Rob Kampen wrote on Fri, 03 Feb 2012 10:08:09 +1300:
My confusion is that a reverse lookup of the IP gives me the clients
domain (dropping the mail(x) subdomain) thus I assumed it was the helo
domain name - which does not have rDNS - that was causing the reject -
maybe it was just a timing
On Fri, Feb 03, 2012 at 12:21:28PM +0100, Kai Schaetzl wrote:
many false positives. There is no definitive RFC requirement that the
mapping has to match.
But it's a standard security feature (on Solaris NFS server it was
added around 1996, I think). Without the match I could set my servers
On Fri, Feb 3, 2012 at 7:01 AM, Stephen Harris li...@spuddy.org wrote:
many false positives. There is no definitive RFC requirement that the
mapping has to match.
But it's a standard security feature (on Solaris NFS server it was
added around 1996, I think). Without the match I could set my
On Fri, Feb 03, 2012 at 08:02:32AM -0600, Les Mikesell wrote:
On Fri, Feb 3, 2012 at 7:01 AM, Stephen Harris li...@spuddy.org wrote:
a forward lookup matches. ?It is commonly considered broken for rDNS
to return a value that doesn't match forward DNS.
If you say something is broken, you
On Fri, Feb 3, 2012 at 8:14 AM, Reindl Harald h.rei...@thelounge.net wrote:
on both sides of the NAt you need a DNS with the correct mapping
the host on the other side is not interested in your NAT
it sees a IP, a HELO and DNS-Records
so it is YOUR job as admin to provide the correct HELO
On 02/02/12 21:08, Rob Kampen wrote:
On 02/03/2012 06:35 AM, Ned Slider wrote:
On 02/02/12 15:44, Giles Coochey wrote:
On 2012-02-02 15:39, Ned Slider wrote:
I would recommend removing reject_unknown_client from your
smtpd_sender_restrictions.
I think this will allow the mail through - but
On Fri, Feb 3, 2012 at 10:28 AM, Reindl Harald h.rei...@thelounge.net wrote:
it is quite easy to know the mail-flow and from what public
interface mails are going out and hwatever that ip is get
a A-Record and matching PTR and that is what myhostname
has to be set to
RFC quote, please.
--
On Fri, Feb 03, 2012 at 12:14:13PM -0600, Les Mikesell wrote:
On Fri, Feb 3, 2012 at 10:28 AM, Reindl Harald h.rei...@thelounge.net wrote:
it is quite easy to know the mail-flow and from what public
interface mails are going out and hwatever that ip is get
a A-Record and matching PTR and
On Fri, Feb 3, 2012 at 12:51 PM, Reindl Harald h.rei...@thelounge.net wrote:
a A-Record and matching PTR and that is what myhostname
has to be set to
RFC quote, please
you need A RFC to know with what IP your machines connecting outside?
who should know and write it for you?
maybe you
On Fri, Feb 03, 2012 at 08:04:31PM +0100, Reindl Harald wrote:
Am 03.02.2012 20:01, schrieb Stephen Harris:
In this, Les is correct. The RFCs merely say the HELO needs to _a_ valid
identifier for the host. Indeed this discussion was on this list back in
July (SPAM on the List) where I
On Fri, Feb 03, 2012 at 10:34:20PM +0100, Reindl Harald wrote:
Am 03.02.2012 20:58, schrieb Stephen Harris:
On Fri, Feb 03, 2012 at 08:04:31PM +0100, Reindl Harald wrote:
does not change that it is a dmaned good idea this days
to make matching A/PTR/HELO and it is EASY to do this
On Fri, Feb 03, 2012 at 11:17:29PM +0100, Reindl Harald wrote:
Am 03.02.2012 22:58, schrieb Stephen Harris:
If your mail server talks to machine with IP address 1.2.3.4 then should
it say HELO with the 10 address name or the 91 address name?
if you are not too stupid your internl view and
On Fri, Feb 03, 2012 at 11:47:06PM +0100, Reindl Harald wrote:
Am 03.02.2012 23:32, schrieb Stephen Harris:
If you're telling me that my internal mail servers must talk to each
other via the name pool-173-71-187-61.pitbpa.fios.verizon.net then...
well, never mind.
i am telling you that
Hi list,
I have been getting the following types of log messages
Jan 30 08:22:33 ndgonline postfix/smtpd[30538]: NOQUEUE: reject: RCPT
from unknown[71.46.229.50]: 450 4.7.1 Client host rejected: cannot find
your hostname, [71.46.229.50]; from=dwood...@orangebankfl.com
to=rkam...@ndgonline.net
On 02/02/2012 11:01 AM, Rob Kampen wrote:
Hi list,
I have been getting the following types of log messages
Jan 30 08:22:33 ndgonline postfix/smtpd[30538]: NOQUEUE: reject: RCPT
from unknown[71.46.229.50]: 450 4.7.1 Client host rejected: cannot find
your hostname, [71.46.229.50];
On Thu, Feb 02, 2012 at 11:01:52PM +1300, Rob Kampen wrote:
50.229.46.71.in-addr.arpa. 777INPTRmail2.orangebankfl.com.
However:
% getent hosts mail2.orangebankfl.com.
71.43.202.234 mail2.orangebankfl.com
71.46.229.50 != 71.43.202.234
Senders DNS is broken. rDNS lookup
On 02/02/12 10:01, Rob Kampen wrote:
Hi list,
I have been getting the following types of log messages
Jan 30 08:22:33 ndgonline postfix/smtpd[30538]: NOQUEUE: reject: RCPT
from unknown[71.46.229.50]: 450 4.7.1 Client host rejected: cannot find
your hostname, [71.46.229.50];
On 2012-02-02 15:39, Ned Slider wrote:
I would recommend removing reject_unknown_client from your
smtpd_sender_restrictions.
I would not recommend that, I would recommend you fix your DNS. If you
have a lot of mail throughput perhaps run a caching-DNS server or proxy
to improve performance
On 02/02/12 15:44, Giles Coochey wrote:
On 2012-02-02 15:39, Ned Slider wrote:
I would recommend removing reject_unknown_client from your
smtpd_sender_restrictions.
I would not recommend that, I would recommend you fix your DNS. If you
have a lot of mail throughput perhaps run a
On 02/02/2012 17:35, Ned Slider wrote:
On 02/02/12 15:44, Giles Coochey wrote:
On 2012-02-02 15:39, Ned Slider wrote:
I would recommend removing reject_unknown_client from your
smtpd_sender_restrictions.
I would not recommend that, I would recommend you fix your DNS. If you
have a lot of
On 02/03/2012 06:35 AM, Ned Slider wrote:
On 02/02/12 15:44, Giles Coochey wrote:
On 2012-02-02 15:39, Ned Slider wrote:
I would recommend removing reject_unknown_client from your
smtpd_sender_restrictions.
I think this will allow the mail through - but when I look at my logs
just in the
On 02/02/2012 10:08 PM, Rob Kampen wrote:
Final question for the list - does anyone use reject_unknown_client -
it has given me the most grief with legitimate clients that have poorly
administered domains.
My restrictions are:
permit_mynetworks
permit_sasl_authenticated
22 matches
Mail list logo