NOQUEUE: reject_warning: RCPT from unknown[216.1.201.141]: 450 4.7.1
Client host rejected: cannot find your hostname, [216.1.201.141];
from=<Billf...@wellmissionstyle.com> to=<US...@EXAMPLE.COM>
proto=SMTP helo=<mx4.wellmissionstyle.com>
;; ANSWER SECTION:
wellmissionstyle.com. 6402 IN A 216.1.201.164
$ host 216.1.201.141
141.201.1.216.in-addr.arpa domain name pointer unite13.ufot.com.
the mailserver (I'm sure it's a spammer, but still) gives the "right"
hostname based on the domains DNS, but it's still tagged as unknown.
The rDNS is wrong, but does reject_unknown_hostname care about that?
--
Today the road all runners come/Shoulder high we bring you home.
And set you at your threshold down/Townsman of a stiller
town.
Never mind. Found the answer a few seconds after hitting send.
> $ host 216.1.201.141
> 141.201.1.216.in-addr.arpa domain name pointer unite13.ufot.com.
$ host unite13.ufot.com
Host unite13.ufot.com not found: 3(NXDOMAIN)
--
It was intended that when Newspeak had been adopted once and for
all and Oldspeak forgotten, a heretical thought...should be
literally unthinkable, at least so far as thought is dependent
on words.
$ host 216.1.201.141
Host 141.201.1.216.in-addr.arpa. not found: 3(NXDOMAIN)
... is what I get.
> the mailserver (I'm sure it's a spammer, but still) gives the
> "right" hostname based on the domains DNS, but it's still tagged
> as unknown. The rDNS is wrong, but does reject_unknown_hostname
> care about that?
You seem to be confusing several restrictions here.
1. reject_unknown_hostname is the deprecated form, now known as
reject_unknown_helo_hostname. It attempts to resolve the HELO
hostname, rejects if that fails to resolve.
2. reject_unknown_reverse_client_hostname rejects if there is no PTR
for an IP address. It doesn't enforce FCrDNS[1]. If a PTR is found,
that's good enough.
3. reject_unknown_client_hostname rejects if the FCrDNS fails.
In your case, it was probably #2 or #3 in warn_if_reject mode,
because the logged message says, "Client host rejected: ..." A HELO
restriction would say "HELO command rejected: ..."
[1] http://en.wikipedia.org/wiki/FCrDNS
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
> what exactly does "Cannot find your hostname" mean?
>
> NOQUEUE: reject_warning: RCPT from unknown[216.1.201.141]: 450 4.7.1
> Client host rejected: cannot find your hostname, [216.1.201.141];
> from=<Billf...@wellmissionstyle.com> to=<US...@EXAMPLE.COM> proto=SMTP
> helo=<mx4.wellmissionstyle.com>
>
> ;; ANSWER SECTION:
> wellmissionstyle.com. 6402 IN A 216.1.201.164
>
> $ host 216.1.201.141
> 141.201.1.216.in-addr.arpa domain name pointer unite13.ufot.com.
>
> the mailserver (I'm sure it's a spammer, but still) gives the "right"
> hostname based on the domains DNS, but it's still tagged as unknown. The
> rDNS is wrong, but does reject_unknown_hostname care about that?
As clearly documented in postconf(5), reject_unknown_hostname is a deprecated
reference to reject_unknown_helo_hostname, and thus unrelated to the client
hostname. The *client* host above is being rejected because of
reject_unknown_client_hostname, which rejects a request when "1) the client
IP address->name mapping fails, 2) the name->address mapping fails, or 3) the
name->address mapping does not match the client IP address."
In your follow-up, you already determined which one of these tests triggered
the rejection.
--
Sahil Tandon <sa...@tandon.net>
> As clearly documented in postconf(5),
How exactly does one get to that man page?
man postconf
That of course works.
man postconf(5)
-bash: syntax error near unexpected token `('
man postconf5
No manual entry for postconf5
Does this imply there are version 1, 2, 3, and 4 as well? How do I
find out?
--
Scott * If you contact me off list replace talklists@ with scott@ *
> As clearly documented in postconf(5),
How exactly does one get to that man page?
man postconf
That of course works.
man postconf(5)
-bash: syntax error near unexpected token `('
man postconf5
No manual entry for postconf5
like this..:
man 5 postconf
The number specifies the section, not version.
$ man 5 postconf
$ whereis postconf
postconf: /usr/sbin/postconf /usr/share/man/man5/postconf.5.gz
/usr/share/man/man1/postconf.1.gz
So postconf has sections 1 and 5 available.
man 5 postconf
--
Did they get you to trade your heroes for ghosts? Hot
ashes for trees? Hot air for a cool breeze? Cold comfort
for change?
Actually, I merely typoed. I do not have "reject_unknown_hostname"
smtpd_helo_restrictions = permit_mynetworks,
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname,
permit
smtpd_recipient_restrictions =
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_invalid_hostname,
permit_mynetworks,
check_client_access hash:$config_directory/pbs,
permit_sasl_authenticated,
reject_unauth_destination,
reject_unlisted_recipient,
reject_unlisted_sender,
reject_unknown_reverse_client_hostname,
warn_if_reject reject_unknown_client_hostname,
[Checks go here]
> 2. reject_unknown_reverse_client_hostname rejects if there is no PTR
> for an IP address. It doesn't enforce FCrDNS[1]. If a PTR is found,
> that's good enough.
>
> 3. reject_unknown_client_hostname rejects if the FCrDNS fails.
>
> In your case, it was probably #2 or #3 in warn_if_reject mode,
Exactly right, as you can see from above.
> because the logged message says, "Client host rejected: ..." A HELO
> restriction would say "HELO command rejected: ..."
--
Outside of a dog, a book is a man's best friend. Inside of a dog,
it's too dark to read.
> On Sep 2, 2009, at 4:07 PM, Sahil Tandon wrote:
>
>> As clearly documented in postconf(5),
>
> How exactly does one get to that man page?
> man postconf
> That of course works.
That "works" because, absent a section specification, man(1) will only
display the first manual page it finds in MANPATH.
> man postconf(5)
> -bash: syntax error near unexpected token `('
> man postconf5
> No manual entry for postconf5
The correct syntax is documented in the man(1) manpage. :-)
> Does this imply there are version 1, 2, 3, and 4 as well? How do I find
> out?
To see which manual sections contain a 'postconf' page:
% man -wa postconf
/usr/local/man/man1/postconf.1.gz
/usr/local/man/man5/postconf.5.gz
--
Sahil Tandon <sa...@tandon.net>
man man
man 5 postconf
--
xpoint