Hello,
After the message from yesterday, im asking if the postfix logging can be changed. To improve the loggings and a better more clear reject message. A small change maybe, i dont know, i’ll show what i mean below. Maybe im totaly incorrect here so correct me if needed. Now, Im running Debian Wheezy, postfix ( debian backport ) 2.11.2-1~bpo70+1. Kernel : 3.2.82-1 I’ve increased the debug level in postfix for the domains. Im seeing the following : Time : 08:34 : me be...@bazuin.nl sending to serviced...@stater.com Dec 16 08:34:39 mailhopper postfix/smtp[15288]: < sweeper2.stater.com[193.172.8.206]:25: 220-sweeper.stater.com ESMTP Dec 16 08:34:39 mailhopper postfix/smtp[15288]: < sweeper2.stater.com[193.172.8.206]:25: 220 Connection is logged and abuse will be reported... Dec 16 08:34:39 mailhopper postfix/smtp[15288]: > sweeper2.stater.com[193.172.8.206]:25: EHLO mailhopper.bazuin.nl Dec 16 08:34:39 mailhopper postfix/smtp[15288]: < sweeper2.stater.com[193.172.8.206]:25: 250-sweeper.stater.com Dec 16 08:34:39 mailhopper postfix/smtp[15288]: < sweeper2.stater.com[193.172.8.206]:25: 250-8BITMIME Dec 16 08:34:39 mailhopper postfix/smtp[15288]: < sweeper2.stater.com[193.172.8.206]:25: 250-SIZE 52428800 Dec 16 08:34:39 mailhopper postfix/smtp[15288]: < sweeper2.stater.com[193.172.8.206]:25: 250 STARTTLS Dec 16 08:34:39 mailhopper postfix/smtp[15288]: > sweeper2.stater.com[193.172.8.206]:25: STARTTLS Dec 16 08:34:39 mailhopper postfix/smtp[15288]: < sweeper2.stater.com[193.172.8.206]:25: 220 Go ahead with TLS Dec 16 08:34:39 mailhopper postfix/smtp[15288]: send attr cache_id = smtp&stater.com&sweeper2.stater.com&193.172.8.206&&4DFEB04581B7B5FE02EE5DA3C09609BF6F53AC5A02666E3BE4556ED143A51345 Dec 16 08:34:39 mailhopper postfix/smtp[15288]: send attr cache_id = smtp&stater.com&sweeper2.stater.com&193.172.8.206&&4DFEB04581B7B5FE02EE5DA3C09609BF6F53AC5A02666E3BE4556ED143A51345 Dec 16 08:34:39 mailhopper postfix/smtp[15288]: Untrusted TLS connection established to sweeper2.stater.com[193.172.8.206]:25: TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits) Dec 16 08:34:39 mailhopper postfix/smtp[15288]: > sweeper2.stater.com[193.172.8.206]:25: EHLO mailhopper.bazuin.nl Dec 16 08:34:39 mailhopper postfix/smtp[15288]: < sweeper2.stater.com[193.172.8.206]:25: 250-sweeper.stater.com Dec 16 08:34:39 mailhopper postfix/smtp[15288]: < sweeper2.stater.com[193.172.8.206]:25: 250-8BITMIME Dec 16 08:34:39 mailhopper postfix/smtp[15288]: < sweeper2.stater.com[193.172.8.206]:25: 250 SIZE 52428800 Dec 16 08:34:39 mailhopper postfix/smtp[15288]: > sweeper2.stater.com[193.172.8.206]:25: MAIL FROM:<be...@bazuin.nl> SIZE=19695 Dec 16 08:34:39 mailhopper postfix/smtp[15288]: < sweeper2.stater.com[193.172.8.206]:25: 250 sender <be...@bazuin.nl> ok Dec 16 08:34:39 mailhopper postfix/smtp[15288]: > sweeper2.stater.com[193.172.8.206]:25: RCPT TO:<serviced...@stater.com> Dec 16 08:34:39 mailhopper postfix/smtp[15288]: < sweeper2.stater.com[193.172.8.206]:25: 250 recipient <serviced...@stater.com> ok Dec 16 08:34:39 mailhopper postfix/smtp[15288]: > sweeper2.stater.com[193.172.8.206]:25: DATA Dec 16 08:34:39 mailhopper postfix/smtp[15288]: < sweeper2.stater.com[193.172.8.206]:25: 354 go ahead Now, here is an inconistany of logging ( i think ) by postfix. I point to this line,: sweeper2.stater.com[193.172.8.206]:25: 220-sweeper.stater.com ESMTP More consistand would be (sweeper2.stater.com[193.172.8.206]):25: 220-sweeper.stater.com ESMTP Or without a/ptr for the client name: (unknown[193.172.8.206]):25: 220-sweeper.stater.com ESMTP At Time : 08:47 : reply from stater.com to my but rejected as it should. Dec 16 08:47:31 mailhopper postfix/smtpd[16089]: warning: hostname sweeper.stater.com does not resolve to address 193.172.8.206: Name or service not known Dec 16 08:47:32 mailhopper postfix/smtpd[16089]: NOQUEUE: reject: RCPT from unknown[193.172.8.206]: 554 5.7.1 <sweeper.stater.com>: Helo command rejected: Host not found; from=<serviced...