On Nov 2, 2016, at 7:13 AM, Bill Cole <postfixlists-070...@billmail.scconsult.com> wrote: > On 2 Nov 2016, at 7:28, Karel wrote: > >>> On 2016-11-02 11:36, Wietse Venema wrote: >>>> NOQUEUE: reject: RCPT from unknown[x.x.x.x]: 450 4.7.1 Client host >>>> rejected: cannot find your hostname, [x.x.x.x] >>> >>> Note that this is a 450 status, because the name server did not reply. >>> A proper SMTP client will therefore try to deliver the email later. >> >> but looking in my logs, I see also 450 status when nameserver is >> reachable, but hostname could not be resolved (because it does not exist) >> >> In other words, from the logs I cannot tell the difference whether >> nameserver was offline, or IP simply does not resolve. > > From the man page for postconf(5): > > unknown_client_reject_code (default: 450) > The numerical Postfix SMTP server response code when a client > without valid address <=> name mapping is rejected by the > reject_unknown_client_hostname restriction. The SMTP server > always replies with 450 when the mapping failed due to a tempo- > rary error condition. > > Do not change this unless you have a complete understanding of > RFC 5321. > > You can change unknown_client_reject_code to 550 if you want to permanently > reject when you get a hard DNS resolution failure. If you only want to change > the code for better log differentiation, 451 or 455 would be arguably not > wrong alternatives to 450.
If I understand the OP correctly, what is wanted is a hard reject for "cannot find your hostname” errors which do not seem to be transient in nature, but sound like failures because a domain does not exist. I’m not sure exactly what an error like this one indicates, myself. Client host rejected: cannot find your hostname, [62.2.245.123]; from=<e-ass...@assura.ch> assura.ch is a valid domain, but it does not map to that IP address (it is 94.103.99.26). Is the OP failing to resolve it at all, or is this actually a domain/IP mismatch error? I see log lines like this in my logs: NOQUEUE: reject: RCPT from unknown[160.20.12.9]: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [160.20.12.9]; from=<important.news-*munged*@jakemorrisonmarketing.com> to=<*munged* proto=ESMTP helo=<mail.jakemorrisonmarketing.com> and have considered whether or not I would like to make those failures permanent on more than one occasion. It might be as simple as the “Cannot find your hostname” message in the OPs log makes it sounds like a search was made and failed, not like DNS was inaccessible. I expect this is some source of confusion where a message like “cannot check your hostname” might be clearer? (I don’t have any logs that mach the OPs log line as posted).
