23 but says it is mx1.mastermindpro.com.
This does not explain "unknown".
$ host 66.199.187.23
23.187.199.66.in-addr.arpa domain name pointer mail1.mastermindpro.com.
$ host mail1.mastermindpro.com
mail1.mastermindpro.com has address 66.199.187.23
so the rDNS is ok.
OP has a DNS lookup problem. this may be because his DNS server is too
slow. it is recommended to run a caching DNS server not far from the
postfix server, and not to rely on "toy" DNS servers.
|
|
|
Hello,
mouss pisze:
> Randy Ramsdell wrote:
>> Shanmuga sundaram Krishnasamy wrote:
>>> Hi,
>>>
>>> I've following restriction
>>>
>>> smtpd_client_restrictions = permit_mynetworks,
>>> check_client_access
>>> hash:$config_directory/access_client,
>>> warn_if_reject
>>> reject_unknown_client
>>>
>>> And I received an email with unknown in the internet header as below
>>>
>>> "Received: from mx1.mastermindpro.com (unknown [66.199.187.23]) by"
>>>
>>> Would any one let me know why I'm getting "unknown" here? I would be
>>> interest in known the reason why postfix should say "unknown"
>>>
>>> The PTR record seems to be okay
>>>
>>> :; host -t ptr 66.199.187.23
>>> 23.187.199.66.in-addr.arpa domain name pointer mail1.mastermindpro.com.
>>>
>>> And I believe mx1.mastermindpro.com is the HELO'ed name and I did not
>>> enable smtpd_helo restriction.
>>>
>>> Thanks for the hints.
>>>
>>> - Shanmuga
>>>
>> A guess:
>>
>> nslookup mail1.mastermindpro.comName:
>> mail1.mastermindpro.com
>> Address: 66.199.187.23
>>
>> nslookup mx1 .mastermindpro.com
>> Name: mx1.mastermindpro.com
>> Address: 66.199.187.26
>>
>> It connects with 66.199.187.23 but says it is mx1.mastermindpro.com.
>
> This does not explain "unknown".
> $ host 66.199.187.23
> 23.187.199.66.in-addr.arpa domain name pointer mail1.mastermindpro.com.
> $ host mail1.mastermindpro.com
> mail1.mastermindpro.com has address 66.199.187.23
>
> so the rDNS is ok.
>
> OP has a DNS lookup problem. this may be because his DNS server is too
> slow. it is recommended to run a caching DNS server not far from the
> postfix server, and not to rely on "toy" DNS servers.
Sorry to jump in - but I was thinking about this issue today. Which
caching dns server would you recommend (I'd be especially interested if
it were something in the FreeBSD ports system... :)? I think Bind is a
bit of an overkill for that?
Many thanks!
--
Zbigniew Szalbot
www.lc-words.com
|
|
|
On Mon May 5 2008 10:57:10 Zbigniew Szalbot wrote:
> > OP has a DNS lookup problem. this may be because his DNS server is
> > too slow. it is recommended to run a caching DNS server not far
> > from the postfix server, and not to rely on "toy" DNS servers.
>
> Sorry to jump in - but I was thinking about this issue today. Which
> caching dns server would you recommend (I'd be especially interested
> if it were something in the FreeBSD ports system... :)? I think Bind
> is a bit of an overkill for that?
Overkill, how so? BIND named is by far the leading choice. I run it on
systems large and small. The setup for a caching-only system is very
simple, probably already done for you by your distributor.
Whilst you might get useful suggestions here, your FBSD questions are
more appropriate in a FBSD forum.
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
|
|
|
Zbigniew Szalbot wrote:
> [snip]
>
> Sorry to jump in - but I was thinking about this issue today. Which
> caching dns server would you recommend (I'd be especially interested
> if it were something in the FreeBSD ports system... :)? I think Bind
> is a bit of an overkill for that?
BIND comes with the base system (at least on *BSD, and when it is not,
it's easy to install it as a package) and configuring a "caching-only"
server is not that difficult.
|
|
|
I would recommend pdns-recursor v3.1.6 which was just released.
It is very easy to use, secure, performant and functional:
http://www.powerdns.comHopefully, there is a ports version.
Ken
On Mon, May 05, 2008 at 06:17:18PM +0200, mouss wrote:
> Zbigniew Szalbot wrote:
>> [snip]
>>
>> Sorry to jump in - but I was thinking about this issue today. Which
>> caching dns server would you recommend (I'd be especially interested if it
>> were something in the FreeBSD ports system... :)? I think Bind is a bit of
>> an overkill for that?
>
> BIND comes with the base system (at least on *BSD, and when it is not, it's
> easy to install it as a package) and configuring a "caching-only" server is
> not that difficult.
>
|
|
|
Kenneth Marshall wrote:
> I would recommend pdns-recursor v3.1.6 which was just released.
> It is very easy to use, secure, performant and functional:
>
> http://www.powerdns.com>
> Hopefully, there is a ports version.
