On Sat, Feb 20, 2016 at 10:45:42AM -0500, Curtis Maurand wrote:
> Feb 19 16:30:29 ispconfig postfix/smtpd[18437]:
> warning: hostname delivery.mailspamprotection.com
> does not resolve to address 108.163.243.188
> Feb 19 16:30:29 ispconfig postfix/smtpd[18437]:
> connect from unknown[108.163.243.188]
> Feb 19 16:30:29 ispconfig postfix/smtpd[18437]:
> NOQUEUE: reject: RCPT from unknown[108.163.243.188]:
> 450 4.7.1 Client host rejected: cannot find your hostname,
> [108.163.243.188];
> from=<edi...@whiteeaglenews.com> to=<cmaur...@xyonet.com> proto=ESMTP
> helo=<delivery.mailspamprotection.com>
Error "450" is a temporary error, the DNS lookup temp failed, stuff
happens.
> deliver.mailspamprotection.com resolves to a lot of addresses (and this is a
> partial list):
>
> dig delivery.mailspamprotection.com |grep 108.163.243
> delivery.mailspamprotection.com. 30 IN A 108.163.243.188
> delivery.mailspamprotection.com. 30 IN A 108.163.243.187
> delivery.mailspamprotection.com. 30 IN A 108.163.243.189
> delivery.mailspamprotection.com. 30 IN A 108.163.243.190
> delivery.mailspamprotection.com. 30 IN A 108.163.243.186
Yes, it resolves to 81 addresses at present, that's more typical
of a spam-sending system than an anti-spam system. Perhaps
mailspamprotection means protection of spam, rather than protection
from spam?
The large DNS packet size needed to return the PTR record in question
can be contributing factor to interoperability issues. You also
should check that the getaddrinfo(3) C-library function on your
system returns all 81 addresses that you might see via dig(1).
> given such a round robin setup, does postfix account for this when
> performing it's hostname lookup?
Yes, but the C-library and your resolver need to return the relevant
addresses.
> This email should not have been rejected
> for any kind of ip mismatch. Forward, reverse and helo all match.
They do now, they did not then.
--
Viktor.
