Re: gmail reverse host issue
Thanks. I appreciate that postfix would kick out a different error. Original Message From: wie...@porcupine.org Sent: February 17, 2020 6:55 AM To: postfix-users@postfix.org Reply-to: postfix-users@postfix.org Subject: Re: gmail reverse host issue > Feb 17 06:18:10 mydomain postfix/smtpd[2619]: NOQUEUE: reject: > RCPT from unknown[209.85.219.177]: 550 5.7.1 Client host rejected: > cannot find your reverse hostname, [209.85.219.177]; > from= to= proto=ESMTP > helo= What you see IS NOT the result of Postfix timeout while it looks up a hostname with the getnameinfo() system library routine. Postfix will reply with 450 if the hostname could not be looked up (which is different from a "DOES NOT EXIST" result), as shown in the code fragment below. Postfix is very careful to avoid making that mistake. More likely your system library (see nsswitch.conf) makes the basic mistake of confusing "lookup error" with "does not exist" (solution: use a better OS), or less likely some DNS resolver is making that mistake (solution: use a better DNS resolver). Wietse static int reject_unknown_reverse_name(SMTPD_STATE *state) { const char *myname = "reject_unknown_reverse_name"; if (msg_verbose) msg_info("%s: %s", myname, state->reverse_name); if (state->reverse_name_status != SMTPD_PEER_CODE_OK) return (smtpd_check_reject(state, MAIL_ERROR_POLICY, state->reverse_name_status == SMTPD_PEER_CODE_PERM ? var_unk_client_code : 450, "4.7.1", "Client host rejected: cannot find your reverse hostname, [%s]", state->addr)); return (SMTPD_CHECK_DUNNO); }
Re: gmail reverse host issue
> Feb 17 06:18:10 mydomain postfix/smtpd[2619]: NOQUEUE: reject: > RCPT from unknown[209.85.219.177]: 550 5.7.1 Client host rejected: > cannot find your reverse hostname, [209.85.219.177]; > from= to= proto=ESMTP > helo= What you see IS NOT the result of Postfix timeout while it looks up a hostname with the getnameinfo() system library routine. Postfix will reply with 450 if the hostname could not be looked up (which is different from a "DOES NOT EXIST" result), as shown in the code fragment below. Postfix is very careful to avoid making that mistake. More likely your system library (see nsswitch.conf) makes the basic mistake of confusing "lookup error" with "does not exist" (solution: use a better OS), or less likely some DNS resolver is making that mistake (solution: use a better DNS resolver). Wietse static int reject_unknown_reverse_name(SMTPD_STATE *state) { const char *myname = "reject_unknown_reverse_name"; if (msg_verbose) msg_info("%s: %s", myname, state->reverse_name); if (state->reverse_name_status != SMTPD_PEER_CODE_OK) return (smtpd_check_reject(state, MAIL_ERROR_POLICY, state->reverse_name_status == SMTPD_PEER_CODE_PERM ? var_unk_client_code : 450, "4.7.1", "Client host rejected: cannot find your reverse hostname, [%s]", state->addr)); return (SMTPD_CHECK_DUNNO); }
Re: gmail reverse host issue
Dnia 17.02.2020 o godz. 12:33:54 Bernardo Reino pisze: > If your DNS resolving is so unreliable, I would suggest not > rejecting e-mails merely because you can't find/verify the rDNS. Or reject with 4xx instead of 5xx. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub."
Re: gmail reverse host issue
On Sun, 16 Feb 2020, li...@lazygranch.com wrote: Some gmail gets through, some doesn't. Is there a time limit on the DNS check? A google search finds several timers, but nothing specific to DNS. Log: Feb 17 06:18:10 mydomain postfix/smtpd[2619]: connect from unknown[209.85.219.177] Feb 17 06:18:10 mydomain postfix/smtpd[2619]: Anonymous TLS connection established from unknown[209.85.219.177]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) Feb 17 06:18:10 mydomain postfix/smtpd[2619]: NOQUEUE: reject: RCPT from unknown[209.85.219.177]: 550 5.7.1 Client host rejected: cannot find your reverse hostname, [209.85.219.177]; from= to= proto=ESMTP helo= Feb 17 06:18:10 mydomain postfix/smtpd[2619]: disconnect from unknown[209.85.219.177] ehlo=2 starttls=1 mail=1 rcpt=0/1 bdat=0/1 quit=1 commands=5/7 Clearly the server is legit. https://bgp.he.net/ip/209.85.219.177 AS15169 IRR Valid 209.85.128.0/17 Google LLC Are you using your own local DNS server (unbound or such) or a public one? If your DNS resolving is so unreliable, I would suggest not rejecting e-mails merely because you can't find/verify the rDNS. Cheers.
gmail reverse host issue
Some gmail gets through, some doesn't. Is there a time limit on the DNS check? A google search finds several timers, but nothing specific to DNS. Log: Feb 17 06:18:10 mydomain postfix/smtpd[2619]: connect from unknown[209.85.219.177] Feb 17 06:18:10 mydomain postfix/smtpd[2619]: Anonymous TLS connection established from unknown[209.85.219.177]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) Feb 17 06:18:10 mydomain postfix/smtpd[2619]: NOQUEUE: reject: RCPT from unknown[209.85.219.177]: 550 5.7.1 Client host rejected: cannot find your reverse hostname, [209.85.219.177]; from= to= proto=ESMTP helo= Feb 17 06:18:10 mydomain postfix/smtpd[2619]: disconnect from unknown[209.85.219.177] ehlo=2 starttls=1 mail=1 rcpt=0/1 bdat=0/1 quit=1 commands=5/7 Clearly the server is legit. https://bgp.he.net/ip/209.85.219.177 AS15169 IRR Valid 209.85.128.0/17 Google LLC