@stater.nl> to=<be...@bazuin.nl> proto=ESMTP helo=<sweeper.stater.com> This part : hostname sweeper.stater.com does not resolve to address 193.172.8.206 which is totaly correct. But it would be nicer to set : “helo hostname sweeper.stater.com does not resolve to address 193.172.8.206“ The line (part of the rejected incomming ) ... NOQUEUE: reject: RCPT from unknown[193.172.8.206]: 554 5.7.1 <sweeper.stater.com> More consistant would be : unknown([193.172.8.206]): 554 5.7.1 <sweeper.stater.com> Or with correct A/PTR but incorrect helo unknown(sweeper2.stater.com[193.172.8.206]): 554 5.7.1 <sweeper.stater.com> You see the small () changes all together.. : unknown[193.172.8.206]: 554 5.7.1 <sweeper.stater.com> unknown([193.172.8.206]): 554 5.7.1 <sweeper.stater.com> unknown(sweeper2.stater.com[193.172.8.206]): 554 5.7.1 <sweeper.stater.com> To many people are confused by the “unknown” since it can be 2 things: Unknown CLIENT hostname Unknown HELO hostname Which give discusions on the fixes. Also what i dont get here is the postfix message . NOQUEUE: reject: RCPT from unknown[193.172.8.206]: The “unknown”, i can understand that since, its the helo hostname but where is the hostname for the CLIENT. ( since A and PTR exist for the IP. ) And it did resolved about 13 min before so i would expect to see something like : unknown (sweeper2.stater.com[193.172.8.206]) Is this the resolving point what Viktor pointed out? http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/net/getnameinfo.c?only_with_tag=MAIN I checked some debian source of libc6 but thats to complex for me. Now I did the same test but from my home server, which shows correcty the from helo hostname ( client hostname and ip ) Like : from mail.van-belle.nl (core.van-belle.nl [149.210.206.148]) HELO = mail.van-belle.nl with A dns record. ( and MX 10 ) CLIENT core.van-belle.nl 149.210.206.148 ( A and PTR ) I am running a caching DNS on the mail relay, also to reduce my rbl queries and it speeds up my resolving. And in the about 4 years running this way, i always encounter the same problems, same misunderstandings, same misconfiguration and same discussions about the “unknown” messages. In this case : 1) client is connecting : sweeper2.stater.com[193.172.8.206] ( A/PTR matched correctly here ) 2) helo announced : sweeper2.stater.com[193.172.8.206]:25: 250-sweeper.stater.com 3) Helo resolving fails due to missing A record in the DNS. 4) Rejection is done but with misleading info in the logs. Yes the correct message : unknown, but misleading since the unknow is the helo hostname and not the client hostname. There for im asking for a small change in the logging. As shown here by example. warning: hostname sweeper.stater.com does not resolve to address 193.172.8.206: Name or service not known A nicer waring would be: warning: helo hostname sweeper.stater.com does not resolve to address 193.172.8.206: Name or service not known and from this line : NOQUEUE: reject: RCPT from unknown[193.172.8.206]: 554 5.7.1 <sweeper.stater.com>: Helo command rejected: Host not found; from=<serviced...@stater.nl> to=<be...@bazuin.nl> proto=ESMTP helo=<sweeper.stater.com> - >: Helo command rejected: Host not found; a smal change here to : Helo command rejected: helo hostname not found; Would help a lot of people with configuration problems, this make things much more clear also in the bounce messages. Just my suggestion. Best regards, Louis