DNS Verhalten ... u.a. reject_unknown_reverse_client_hostname (postfix 3.1.0-3ubuntu0.4)

Markus Mueller-Heidelberg mamuehei at mac.com
Di Jul 6 17:48:32 CEST 2021 

Hallo Klaus,

das habe ich natürlich schon mal gemacht.

postfix/smtpd[21406]: warning: hostname mail1.bemta24.messagelabs.com does not resolve to address 67.219.250.114: Temporary failure in name resolution
postfix/smtpd[21406]: connect from unknown[67.219.250.114]
postfix/smtpd[21406]: smtp_stream_setup: maxtime=300 enable_deadline=0
postfix/smtpd[21406]: match_hostname: smtpd_client_event_limit_exceptions: unknown ~? 127.0.0.0/8
postfix/smtpd[21406]: match_hostaddr: smtpd_client_event_limit_exceptions: 67.219.250.114 ~? 127.0.0.0/8
postfix/smtpd[21406]: match_hostname: smtpd_client_event_limit_exceptions: unknown ~? [::ffff:127.0.0.0]/104
postfix/smtpd[21406]: match_hostaddr: smtpd_client_event_limit_exceptions: 67.219.250.114 ~? [::ffff:127.0.0.0]/104
postfix/smtpd[21406]: match_hostname: smtpd_client_event_limit_exceptions: unknown ~? [::1]/128
postfix/smtpd[21406]: match_hostaddr: smtpd_client_event_limit_exceptions: 67.219.250.114 ~? [::1]/128
postfix/smtpd[21406]: match_list_match: unknown: no match
postfix/smtpd[21406]: match_list_match: 67.219.250.114: no match
postfix/smtpd[21406]: send attr request = connect
postfix/smtpd[21406]: send attr ident = smtp:67.219.250.114
postfix/smtpd[21406]: private/anvil: wanted attribute: status
postfix/smtpd[21406]: input attribute name: status
postfix/smtpd[21406]: input attribute value: 0
postfix/smtpd[21406]: private/anvil: wanted attribute: count
postfix/smtpd[21406]: input attribute name: count
postfix/smtpd[21406]: input attribute value: 1
postfix/smtpd[21406]: private/anvil: wanted attribute: rate
postfix/smtpd[21406]: input attribute name: rate
postfix/smtpd[21406]: input attribute value: 1
postfix/smtpd[21406]: private/anvil: wanted attribute: (list terminator)
postfix/smtpd[21406]: input attribute name: (end)
postfix/smtpd[21406]: > unknown[67.219.250.114]: 220 spfrelay.zvei.org ESMTP
postfix/smtpd[21406]: watchdog_pat: 0x55a014a7f5f0
postfix/smtpd[21406]: < unknown[67.219.250.114]: QUIT
postfix/smtpd[21406]: > unknown[67.219.250.114]: 221 2.0.0 Bye
postfix/smtpd[21406]: match_hostname: smtpd_client_event_limit_exceptions: unknown ~? 127.0.0.0/8
postfix/smtpd[21406]: match_hostaddr: smtpd_client_event_limit_exceptions: 67.219.250.114 ~? 127.0.0.0/8
postfix/smtpd[21406]: match_hostname: smtpd_client_event_limit_exceptions: unknown ~? [::ffff:127.0.0.0]/104
postfix/smtpd[21406]: match_hostaddr: smtpd_client_event_limit_exceptions: 67.219.250.114 ~? [::ffff:127.0.0.0]/104
postfix/smtpd[21406]: match_hostname: smtpd_client_event_limit_exceptions: unknown ~? [::1]/128
postfix/smtpd[21406]: match_hostaddr: smtpd_client_event_limit_exceptions: 67.219.250.114 ~? [::1]/128
postfix/smtpd[21406]: match_list_match: unknown: no match
postfix/smtpd[21406]: match_list_match: 67.219.250.114: no match
postfix/smtpd[21406]: send attr request = disconnect
postfix/smtpd[21406]: send attr ident = smtp:67.219.250.114
postfix/smtpd[21406]: private/anvil: wanted attribute: status
postfix/smtpd[21406]: input attribute name: status
postfix/smtpd[21406]: input attribute value: 0
postfix/smtpd[21406]: private/anvil: wanted attribute: (list terminator)
postfix/smtpd[21406]: input attribute name: (end)
postfix/smtpd[21406]: disconnect from unknown[67.219.250.114] quit=1 commands=1

