> I was wondering what I can do to stop getting this.
> mail from delphi needs to get in, but it keeps getting rejected.
> I have FreeBSD4.7, postfix, RAV.
> Do I edit this in RAV or Postfix? It looks like postfix is rejecting it,
> but why.
The below is Postfix, not RAV.
> Can I white list or something?
>
>
> Jan 10 15:01:48 mailgate postfix/smtpd[188]: connect from
> unknown[12.47.224.16]
> Jan 10 15:01:48 mailgate postfix/smtpd[188]: EACA61EC:
> client=unknown[12.47.224.16]
> Jan 10 15:01:48 mailgate postfix/smtpd[188]: reject: RCPT from
> unknown[12.47.224.16]: 450 Client host rejected: cannot find your
hostname,
> [12.47.224.16]; from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]>
> Jan 10 15:01:54 mailgate postfix/smtpd[188]: disconnect from
> unknown[12.47.224.16]
Have reject_unknown_hostname in your config?
The problem is that 12.47.224.16 is not resolving back to
gateway1.delphi.com. It gets something by eds.com, but has no DNS reverse
record so the host name lookup fails.
Let me show you a couple reverse lookups for comparison:
My gateway machine
imgate01# host 216.117.206.24
24.206.117.216.IN-ADDR.ARPA domain name pointer imgate01.cybertime.net
imgate01# dig -x 216.117.206.24
; <<>> DiG 8.3 <<>> -x
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUERY SECTION:
;; 24.206.117.216.in-addr.arpa, type = ANY, class = IN
;; ANSWER SECTION:
24.206.117.216.in-addr.arpa. 1D IN PTR imgate01.cybertime.net.
;; AUTHORITY SECTION:
206.117.216.in-addr.arpa. 1D IN NS dns.cybertime.net.
206.117.216.in-addr.arpa. 1D IN NS dns1.cybertime.net.
;; ADDITIONAL SECTION:
dns.cybertime.net. 1D IN A 216.117.206.4
dns1.cybertime.net. 1D IN A 216.117.206.7
;; Total query time: 2 msec
;; FROM: imgate01.cybertime.net to SERVER: default -- 127.0.0.1
;; WHEN: Fri Jan 10 13:26:21 2003
;; MSG SIZE sent: 45 rcvd: 150
Now 12.47.224.16
imgate01# host 12.47.224.16
Host not found.
imgate01# dig -x 12.47.224.16
; <<>> DiG 8.3 <<>> -x
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 2
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUERY SECTION:
;; 16.224.47.12.in-addr.arpa, type = ANY, class = IN
;; AUTHORITY SECTION:
224.47.12.in-addr.arpa. 2h53m34s IN SOA ns1.eds.com. dnsmaster.eds.com. (
200110080 ; serial
8H ; refresh
4H ; retry
1W ; expiry
1D ) ; minimum
;; Total query time: 1 msec
;; FROM: imgate01.cybertime.net to SERVER: default -- 127.0.0.1
;; WHEN: Fri Jan 10 13:28:27 2003
;; MSG SIZE sent: 43 rcvd: 100
imgate01# dig @NS01.delphi.com -x 12.47.224.16
; <<>> DiG 8.3 <<>> @NS01.delphi.com -x
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
;; QUERY SECTION:
;; 16.224.47.12.in-addr.arpa, type = ANY, class = IN
;; AUTHORITY SECTION:
224.47.12.in-addr.arpa. 3h23m27s IN NS ns1.eds.com.
224.47.12.in-addr.arpa. 3h23m27s IN NS ns2.eds.com.
;; ADDITIONAL SECTION:
ns1.eds.com. 55m12s IN A 192.85.154.78
ns2.eds.com. 1h4m19s IN A 199.228.142.78
;; Total query time: 120 msec
;; FROM: imgate01.cybertime.net to SERVER: NS01.delphi.com 12.47.224.234
;; WHEN: Fri Jan 10 13:34:39 2003
;; MSG SIZE sent: 43 rcvd: 118
And just a few forward ones:
imgate01# host delphi.com
delphi.com has address 164.109.59.132
delphi.com mail is handled (pri=10) by gateway1.delphi.com
delphi.com mail is handled (pri=10) by gateway2.delphi.com
delphi.com mail is handled (pri=10) by gateway3.delphi.com
delphi.com mail is handled (pri=10) by gateway4.delphi.com
imgate01# host gateway1.delphi.com
gateway1.delphi.com has address 12.47.224.16
imgate01# host gateway2.delphi.com
gateway2.delphi.com has address 12.47.224.17
imgate01# host gateway3.delphi.com
gateway3.delphi.com has address 68.20.140.15
imgate01# host gateway4.delphi.com
gateway4.delphi.com has address 68.20.140.16
So this is a DNS issue on the far end.
In short, more people need to read this page:
http://bind8nt.meiway.com/itsaDNSmess.cfm
--Eric
