On Wed December 24 2008 10:57:01 Terry Carmen wrote:
> /dev/rob0 wrote:
> >> which are properly rejected, however I also get:
> >>
> >> NOQUEUE: reject: RCPT from unknown[202.70.195.135]:
> >> 554 5.7.1 Service unavailable; Client host [202.70.195.135]
> >> blocked using zen.spamhaus.org. To resolve this issue, please call
> >> CNY Support and ask that your IP address be whitelisted.;
> >> from=<[email protected]> to=<[email protected]>
> >> proto=ESMTP helo=<abc> lost connection after DATA (0 bytes) from
> >> unknown[202.70.195.135]
> >>
> >> Shouldn't this be rejected by
> >> reject_unknown_reverse_client_hostname
> >
> > No.
> >
> > $ dig -x 202.70.195.135
> > [snip]
> > 135.195.70.202.in-addr.arpa. 86400 IN PTR
> > 219-83-128-135.static.iolnetcom.com. $ dig
> > 219-83-128-135.static.iolnetcom.com.
> > [snip]
>
> The postifx log says:
>
> "RCPT from unknown[202.70.195.135]"
>
> Regardless of the results from dig, doesn't the above log entry mean
> that postfix is unable to find an rdns entry for this IP and that
No, in this case it means that forward confirmation of the PTR failed.
An "unknown" host in logs is still determined the same way it always
was.
Suppose I'm a bad guy (not a big leap of imagination) and I owned
202.70.195.0/24. And I set the PTR for 202.70.195.135 as
"security.cnysupport.com." Would you want your logs to say ...
"RCPT from unknown[202.70.195.135]"
... or ...
"RCPT from security.cnysupport.com[202.70.195.135]" ??
Furthermore, consider OTHER sites' logs. What would you rather us have
in our logs? Some rogue sets a PTR to your domain name, and we should
believe it? "Unknown" is the safe choice. Don't worry, the forward
confirmation failure was logged as a warning.
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
