This morning (GMT+1000), my Postfix MTA refused some legitimate email
relayed via [52.62.108.212] (550, so not a transient lookup error from
getnameinfo(3)) due to apparent lack of a PTR record:
Apr 22 09:23:57 amnesiac postfix/smtpd[315022]: NOQUEUE: reject: RCPT
from unknown[52.62.108.212]: 550 5.7.1 Client host rejected: cannot find
your reverse hostname, [52.62.108.212]; from=<...> to=<...> proto=ESMTP
helo=<mx-relay10-hz4b.antispameurope.com>
I don't known whether amazon DNS indeed denied the existence of the PTR
record, or whether on my Fedora 41 system, some nsswitch breakage causes
transient lookup errors to be "upgraded" to hard errors. Has anyone
else seen any recent issues with PTR lookups for:
108.62.52.in-addr.arpa. IN SOA ns-1918.awsdns-47.co.uk.
awsdns-hostmaster.amazon.com. ...
NetRange: 52.0.0.0 - 52.79.255.255
CIDR: 52.0.0.0/10, 52.64.0.0/12
NetName: AT-88-Z
NetHandle: NET-52-0-0-0-1
Parent: NET52 (NET-52-0-0-0-0)
NetType: Direct Allocation
One likely source of problems may have been the default
"[!UNAVAIL=return]" element of the "hosts:" entry in nsswitch.conf:
hosts: files myhostname resolve [!UNAVAIL=return] dns
With this, transient errors in "resolve" may be "upgraded" to hard errors.
Since I have a local caching/validating resolver, I'm changing this to:
hosts: myhostname files dns
If the above best guess is correct, and others also have similar
nsswitch.conf configurations, you should consider changing nsswitch.conf
to ensure more reliable mail delivery (avoid erroneous hard errors).
--
Viktor.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
