On 06/03/18 19:12, jlftl wrote: > I have a server running Postfix (3.1.0-3ubuntu0.3) that has been in > production for a few months and is generally working well. However I've > been struggling to resolve an issue where some legitimate servers cannot > send inbound mail, where there appears to be an issue with the sending > server's DNS. Without a correct dns setup these servers will have problems with sending to other sites too. Are you sure these are legitimate mail servers? > > Here is an example: > > Mar 5 23:25:47 enceladus postfix/postscreen[5155]: CONNECT from > [104.37.111.105]:51876 to [x.x.x.x]:25 > Mar 5 23:25:47 enceladus postfix/postscreen[5155]: PASS OLD > [104.37.111.105]:51876 > Mar 5 23:25:47 enceladus postfix/smtpd[5159]: warning: hostname > 104-37-111-105.static.dbsintl.net does not resolve to address > 104.37.111.105: Name or service not known > Mar 5 23:25:47 enceladus postfix/smtpd[5159]: connect from > unknown[104.37.111.105] > Mar 5 23:25:47 enceladus postfix/smtpd[5159]: disconnect from > unknown[104.37.111.105] ehlo=1 mail=0/1 quit=1 commands=2/3 Looks like the mail command gave an error. > Details on the sending host: > > dig 104-37-111-105.static.dbsintl.net > > ; <<>> DiG 9.10.3-P4-Ubuntu <<>> 104-37-111-105.static.dbsintl.net > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 53175 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 4096 > ;; QUESTION SECTION: > ;104-37-111-105.static.dbsintl.net. IN A > > ;; AUTHORITY SECTION: > dbsintl.net. 60 IN SOA ns1.ral.hostedsolutions.com. > hostmaster.hostedsolutions.com. 2013061720 10800 3600 604800 604800 > > ;; Query time: 19 msec > ;; SERVER: 172.31.0.2#53(172.31.0.2) > ;; WHEN: Tue Mar 06 17:54:38 UTC 2018 > ;; MSG SIZE rcvd: 136 > > > My smptd recipient restrictions from main.cf: > > smtpd_recipient_restrictions = check_policy_service unix:private/policy-spf, > reject_unknown_recipient_domain, reject_unauth_pipelining, > permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination > > I previously had included reject_unknown_client_hostname, but removing it > seems to have no effect. That's about the only seemingly relevant thing > I've found online, and I'm really at a loss as to how to proceed. Without postconf -n it will be difficult to help, since these snippets of configuration don't provide the full picture. You probably have other restrictions set up.
> Also interesting, when attempting to register for the Postfix forum, I never > received the confirmation e-mail and had to use a backup account. I have > seen this behavior once or twice before, where the remote server connects > and then disconnects without appearing to do anything, but have no idea > where to begin troubleshooting it: > > Mar 6 17:37:13 enceladus postfix/postscreen[12658]: CONNECT from > [162.253.133.81]:53413 to [x.x.x.x]:25 > Mar 6 17:37:19 enceladus postfix/postscreen[12658]: PASS NEW > [162.253.133.81]:53413 > Mar 6 17:37:19 enceladus postfix/smtpd[12668]: connect from > n5.nabble.com[162.253.133.81] > Mar 6 17:37:19 enceladus postfix/smtpd[12668]: disconnect from > n5.nabble.com[162.253.133.81] ehlo=1 mail=0/1 rcpt=0/1 data=0/1 rset=0/1 > quit=1 commands=2/6 > > Please let me know what additional information needed to dig deeper into > these issues. Thank you! > > > > -- > Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html One thing you could try (particularly if this is a low volume server) is to look at the notify_classes setting, for example adding policy, so you can get more info on errors send back to postmaster and that may help you solve these cases. John
