Prev: SMTP Authentication in Luminis / iPlanet Environment
Next: lost connection after DATA Q?
From: Josh Cason on 13 May 2010 18:13
I have three servers that need to send me e-mail. Two of the servers
won't send say avast reports and what not. I get the following error

From one server:

warning: 71.39.113.15: address not listed for hostname sbs.rtgis.com

From the other server:

NOQUEUE: reject: RCPT from unknown[71.39.117.85]: 554 5.7.1 Client
host rejed: cannot find your hostname


But this is a static ip number and the mail server it is using is
mine. These are customers of ours that we monitor our servers. Now If
I put the extact ip address into mynetworks. It works. But I don't
think that is proper. Is there another override I can use based on
there ip numbers?

thanks,

Josh


--
This message has been scanned for viruses and
dangerous content by Mychoice, and is
believed to be clean.

From: Stan Hoeppner on 13 May 2010 18:51
Josh Cason put forth on 5/13/2010 5:13 PM:

> But this is a static ip number and the mail server it is using is mine.
> These are customers of ours that we monitor our servers. Now If I put
> the extact ip address into mynetworks. It works. But I don't think that
> is proper.

Why would this not be "proper"? By using IP addresses you're merely
avoiding name lookups, either via dns or a host file. If you use dns and
the name server goes down or is unreachable for any number of reasons, this
process fails. A host file is more reliable but it still adds processing
time. If you use IP addresses, the network itself has to fail or one of the
remote hosts in order to cause a problem.

There are two upsides I can think of WRT using names instead of bare IPs:

1. If the IP addresses of the remote servers change often (they probably
don't).

2. Identification purposes within your main.cf. In this case, you can just
add a remark like (#) next to the bare IP addresses

If bare IPs work, stick with them. Obviously you have some dns issues. If
this is a frequent occurrence, you should definitely use bare IPs. That
will keep this process working when you or your coworkers or provider(s)
screw up your dns.

--
Stan

From: Hannes Erven on 13 May 2010 18:53
John,


you need to properly configure the DNS entries for your systems and/or
adapt the smtpd_* restrictions on the receiving system.


> warning: 71.39.113.15: address not listed for hostname sbs.rtgis.com

$ nslookup sbs.rtgis.com
Non-authoritative answer:
Name: sbs.rtgis.com
Address: 66.232.81.14

According to DNS, sbs.rtgis.com should be at 66.232.81.14, but the
connect actually is from 71.39.113.15 . Configure that system with the
proper hostname or add the 71.... address as another A record to that DNS.


> NOQUEUE: reject: RCPT from unknown[71.39.117.85]: 554 5.7.1 Client host
> rejed: cannot find your hostname

$ nslookup 71.39.117.85
** server can't find 85.117.39.71.in-addr.arpa.: NXDOMAIN

Make sure their reverse entries are publicly available (or, as said
above, adapt the smtpd* restrictions).


HTH,
-hannes

From: mouss on 14 May 2010 04:31
Josh Cason a �crit :
> I have three servers that need to send me e-mail. Two of the servers
> won't send say avast reports and what not. I get the following error
>
> From one server:
>
> warning: 71.39.113.15: address not listed for hostname sbs.rtgis.com
>
> From the other server:
>
> NOQUEUE: reject: RCPT from unknown[71.39.117.85]: 554 5.7.1 Client host
> rejed: cannot find your hostname
>
>
> But this is a static ip number and the mail server it is using is mine.
> These are customers of ours that we monitor our servers. Now If I put
> the extact ip address into mynetworks. It works. But I don't think that
> is proper. Is there another override I can use based on there ip numbers?
>

if you add the IP to mynetworks, it will be able to relay (that is: not
only send you mail, but also send mail to anywhere via your server). if
that's your goal, then that's ok. (an alternative is to use the
submission port instead of port 25. The idea is to separate the MX role
and other roles).

if you only want to allow it to send you mail (but not relay through
your server), then do something like this:

smtpd_recipient_restrictions =
permit_mynetworks
reject_unauth_destination
check_client_access cidr:/etc/postfix/client_whitelist.cidr
#then you ant-spam checks after this

== client_whiltelist.cidr:
71.39.113.15 OK

From: Josh Cason on 15 May 2010 13:25
Thank you for the help. Let me clear up a few things. First of all
they are talking to my e-mail server but the servers we are monitoring
is the customers servers These servers have one static ip from qwest.
We have no control over that and have not asked qwest to fix the wrong
dns issue. I have tried a few dns servers and they all come back with
the wrong answer. So to make my life easy. I'm going ahead and trying
the client_whitelist.cidr with just the three ip numbers of the three
servers on the outside of my network since they are static. The only
other thing I was able to track down. Is when we moved one server from
one dsl provider to qwest. That is when that one server stopped working.

I also want to know if client_whitelist would work for another issue
I'm having with postini and postfix. I would like to tell my servers
that e-mail comming in from postini's mail server ip numbers. To not
route any mail except for mail going to the domains I host. It should
do this anyway but I read of a problem with postini that allows mail
to come in and re-route like an open relay.

Thanks,

Josh


--
This message has been scanned for viruses and
dangerous content by Mychoice, and is
believed to be clean.

 |  Next  |  Last
Pages: 1 2
Prev: SMTP Authentication in Luminis / iPlanet Environment
Next: lost connection after DATA Q?