[prev in list] [next in list] [prev in thread] [next in thread] 

List:       postfix-users
Subject:    Re: Client host rejected
From:       Matus UHLAR - fantomas <uhlar () fantomas ! sk>
Date:       2019-11-19 20:04:42
Message-ID: 20191119200442.GA12361 () fantomas ! sk
[Download RAW message or body]

>>On Mon, 18 Nov 2019 17:23:43 +0100 Matus UHLAR - fantomas
>><uhlar@fantomas.sk> wrote:
>>>seems something is wrong with your (or maybe their) reverse DNS
>>>resolution...

>On Mon, 18 Nov 2019, siefke_listen@web.de wrote:
>>This is what I had:
>>
>>[siefke@sisi-dell ~]$ nslookup 195.128.103.214
>>214.103.128.195.in-addr.arpa	name = netcup.silviosiefke.com.

On 18.11.19 21:08, Bernardo Reino wrote:
>The question is whether your resolver can reverse-resolve the IP 
>address where the message was coming from, i.e. 81.91.160.182, and not 
>your own (of your mail server).
>
>$ dig -x 81.91.160.182
>office.denic.de.	3600	IN	A	81.91.160.182
>
>$ dig office.denic.de
>office.denic.de.	3508	IN	A	81.91.160.182

and this is, why Silvio (the OP) should not remove important content from
mail replied. I have posted exactly these ;-)
https://marc.info/?l=postfix-users&m=157409426700743&w=2

On 19.11.19 20:13, siefke_listen@web.de wrote:
>I use unbound.
>
>I have stop unbound an use the dns direct with resolv.conf.
>
>cat /etc/resolv.conf
>nameserver 46.182.19.48
>nameserver 80.241.218.68
>nameserver 2a03:b0c0:0:1010::e9a:3001
>nameserver 127.0.0.1
>search silviosiefke.com

1. unbound aka 127.0.0.1 should be the first server in resolv.conf, not the
last one. I think some resolvers don't use more than 3 servers.

2. what are those other IPs? Are they recursive servers provided by your ISP?

>Nov 19 19:58:20 netcup.silviosiefke.com postfix/smtpd[11593]: NOQUEUE:
>reject: RCPT from unknown[212.227.15.4]: 450 4.7.25 Client host rejected:
>cannot find your hostname, [212.227.15.4]; from=<siefke_listen@web.de>
>to=<webmaster@silvio-siefke.de> proto=ESMTP helo=<mout.web.de>


>dig-x 212.227.15.4
>4.15.227.212.in-addr.arpa. 14109 IN	PTR	mout.web.de.

>dig mout.web.de
...
>mout.web.de.		1800	IN	A	212.227.15.4
...
>Self with direct dns contact it will not work. There is a big mistake.

>On Tue, 19 Nov 2019 14:20:43 -0500
>Viktor Dukhovni <postfix-users@dukhovni.org> wrote:
>> Why did you stop unbound?  Presumably it provides the recursive
>> service on 127.0.0.1, which is listed below...

On 19.11.19 20:38, siefke_listen@web.de wrote:
>It work not. That's why so a line direct to nameserver and it work
>also not.

sure? "dig -x 212.227.15.4 @127.0.0.1" should show (with running unbound, of
course)

>> > Nov 19 19:58:20 netcup.silviosiefke.com postfix/smtpd[11593]: NOQUEUE:
>> > reject: RCPT from unknown[212.227.15.4]: 450 4.7.25 Client host rejected:
>> > cannot find your hostname, [212.227.15.4]; from=<siefke_listen@web.de>
>> > to=<webmaster@silvio-siefke.de> proto=ESMTP helo=<mout.web.de>

>> Is smtpd(8) chrooted?  It may be using a different set of nameservers.
>
>Yes sure I change nothing in master.cf only auth stuff. So maybe this was it.

"maybe" is not enough. if your system uses chorooted smtpd, the
/etc/resolv.conf within that chroot should contain proper 

>Nov 19 20:34:13 netcup.silviosiefke.com postfix/lmtp[16735]: 5180881406:
> to=<webmaster@silvio-siefke.de>,
> relay=netcup.silviosiefke.com[private/dovecot-lmtp], delay=1,
> delays=0.91/0.02/0.02/0.05, dsn=2.0.0, status=sent (250 2.0.0
> <webmaster@silvio-siefke.de> J/VlD7VD1F1gQQAAJFpQ3g Saved)

this is lmtp client, not smtp server, completely unrelated.

>So one question I have. Why I must change this on this server, but my
>master mail server running Debian need this change not.

perhaps your master mail server running debian has different configuration.

-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The 3 biggets disasters: Hiroshima 45, Tschernobyl 86, Windows 95
[prev in list] [next in list] [prev in thread] [next in thread]