i’m having some trouble with my email.
i figured out that at least 2 emails were not delivered to me this weekend.
when i checked the log i found this:
Sep 7 11:46:28 SkynetServer postfix/smtpd[3929]: warning: 193.172.49.136: address not listed for hostname static.kpn.net
Sep 7 11:46:28 SkynetServer postfix/smtpd[3929]: connect from unknown[193.172.49.136]
Sep 7 11:46:29 SkynetServer postfix/smtpd[3929]: NOQUEUE: reject: RCPT from unknown[193.172.49.136]: 450 4.7.1 Client host rejected: cannot find your hostname, [193.172.49.136]; from=<GZomerdijk@deltion.nl> to=<email@arnoldnijboer.info> proto=ESMTP helo=<EXCH-02.ow.deltion.local>
Sep 7 11:46:29 SkynetServer postfix/smtpd[3929]: disconnect from unknown[193.172.49.136]
after some email contact with noc@kpn.net (netherland’s biggest telecom provider) they where able to tell me it has something to do with the reverse dns lookup. (this case , and the other email were both from a .local domain send)
buth how can i turn off the reverse dns lookup in postfix.
or is there another way (appart from contacting the sender and let them configure there reverse dns)?!
after that i asked someone to mail me from one of those email adresses that didn’t work. and it stil doesn’t work.
i also have a number of emails that are being retried so my logs are clogging up so to speak!
moet toegevoegd worden aan de file /etc/sysconfig/postfix.
Dat kan toch geen probleem zijn? Als het met gedit niet werkt, gebruik dan een andere editor. Uiteraard moet je dit doen als root, is dat misschien het probleem?.
sudo Add POSTFIX_ADD_DISABLE_DNS_LOOKUPS=yes to /etc/sysconfig/postfix
does not work.
i’ve opend /etc/sysconfig/postfix with gedit and manualy inserted the line: POSTFIX_ADD_DISABLE_DNS_LOOKUPS=yes to the bottom of the file.
duidelijker hcw?! ik had het idd niet goed verwoord.
lag niet aan sudo, ik weet wel wanneer ik sudo moet gebruiken en wanneer juist niet
indeed the line is inserted at the bottem of the postfic config file.
the weird thing is that the line suseconfig -module postfix gives an error.
i’ve tryed using just suseconfig withoud prefix. and even that gives a unknown command.
suseconfig is like a kernel program right. it’s a standard package, or do i need to install it sepparate?
and no (or yes if you please) the mail send to me by those 2 domains is still not delivered in my mail box.
I think, correct me if i’m wrong!
that the problem isn’t with me.
EXCH-02.ow.deltion.local send the email. but this is a local domain. so it resolves (rDNS) into static.kpn.net. (backbone ip from kpn.net)
this means the sender needs to modify it’s rDNS.
so lets assume above is correct. then it isn’t mine to compensate.
but since the problem occurs with multiple contacts of mine, i need to adjust in order to receive there email.
the solution is to turn off the reverse dns lookup in my postfix!
right? or does anyone has another solution?
This is the third upper/lowecase mutation in this story:
. ken_yap says: SuSEconfig
. you say: suseconfig
. I say: SuSEconfig
. you say: Suseconfig
How difficult can it be to cut what we say from the thread and paste it into your su terminal? You do not even have to read it, just cut and paste from the begin to the end. I did put it between CODE tags to make it easier than easy.
Now about the domain. I do not know who puts that domain where in the mail, but that domain does not exist on the Internet at all.
When I look into the info that accompanies a mail, I can indeed see that a mail from my wife (on another system in the LAN, but the mail goes via our provider) originated on her system in our local domain. So that is not the one to be tested because then no mails would ever be excepted from all those people having a local domain. But this is all theoretical. As long as you can not execute the advice ken_yap gave you we never will know if it helps.
about you’re upper and lower case trust me i’ve typed it just like you said.
and that copy paste does not work, cause my server runs on a virtual machine (and no i do not have a browser installed on my web/mail server…)
i’m sorry for my mistyping i maent SuSeconfig. just like you said.
i even put a : behind it i’m not sure if it sits there or behind the bash: but it’s about the general idee. and that’s not working.
about you’re commend about the domain.
my local domain reverse to a .wanadoo.nl domain.
but if i send an email with @skynetserver.arnoldnijboer.local then it gets refused all over the internet. because it has no reverse dns.
It seems I was right - the disable_dns_lookups option is used to disable those checks for LAN clients which might not have a reverse dns (that’s why postfix will lookup /etc/hosts file).
Also if you would have read the link I posted from postfix google mailing list, the explanation and the 2 possible causes were there:
You seem to be confusing several restrictions here.
reject_unknown_hostname is the deprecated form, now known as
reject_unknown_helo_hostname. It attempts to resolve the HELO
hostname, rejects if that fails to resolve.
reject_unknown_reverse_client_hostname rejects if there is no PTR
for an IP address. It doesn’t enforce FCrDNS[1]. If a PTR is found,
that’s good enough.
reject_unknown_client_hostname rejects if the FCrDNS fails.
In your case, it was probably #2 or #3 in warn_if_reject mode,
because the logged message says, “Client host rejected: …” A HELO
restriction would say “HELO command rejected: …”
As clearly documented in postconf(5), reject_unknown_hostname is a deprecated
reference to reject_unknown_helo_hostname, and thus unrelated to the client
hostname. The client host above is being rejected because of
reject_unknown_client_hostname, which rejects a request when “1) the client
IP address->name mapping fails, 2) the name->address mapping fails, or 3) the
name->address mapping does not match the client IP address.”
The question is now: do you still have “proper” spam-protection rules for your postfix, e.g. greylisting, sbl/xbl, etc. or not.
The question is now: do you still have “proper” spam-protection rules for your postfix, e.g. greylisting, sbl/xbl, etc. or not.
that was indeed my question. do i have enough protection.
i’m using zen.spamhause.org as a blacklist check.
and on my server i’ve deleted the entire smtpd_client_restrictions
but, i think i can add the ldap check and some other checks and just delete the reject_unknown_client
i do get a awful lot of spam now. lucky my evolution has an excellent spam filter and i’m downloading over a local network, so speed is no problem.
and i’m downloading over a local network, so speed is no problem.