On 12/2/22 08:08, David Dolan wrote: > On Fri, 2 Dec 2022 at 10:33, David Dolan <daithido...@gmail.com> wrote: >> Subject: Re: helo command rejected >>> From: Viktor Dukhovni <postfix-users () dukhovni ! org> >>> Date: 2022-12-01 16:56:13 >>> Message-ID: Y4jcrRxsEJPsWZVZ () straasha ! imrryr ! org >>> [Download RAW message or body] >>> >>> On Thu, Dec 01, 2022 at 04:06:30PM +0000, David Dolan wrote: >>> >>>> This is the full line: >>>> >>>> NOQUEUE: reject: RCPT from unknown[103.246.251.109]: >>>> 450 4.7.1 <wx-use2.prod.hydra.sophos.com>: >>>> Helo command rejected: Host not found; >>>> from=<#############> to=<#############> >>>> proto=ESMTP helo=<wx-use2.prod.hydra.sophos.com> >>> >>> Indeed the hostname "wx-use2.prod.hydra.sophos.com" exists and has >>> multiple IP addresses, requiring support for either TCP or EDNS with a >>> UDP buffer larger than 512 bytes Perhaps your DNS resolver or the C >>> library stub resolver are configured to limit DNS to 512 bytes of UDP >>> and also don't retry over TCP? In that case you'd get only a truncated >>> response with no answers, and have no way to recover: >>> >>> $ dig +nocmd +ignore +norecur +noedns -t a >>> wx-use2.prod.hydra.sophos.com @ns-1793.awsdns-32.co.uk >>> ;; Got answer: >>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14328 >>> ;; flags: qr aa tc; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 >>> >>> ;; QUESTION SECTION: >>> ;wx-use2.prod.hydra.sophos.com. IN A >>> >>> ;; Query time: 9 msec >>> ;; SERVER: 205.251.199.1#53(ns-1793.awsdns-32.co.uk) (UDP) >>> ;; WHEN: Thu Dec 01 11:47:53 EST 2022 >>> ;; MSG SIZE rcvd: 47 >>> >>> Are you on a MUSL libc system? IIRC there's no support for TCP in >>> MUSL's stub resolver. See, for example: >>> >>> https://news.ycombinator.com/item?id=28312935 >>> >> We do use Alpine Linux so maybe truncation is the issue? I thought it may >> have been initially but couldn't find anything confirming >> > This is from the mail relay which says it's truncated and trying tcp mode. > It does return all 33 IP addresses > dig wx-use2.prod.hydra.sophos.com > ;; Warning: Message parser reports malformed message packet. > ;; Truncated, retrying in TCP mode. > > I guess it's using the musl resolver in Alpine so we need to migrate OS to > get past this issue?
Another option would be for Postfix to use an alternate DNS library, like C-Ares, libasr, or libunbound. -- Sincerely, Demi Marie Obenour (she/her/hers)
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
