[Dovecot] is reverse dns down ?
/dev/rob0
rob0 at gmx.co.uk
Mon May 2 18:32:20 EEST 2011
On Mon, May 02, 2011 at 10:30:44PM +1100, Voytek Eymont wrote:
> Hi guys, is that a genuine email from the list, I'm getting it
> rejected as it's missing reverse hostname:
>
> May 2 21:21:41 postfix/smtpd[18033]: NOQUEUE: reject: RCPT
> from unknown[194.89.34.45]: 450 4.7.1 Client host rejected:
> cannot find your reverse hostname, [194.89.34.45];
> from=<dovecot-bounces at dovecot.org> to=<voytek at sbt.net.au>
> proto=ESMTP helo=<mkentta.iki.fi>
>
> # host mkentta.iki.fi
> mkentta.iki.fi has address 194.89.34.45
> mkentta.iki.fi mail is handled by 10 mkentta.iki.fi.
> mkentta.iki.fi mail is handled by 100 smtp.menturagroup.com.
>
> # host 194.89.34.45
> Host 45.34.89.194.in-addr.arpa. not found: 3(NXDOMAIN)
We discussed this the other day under Timo's thread about
dovecot.org. It seems that ns.ripe.net., one of the NS hosts for
89.194.in-addr.arpa., is not returning the PTR for
45.34.89.194.in-addr.arpa. AFAICS the other NS hosts seem to be
working fine, but if your resolver was unlucky enough to hit
ns.ripe.net., you have a host with no PTR.
It's like Russian roulette with rDNS. I suspect it might be a
casualty of DNSSEC, but I get the same "noerror" response when
querying with +dnssec and +nodnssec.
At this point those who use the normally safe and reasonable
reject_unknown_reverse_client_hostname restriction should consider
whitelisting mkentta.iki.fi[194.89.34.45] in the MTA.
And Timo needs to scream louder at the ISP. ;)
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
More information about the dovecot
mailing list