Aber nachdem Ralf energisch auf das “Temporary” eingegangen ist. Habe ich mich mit der Umgebung erneut auseinander gesetzt und siehe da mit abgeschalteter Hostfirewall geht es. Das werde ich untersuchen. Jedenfalls ist der Fehler weg. ;)

Danke an alle!!

Gruss
Markus

> Am 06.07.2021 um 17:28 schrieb Klaus Tachtler <klaus at tachtler.net>:
> 
> Hallo Markus,
> 
> mach doch mal folgendes
> 
> In /etc/postfix/main.cf[http://www.postfix.org/postconf.5.html], list the remote site name or address in the debug_peer_list[http://www.postfix.org/postconf.5.html#debug_peer_list] parameter. For example, in order to make the software log a lot of information to the syslog daemon for connections from or to the ... ;-) :
> 
>> /etc/postfix/main.cf:
>>     debug_peer_list =
>>>> mail1.bemta24.messagelabs.com
>> 
> 
> You can specify one or more hosts, domains, addresses or net/masks. To make the change effective immediately, execute the command "*postfix reload*".
> 
> Und dann schau Dir mal an, was da genau passiert?
> 
> 
> Grüße
> Klaus.
> 
> --
> Diese Nachricht wurde von meinem Android-Gerät mit FairMail gesendet.
> 
> 
> *Von: *Markus Mueller-Heidelberg <mamuehei at mac.com>
> *An: *postfixbuch-users at listen.jpberlin.de
> *Datum: *06.07.2021 16:38:23
> *Betreff: *DNS Verhalten ... u.a. reject_unknown_reverse_client_hostname (postfix 3.1.0-3ubuntu0.4)
> 
>> G’Day Ladies and Gentlemen,
>> 
>> ich habe eine Frage an die Postfix Gemeinde zu einem Problem bei dem ich aktuell nicht weiter komme.
>> 
>> postfix/smtpd[31198]: warning: hostname mail1.bemta24.messagelabs.com does not resolve to address 67.219.250.4: Temporary failure in name resolution
>> 
>> Ich befürchte das Thema ist schon diverse Male diskutiert worden. Aber zu meinem Problem finde ich nichts im Netz ...
>> 
>> Die Fehlermeldung besagt, dass mail1.bemta24.messagelabs.com nicht zu 67.219.250.4 passt. Das stimmt aber nicht.
>> 
>> Gibt es eine Beschränkung in der Größe des Antwortsatzes beim Postfix? Sowas hatten wir vor 20 Jahren mal bei den Cisco PIX und ASA Firewalls, dachte aber das sei Geschichte. Warum sonst könnte Postfix diese Meldung bringen? Die NS Abfrage habe ich auf dem gleichen Rechner gemacht.
>> 
>> Gruss
>> Markus
>> 
>> 
>> dig -x 67.219.250.4
>> 
>> ; <<>> DiG 9.10.3-P4-Ubuntu <<>> -x 67.219.250.4
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 824
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 1
>> 
>> ;; OPT PSEUDOSECTION:
>> ; EDNS: version: 0, flags:; udp: 4096
>> ;; QUESTION SECTION:
>> ;4.250.219.67.in-addr.arpa. IN  PTR
>> 
>> ;; ANSWER SECTION:
>> 4.250.219.67.in-addr.arpa. 2880 IN  PTR mail1.bemta24.messagelabs.com.
>> 
>> ;; AUTHORITY SECTION:
>> 250.219.67.in-addr.arpa. 58030  IN  NS  ns-1407.awsdns-47.org.
>> 250.219.67.in-addr.arpa. 58030  IN  NS  ns-1643.awsdns-13.co.uk.
