1

I have bumped into the following in my mail.log file:

May 20 21:50:46 degas postfix/smtpd[1596]: NOQUEUE: reject: RCPT from unknown[109.170.250.177]: 450 4.7.1 Client host rejected: cannot find your hostname, [109.170.250.177]; from=<***> to=<***> proto=ESMTP helo=<jamnet.jamrec.jamjobs.co.uk>

In postfix configuration the reject_unknown_client_hostname is set on smtpd_recipient_restrictions

What I find slightly baffling is that dig -x 109.170.250.177 returns a valid answer:

;; QUESTION SECTION:
;177.250.170.109.in-addr.arpa.  IN      PTR

;; ANSWER SECTION:
177.250.170.109.in-addr.arpa. 67434 IN  PTR     mail.jamjobs.co.uk.

According to the postfix documentation this is what this config option does

Reject the request when 1) the client IP address->name mapping fails, 2) the name->address mapping fails, or 3) the name->address mapping does not match the client IP address.

In this case, condition 1) is met, but condition 3) seems to cause the failure.

I could change to reject_unknown_reverse_client_hostname to fix the problem.

Would you suggest that my current setting is too "strong" or too "restrictive"? Should I normally expect the announced hostname of the SMTPD client be potentially different from the IP address lookup? Is this configuration helpful protecting from spam. Currently it seems to cause too many false negatives.

mfx
  • 158
  • 1
  • 7

1 Answers1

4

You're interpreting the error wrong:

% host jamnet.jamrec.jamjobs.co.uk
Host jamnet.jamrec.jamjobs.co.uk not found: 3(NXDOMAIN)

That's your problem - the HELO/EHLO identified hostname, not the IP.

Mel
  • 206
  • 1
  • 2