[CentOS] postfix - reject of incoming mail due to helo check??
Ned Slider
ned at unixmail.co.uk
Thu Feb 2 15:39:15 UTC 2012
On 02/02/12 10:01, Rob Kampen wrote:
> Hi list,
> I have been getting the following types of log messages
>
> Jan 30 08:22:33 ndgonline postfix/smtpd[30538]: NOQUEUE: reject: RCPT
> from unknown[71.46.229.50]: 450 4.7.1 Client host rejected: cannot find
> your hostname, [71.46.229.50]; from=<DWoodman at orangebankfl.com>
> to=<rkampen at ndgonline.net> proto=ESMTP helo=<mail.floridianbank.com>
>
> a rdns check shows all is well with 71.46.229.50 - it belongs to the
> from senders domain name.
>
> ;; ANSWER SECTION:
> 50.229.46.71.in-addr.arpa. 777 IN PTR mail2.orangebankfl.com.
>
> It seems it is being rejected due to the helo domain name - which does
> not have a correct rdns.
>
No, the error is:
Client host rejected: cannot find your hostname, [71.46.229.50]
<snip>
>
> smtpd_sender_restrictions =
> permit_mynetworks,
> permit_sasl_authenticated,
> reject_non_fqdn_sender,
> reject_unknown_client,
> reject_unauthenticated_sender_login_mismatch,
> permit
>
and you have reject_unknown_client above.
Postfix is attempting a rDNS lookup against the client IP
[71.46.229.50], it temp failed for whatever reason (not that uncommon)
so the client is "unknown" and you rejected it accordingly.
See the Postfix documentation entry for more info:
reject_unknown_client_hostname (with Postfix < 2.3: reject_unknown_client)
Reject the request when 1) the client IP address->name mapping
fails, 2) the name->address mapping fails, or 3) the name->address
mapping does not match the client IP address.
This is a stronger restriction than the
reject_unknown_reverse_client_hostname feature, which triggers only
under condition 1) above.
The unknown_client_reject_code parameter specifies the response
code for rejected requests (default: 450). The reply is always 450 in
case the address->name or name->address lookup failed due to a temporary
problem.
I would recommend removing reject_unknown_client from your
smtpd_sender_restrictions.
Hope that helps.
More information about the CentOS
mailing list