[Dovecot] is reverse dns down ?

/dev/rob0 rob0 at gmx.co.uk
Mon May 2 18:32:20 EEST 2011


On Mon, May 02, 2011 at 10:30:44PM +1100, Voytek Eymont wrote:
> Hi guys, is that a genuine email from the list, I'm getting it 
> rejected as it's missing reverse hostname:
> 
> May 2 21:21:41 postfix/smtpd[18033]: NOQUEUE: reject: RCPT
> from unknown[194.89.34.45]: 450 4.7.1 Client host rejected:
> cannot find your reverse hostname, [194.89.34.45]; 
> from=<dovecot-bounces at dovecot.org> to=<voytek at sbt.net.au> 
> proto=ESMTP helo=<mkentta.iki.fi>
> 
> # host mkentta.iki.fi
> mkentta.iki.fi has address 194.89.34.45
> mkentta.iki.fi mail is handled by 10 mkentta.iki.fi.
> mkentta.iki.fi mail is handled by 100 smtp.menturagroup.com.
> 
> # host  194.89.34.45
> Host 45.34.89.194.in-addr.arpa. not found: 3(NXDOMAIN)

We discussed this the other day under Timo's thread about 
dovecot.org. It seems that ns.ripe.net., one of the NS hosts for 
89.194.in-addr.arpa., is not returning the PTR for 
45.34.89.194.in-addr.arpa. AFAICS the other NS hosts seem to be 
working fine, but if your resolver was unlucky enough to hit 
ns.ripe.net., you have a host with no PTR.

It's like Russian roulette with rDNS. I suspect it might be a 
casualty of DNSSEC, but I get the same "noerror" response when
querying with +dnssec and +nodnssec.

At this point those who use the normally safe and reasonable 
reject_unknown_reverse_client_hostname restriction should consider 
whitelisting mkentta.iki.fi[194.89.34.45] in the MTA.

And Timo needs to scream louder at the ISP. ;)
-- 
    Offlist mail to this address is discarded unless
    "/dev/rob0" or "not-spam" is in Subject: header


More information about the dovecot mailing list