Re: Sender IP reverse lookup rejected
Kadlecsik József wrote: Hello, One of our users reported a rejected email with the error code and message Remote-MTA: dns; artemis.gat.com Diagnostic-Code: smtp; 550 Sender IP reverse lookup rejected We handle several domains with different outgoing smtp settings at multiple mail gateways: # /etc/postfix/master.cf wignersmtp unix - - y - - smtp -o smtp_bind_address=148.6.0.56 -o smtp_bind_address6=2001:738:5001::56 Slightly wild guess: Something about the reverse DNS entries bothers the receiving site. (Whether it's a reasonable complaint is something else entirely, and rejecting mail to postmaster@ is not very bright all on its own.) kdeugau@pod:~$ host 148.6.0.56 56.0.6.148.in-addr.arpa domain name pointer smtp.wigner.mta.hu. kdeugau@pod:~$ host smtp.wigner.mta.hu. smtp.wigner.mta.hu has address 148.6.0.58 smtp.wigner.mta.hu has address 148.6.0.56 smtp.wigner.mta.hu has address 148.6.0.57 smtp.wigner.mta.hu has IPv6 address 2001:738:5001::56 smtp.wigner.mta.hu has IPv6 address 2001:738:5001::57 smtp.wigner.mta.hu has IPv6 address 2001:738:5001::58 I would recommend giving each of those IPs a unique PTR name, and setting up matching A or records. I'm guessing they're erroring on either the multiple IPs in the forward lookup, or the mismatch between PTR and at least one forward entry. They may still fail if you have eg: 56.0.6.148.in-addr.arpa domain name pointer smtp1.wigner.mta.hu. smtp1.wigner.mta.hu has address 148.6.0.56 smtp1.wigner.mta.hu has IPv6 address 2001:738:5001::56 -kgd
Re: Sender IP reverse lookup rejected
On Wed, 14 Aug 2019, Kadlecsik József wrote: > It seems it's a persistent problem. I tried to contact the postmaster at > the other side but of course got the same reject. We'll try to contact > them via a third party. Using a third party as a relay, I got the same error message. Maybe the whole address space of .hu is blocked and the error message is just misleading. Best regards, Jozsef - E-mail : kad...@blackhole.kfki.hu, kadlecsik.joz...@wigner.mta.hu PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences H-1525 Budapest 114, POB. 49, Hungary
Re: Sender IP reverse lookup rejected
On Wed, 14 Aug 2019, Wietse Venema wrote: > Kadlecsik J?zsef: > > It seems it's a persistent problem. I tried to contact the postmaster at > > the other side but of course got the same reject. We'll try to contact > > them via a third party. > > In that case, try setting > > -o inet_protocols=ipv4 > > (or ipv6) and see if it is a specific kind of DNS that is borked. The MX of the domain has got IPv4 address only, so IPv6 is not used. We have got such a special transport for sites with advertised IPv6 addresses but broken IPv6 connection... Best regards, Jozsef - E-mail : kad...@blackhole.kfki.hu, kadlecsik.joz...@wigner.mta.hu PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences H-1525 Budapest 114, POB. 49, Hungary
Re: Sender IP reverse lookup rejected
Kadlecsik J?zsef: > It seems it's a persistent problem. I tried to contact the postmaster at > the other side but of course got the same reject. We'll try to contact > them via a third party. In that case, try setting -o inet_protocols=ipv4 (or ipv6) and see if it is a specific kind of DNS that is borked. Wietse > Thank you to remind me about smtp_delivery_status_filter, it can come > handy in other cases! > > Best regards, > Jozsef > - > E-mail : kad...@blackhole.kfki.hu, kadlecsik.joz...@wigner.mta.hu > PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt > Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences > H-1525 Budapest 114, POB. 49, Hungary >
Re: Sender IP reverse lookup rejected
On Wed, 14 Aug 2019, Wietse Venema wrote: > > One of our users reported a rejected email with the error code and > > message > > > > Remote-MTA: dns; artemis.gat.com > > Diagnostic-Code: smtp; 550 Sender IP reverse lookup rejected > > > > We handle several domains with different outgoing smtp settings at > > multiple mail gateways: > > > > # /etc/postfix/master.cf > > wignersmtp unix - - y - - smtp > > -o smtp_bind_address=148.6.0.56 > > -o smtp_bind_address6=2001:738:5001::56 > > -o smtp_helo_name=smtp.wigner.mta.hu > > -o syslog_name=postfix-wigner-smtp > > > > # /etc/postfix/main.cf > > default_transport = kfkismtp > > sender_dependent_default_transport_maps = > > hash:/etc/postfix/sender_transport > > > > # /etc/postfix/sender_transport > > @wigner.mta.hu wignersmtp: > > ... > > > > The sender address was from the @wigner.mta.hu domain and the IPv4/IPv6 > > addresses resolve to smtp.wigner.mta.hu. The HELO name is also explicitly > > set to this name. Using debug_peer_list I could verify that the wignersmtp > > transport setting is used for @wigner.mta.hu senders indeed. > > > > So, what kind of incorrect setting can the "Sender IP reverse lookup > > rejected" error message be mean? > > It could be the same problem as GMAIL, where they would do a hard reject > after a temporary error during reverse DNS lookup. > > At the time (years ago) I just turned on "-o soft_bounce=yes" for those > deliveries, so that the email would be delivered later. > > Of course, soft_bounce is not ideal; nowadays I would use > smtp_delivery_status_filter to change the 5.*.* into 4.*.* for that > specific server response. > > If the result of this is that mail stays in the queue, then > further investigation will be needed. It seems it's a persistent problem. I tried to contact the postmaster at the other side but of course got the same reject. We'll try to contact them via a third party. Thank you to remind me about smtp_delivery_status_filter, it can come handy in other cases! Best regards, Jozsef - E-mail : kad...@blackhole.kfki.hu, kadlecsik.joz...@wigner.mta.hu PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences H-1525 Budapest 114, POB. 49, Hungary
Re: Sender IP reverse lookup rejected
Kadlecsik J?zsef: > Hello, > > One of our users reported a rejected email with the error code and message > > Remote-MTA: dns; artemis.gat.com > Diagnostic-Code: smtp; 550 Sender IP reverse lookup rejected > > We handle several domains with different outgoing smtp settings at > multiple mail gateways: > > # /etc/postfix/master.cf > wignersmtp unix - - y - - smtp > -o smtp_bind_address=148.6.0.56 > -o smtp_bind_address6=2001:738:5001::56 > -o smtp_helo_name=smtp.wigner.mta.hu > -o syslog_name=postfix-wigner-smtp > > # /etc/postfix/main.cf > default_transport = kfkismtp > sender_dependent_default_transport_maps = > hash:/etc/postfix/sender_transport > > # /etc/postfix/sender_transport > @wigner.mta.hu wignersmtp: > ... > > The sender address was from the @wigner.mta.hu domain and the IPv4/IPv6 > addresses resolve to smtp.wigner.mta.hu. The HELO name is also explicitly > set to this name. Using debug_peer_list I could verify that the wignersmtp > transport setting is used for @wigner.mta.hu senders indeed. > > So, what kind of incorrect setting can the "Sender IP reverse lookup > rejected" error message be mean? It could be the same problem as GMAIL, where they would do a hard reject after a temporary error during reverse DNS lookup. At the time (years ago) I just turned on "-o soft_bounce=yes" for those deliveries, so that the email would be delivered later. Of course, soft_bounce is not ideal; nowadays I would use smtp_delivery_status_filter to change the 5.*.* into 4.*.* for that specific server response. If the result of this is that mail stays in the queue, then further investigation will be needed. Wietse