>
it is. That said,
http://www.maradns.org/advocacy.html#powerdnssays
<cite>
PowerDNS has more features, but does not have as strong of a security
history as MaraDNS. For example, the 3.0.1 release had an update fixing
a bug where "Certain malformed packets could crash the recursor", and
which could potentially lead to a buffer overflow.
</cite>
anyway, this is off topic. so let's move the discussion elsewhere...
|
|
|
Zbigniew Szalbot wrote:
>> OP has a DNS lookup problem. this may be because his DNS server is too
>> slow. it is recommended to run a caching DNS server not far from the
>> postfix server, and not to rely on "toy" DNS servers.
>
>
> Sorry to jump in - but I was thinking about this issue today. Which
> caching dns server would you recommend (I'd be especially interested if
> it were something in the FreeBSD ports system... :)? I think Bind is a
> bit of an overkill for that?
djbdns. There is a FreeBSD port.
--
Sahil Tandon < [hidden email]>
|
|
|
Hi Randy,
Could you elaborate more on what do you mean by here 'It connects with
66.199.187.23 but says it is mx1.mastermindpro.com.'
Does mx1.mastermindpro.com HELO/EHLO name?
I think I failed to understand the 3rd point in
http://www.postfix.org/postconf.5.html,
reject_unknown_client_hostname (with Postfix < 2.3: reject_unknown_client)
Reject the request when 1) the client IP address->name mapping fails,
2) the name->address mapping fails, or 3) the name->address mapping
does not match the client IP address.
This is a stronger restriction than the
reject_unknown_reverse_client_hostname feature, which triggers only
under condition 1) above.
If the third ponit is okay and only one option I could think of having
a DNS cache server.
And yes, i run postfix 2.1.5 and in the path of upgrading it.
And also, Mouss, you are right, I dont have a DNS caching server.
Thanks for your posting.
Kind regards,
Shanmuga
On 5/5/08, Randy Ramsdell < [hidden email]> wrote:
> Shanmuga sundaram Krishnasamy wrote:
> > Hi,
> >
> > I've following restriction
> >
> > smtpd_client_restrictions = permit_mynetworks,
> > check_client_access
> > hash:$config_directory/access_client,
> > warn_if_reject
> > reject_unknown_client
> >
> > And I received an email with unknown in the internet header as below
> >
> > "Received: from mx1.mastermindpro.com (unknown [66.199.187.23]) by"
> >
> > Would any one let me know why I'm getting "unknown" here? I would be
> > interest in known the reason why postfix should say "unknown"
> >
> > The PTR record seems to be okay
> >
> > :; host -t ptr 66.199.187.23
> > 23.187.199.66.in-addr.arpa domain name pointer mail1.mastermindpro.com.
> >
> > And I believe mx1.mastermindpro.com is the HELO'ed name and I did not
> > enable smtpd_helo restriction.
> >
> > Thanks for the hints.
> >
> > - Shanmuga
> >
> >
> A guess:
>
> nslookup mail1.mastermindpro.comName:
> mail1.mastermindpro.com
> Address: 66.199.187.23
>
> nslookup mx1 .mastermindpro.com
> Name: mx1.mastermindpro.com
> Address: 66.199.187.26
>
> It connects with 66.199.187.23 but says it is mx1.mastermindpro.com.
>
|
|
|
Shanmuga sundaram Krishnasamy wrote:
> Hi Randy,
>
> Could you elaborate more on what do you mean by here 'It connects with
> 66.199.187.23 but says it is mx1.mastermindpro.com.'
>
Ignore this. This doesn't result in an "unknown" client
(reject_unknown_client doesn't care about helo).
> Does mx1.mastermindpro.com HELO/EHLO name?
>
> I think I failed to understand the 3rd point in
>
> http://www.postfix.org/postconf.5.html,
>
>
> reject_unknown_client_hostname (with Postfix < 2.3: reject_unknown_client)
> Reject the request when 1) the client IP address->name mapping fails,
> 2) the name->address mapping fails, or 3) the name->address mapping
> does not match the client IP address.
> This is a stronger restriction than the
> reject_unknown_reverse_client_hostname feature, which triggers only
> under condition 1) above.
>
> If the third ponit is okay and only one option I could think of having
> a DNS cache server.
>
As I said,
$ host 66.199.187.23
23.187.199.66.in-addr.arpa domain name pointer mail1.mastermindpro.com.
$ host mail1.mastermindpro.com
mail1.mastermindpro.com has address 66.199.187.23
so the rDNS is ok.
but for some reason, at the time of the connection, postfix couldn't
find these results.
> And yes, i run postfix 2.1.5 and in the path of upgrading it.
>
> And also, Mouss, you are right, I dont have a DNS caching server.
>
It is recommended to have a _real_ (not a toy) DNS server installed on
or "near" ther box. Also, using an ISP as a forwarder sometimes create
problems.
|
|
Locked
smime.p7s (3K)