LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 07-10-2017, 11:13 AM   #1
fred2014
Member
 
Registered: Mar 2015
Posts: 70

Rep: Reputation: Disabled
Postfix random rejects as unknown address


I'm having what may be a problem with postfix.

I'm seeing random rejects with IP address unknown in the log.
I'm running centos7-final with amavisd.

When I do a manual whois the IP address is recognised
the ones I've tested have a correct rdns and are not new.
(ie well propagated)

Other mail comes through fine - it just seems to happen
on random addresses.
The "hello" listed seems correct too.

It never happens to people who regularly email me
so presumably all config is ok.

Can anyone shed any light on this please?
(Its been a long term issue - no recent changes)
 
Old 07-11-2017, 10:53 AM   #2
fred2014
Member
 
Registered: Mar 2015
Posts: 70

Original Poster
Rep: Reputation: Disabled
Further investigation shows the probable cause.

Postfix rejects as unknown IP addresses that have malformed DNS or MX records
in addition to malformed source email addresses.

It seems there are many badly configured DNS records out there.

If your mail is often ignored or bounced it may be worth checking your DNS.
 
Old 07-11-2017, 09:54 PM   #3
scasey
LQ Veteran
 
Registered: Feb 2013
Location: Tucson, AZ, USA
Distribution: CentOS 7.8.2003
Posts: 5,425

Rep: Reputation: 2054Reputation: 2054Reputation: 2054Reputation: 2054Reputation: 2054Reputation: 2054Reputation: 2054Reputation: 2054Reputation: 2054Reputation: 2054Reputation: 2054
I don't know postfix, but I have to ask: Does it, or any MTA, do rejection as described? Sending IPs do not have to have an MX record, AFAIK. MX records are for receiving IPs.
Certainly I reject many IPs, most by rejecting entire netblocks (don't try to email me from China), but my MTA's not doing it by itself.

I think we need to see some log entries, or configuration files, or rejected IPs...I don't believe that these are "native" postfix rejections (but see my first sentence). I'm also wondering what the OP means by "malformed DNS"
 
1 members found this post helpful.
Old 07-11-2017, 10:27 PM   #4
astrogeek
Moderator
 
Registered: Oct 2008
Distribution: Slackware [64]-X.{0|1|2|37|-current} ::12<=X<=14, FreeBSD_12{.0|.1}
Posts: 5,617
Blog Entries: 11

Rep: Reputation: 3655Reputation: 3655Reputation: 3655Reputation: 3655Reputation: 3655Reputation: 3655Reputation: 3655Reputation: 3655Reputation: 3655Reputation: 3655Reputation: 3655
Does your postfix config include reject_unknown_client_hostname?

Quote:
reject_unknown_client_hostname
Reject the request when 1) the client IP address->name mapping fails, 2) the name->address mapping fails, or 3) the name->address mapping does not match the client IP address.
And I agree...

Quote:
Originally Posted by scasey View Post
I think we need to see some log entries, or configuration files, or rejected IPs...I don't believe that these are "native" postfix rejections (but see my first sentence). I'm also wondering what the OP means by "malformed DNS"
Without seeing your postfix configuration and/or an actual example from your log (IP/host redacted if desired), it is impossible to provide a definitive answer.

Last edited by astrogeek; 07-11-2017 at 11:08 PM. Reason: Complete thought previously interrupted...
 
Old 07-12-2017, 07:36 AM   #5
fred2014
Member
 
Registered: Mar 2015
Posts: 70

Original Poster
Rep: Reputation: Disabled
I gave you the answer above.
You can find it in the postfix docs.
(I cant recall the page sorry)
 
Old 07-12-2017, 05:04 PM   #6
scasey
LQ Veteran
 
Registered: Feb 2013
Location: Tucson, AZ, USA
Distribution: CentOS 7.8.2003
Posts: 5,425

Rep: Reputation: 2054Reputation: 2054Reputation: 2054Reputation: 2054Reputation: 2054Reputation: 2054Reputation: 2054Reputation: 2054Reputation: 2054Reputation: 2054Reputation: 2054
Quote:
Originally Posted by fred2014 View Post
I gave you the answer above.
You can find it in the postfix docs.
(I cant recall the page sorry)
If it's not impacting your users, and you're getting no complaints, then your issue is resolved.

One can stop a lot of spam by rejecting IPs with no rDNS, for example, but if your customer has lots of customers whose mail comes from servers with no rDNS, it doesn't work to use that for spam blocking.

The other downside of applying a rule as described is that you never know what email is being rejected, so you don't know if it's important. I found out about my customer's customers because blocking email with no rDNS caused almost all their customer's email to BOUNCE, causing them to complain to my customer, who then complained to me.
 
  


Reply

Tags
ip, postfix, unknown


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Postfix rejects recipitients with IP addr used in alias. onspli Linux - Software 1 10-23-2012 01:20 AM
postfix rejects virtual user bluethundr Solaris / OpenSolaris 1 03-23-2012 03:04 PM
Don't let Postfix reply with "Recipient address rejected: User unknown in virtual mai lithos Linux - Server 3 11-25-2011 04:05 PM
Installation rejects IP address bluethumb Red Hat 3 04-19-2007 07:39 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 04:46 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration