LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   Qmail relaying. 421 Refused. You have no reverse DNS entry. UPDATE: Spamdyke, bypass rdns by ip? (https://www.linuxquestions.org/questions/linux-server-73/qmail-relaying-421-refused-you-have-no-reverse-dns-entry-update-spamdyke-bypass-rdns-by-ip-4175440192/)

seismicmike 12-05-2012 04:37 PM
Qmail relaying. 421 Refused. You have no reverse DNS entry. UPDATE: Spamdyke, bypass rdns by ip?
 
I am trying desperately to set up my Qmail server so that my web servers can relay mail through it. Unfortunately, when the web server tries to send mail to the qmail server, it responds with "421 Refused. You have no reverse DNS entry."

I know that I do have a Reverse DNS entry for the public IP Address of the mail server, but this seems to be an entirely different animal altogether. It seems that the Qmail server is trying to look up rDNS of the web server so that it can prevent spam or whatever. Trouble is, I'm routing this mail on an internal network, so the IP won't match its public IP even if I added such a record.

I'm pulling my hair out trying to figure out how to disable this. I've tried disabling rDNS checks on port 25 by adding -H to the tcpserver command in /var/qmail/supervise/smtp/run but nothing changes.

I tried adding a line in /etc/tcprules.d/tcp.smtp to allow relaying from my internal IP. I even tried adding RBLSMTPD="" to those lines. Nothing.

I'm at a loss.

Thanks.

seismicmike 12-06-2012 07:52 AM
I've made some significant progress since I first posted this. Browsing through the log file again, I finally noticed the following:

@4000000050bfc4180fc8562c spamdyke[28133]: DENIED_RDNS_MISSING from: me@example.com to: recipient@example.com origin_ip: 10.0.0.9 origin_rdns: (unknown) auth: (unknown) encryption: (none) reason: (empty)

This put me on to spamdyke. I was then able to temporarily restore E-mail relaying by disabling the "reject-empty-dns" option. After doing this, most messages worked, but some others were being denied due to not having an MX record. This prompted me to disable the "reject-missing-sender-mx" option.

I don't like just having these options disabled as this leaves me vulnerable to spam from incoming messages. Are there any ways to configure spamdyke to completely bypass the rdns look up and the mx lookup on ip addresses that I specify? There are options in here like "ip-in-rdns-keyword-whitelist-file", but as far as I can tell, that's for whitelisting the result of the rDNS look up after you get it (i.e., considering the message as ham because it comes from a known good sender and bypassing all of the spam checks that come later).

These IPs don't have rDNS entries because they're internal, so I want spamdyke to completely skip looking up the rdns and mx records for them, but only them so that it will continue to look for rDNS and MX if the message came from outside.

Thoughts?

Thanks!


All times are GMT -5. The time now is 01:15 PM.