I'm using zimbra with Postfix as MTA.
I got the following error message which indicate mail rejection based on
hostname not find.
Aug 26 04:05:49 courriel postfix/smtpd[17755]: NOQUEUE: reject: RCPT
from unknown[67.210.171.12]: 450 4.7.1 Client host rejected: cannot find
your hostname, [67.210.171.12]; from=<commu...@fcm.ca>
to=<x...@domain.name.tld> proto=ESMTP helo=<smtp.fcm.ca>
However, the DNS config of the sender's mta looks good. Here are the
reverse resolution and the forward resolution:
bdube@bdube-laptop:~$ host 67.210.171.12
12.171.210.67.in-addr.arpa domain name pointer smtp.fcm.ca.
bdube@bdube-laptop:~$ host smtp.fcm.ca
smtp.fcm.ca has address 67.210.171.12
And for the MX field for this domain, I got:
bdube@bdube-laptop:~$ dig fcm.ca MX
; <<>> DiG 9.7.0-P1 <<>> fcm.ca MX
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21616
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;fcm.ca. IN MX
;; ANSWER SECTION:
fcm.ca. 900 IN MX 10 smtp.fcm.ca.
fcm.ca. 900 IN MX 40 globalb.mxsave.com.
fcm.ca. 900 IN MX 30 globala.mxsave.com.
;; Query time: 169 msec
;; SERVER: 24.200.241.37#53(24.200.241.37)
;; WHEN: Fri Aug 27 00:12:52 2010
;; MSG SIZE rcvd: 103
Then, what are the other possible causes to have this mail rejected
which are not tested by the commands I have done.
Thanks for your help.
Benoît
reject_unknown_client is known to reject legitimate mail, so you should
not use it globally/indiscriminately unless you're ok with that.
--
Best regards,
Charles
Yes, this was rejected by reject_unknown_client_hostname.
Yes, it appears the client's DNS is working correctly /now/.
The mail was deferred with a 450 code. This implies that
there was a temporary DNS error of some type. Just because
dig works now doesn't guarantee that it worked when postfix
asked earlier.
You can look in the log for warning: messages from the
postfix/smtpd[17755] process that proceed the reject message.
-- Noel Jones
> Yes, this was rejected by reject_unknown_client_hostname.
>
> Yes, it appears the client's DNS is working correctly /now/.
>
> The mail was deferred with a 450 code. This implies that there was a
> temporary DNS error of some type. Just because dig works now doesn't
> guarantee that it worked when postfix asked earlier.
If the OP isn't currently running a caching DNS resolver on his MX, I'd
suggest he do so. It helps curb many of these transient DNS lookup
failures. I installed pdns_recursor on my MX a while back and it has
helped quite a bit with issues similar to this one. Doing so also
decreases lookup latency which can increase performance a bit.
--
Stan