>> 250.219.67.in-addr.arpa. 58030  IN  NS  ns-308.awsdns-38.com.
>> 250.219.67.in-addr.arpa. 58030  IN  NS  ns-991.awsdns-59.net.
>> 
>> ;; Query time: 0 msec
>> ;; SERVER: 213.133.100.100#53(213.133.100.100)
>> ;; WHEN: Tue Jul 06 16:26:50 CEST 2021
>> ;; MSG SIZE  rcvd: 234
>> 
>> dig mail1.bemta24.messagelabs.com.
>> 
>> ; <<>> DiG 9.10.3-P4-Ubuntu <<>> mail1.bemta24.messagelabs.com.
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1747
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 24, AUTHORITY: 4, ADDITIONAL: 1
>> 
>> ;; OPT PSEUDOSECTION:
>> ; EDNS: version: 0, flags:; udp: 4096
>> ;; QUESTION SECTION:
>> ;mail1.bemta24.messagelabs.com. IN  A
>> 
>> ;; ANSWER SECTION:
>> mail1.bemta24.messagelabs.com. 3152 IN  A 67.219.250.4
>> mail1.bemta24.messagelabs.com. 3152 IN  A 67.219.250.112
>> mail1.bemta24.messagelabs.com. 3152 IN  A 67.219.250.115
>> mail1.bemta24.messagelabs.com. 3152 IN  A 67.219.250.1
>> mail1.bemta24.messagelabs.com. 3152 IN  A 67.219.250.214
>> mail1.bemta24.messagelabs.com. 3152 IN  A 67.219.250.211
>> mail1.bemta24.messagelabs.com. 3152 IN  A 67.219.250.8
>> mail1.bemta24.messagelabs.com. 3152 IN  A 67.219.250.213
>> mail1.bemta24.messagelabs.com. 3152 IN  A 67.219.250.5
>> mail1.bemta24.messagelabs.com. 3152 IN  A 67.219.250.117
>> mail1.bemta24.messagelabs.com. 3152 IN  A 67.219.250.6
>> mail1.bemta24.messagelabs.com. 3152 IN  A 67.219.250.114
>> mail1.bemta24.messagelabs.com. 3152 IN  A 67.219.250.3
>> mail1.bemta24.messagelabs.com. 3152 IN  A 67.219.250.2
>> mail1.bemta24.messagelabs.com. 3152 IN  A 67.219.250.116
>> mail1.bemta24.messagelabs.com. 3152 IN  A 67.219.250.118
>> mail1.bemta24.messagelabs.com. 3152 IN  A 67.219.250.210
>> mail1.bemta24.messagelabs.com. 3152 IN  A 67.219.250.212
>> mail1.bemta24.messagelabs.com. 3152 IN  A 67.219.250.215
>> mail1.bemta24.messagelabs.com. 3152 IN  A 67.219.250.208
>> mail1.bemta24.messagelabs.com. 3152 IN  A 67.219.250.209
>> mail1.bemta24.messagelabs.com. 3152 IN  A 67.219.250.119
>> mail1.bemta24.messagelabs.com. 3152 IN  A 67.219.250.7
>> mail1.bemta24.messagelabs.com. 3152 IN  A 67.219.250.113
>> 
>> ;; AUTHORITY SECTION:
>> messagelabs.com.  24449 IN  NS  ns-1842.awsdns-38.co.uk.
>> messagelabs.com.  24449 IN  NS  ns-700.awsdns-23.net.
>> messagelabs.com.  24449 IN  NS  ns-106.awsdns-13.com.
>> messagelabs.com.  24449 IN  NS  ns-1113.awsdns-11.org.
>> 
>> ;; Query time: 0 msec
>> ;; SERVER: 213.133.100.100#53(213.133.100.100)
>> ;; WHEN: Tue Jul 06 16:26:53 CEST 2021
>> ;; MSG SIZE  rcvd: 579
> 
> --
> 
> ---------------------------------------
> e-Mail  : klaus at tachtler.net
> Homepage: https://www.tachtler.net
> DokuWiki: https://dokuwiki.tachtler.net
> ---------------------------------------

Mehr Informationen über die Mailingliste Postfixbuch-users