Postfix: forced reverse lookup for incoming connections

Question

I see following maillog records when new mail comes to server

connect from unknown [209.85.223.195]
client=unknown[209.85.223.195]

But that IP address is GMail IP and it has valid PTR-record which points to mail-io0-f195.google.com My main.cf is here

resolv.conf content for Postfix listed below

# Generated by NetworkManager
  nameserver 8.8.8.8
  nameserver 8.8.4.4
  nameserver [hosting_dns_servers_here]
 # NOTE: the libc resolver may not support more than 3 nameservers.
 # The nameservers listed below may not be recognized.
   nameserver 1.1.1.1
   nameserver 1.0.0.1
   nameserver 77.88.8.8
   nameserver 77.88.8.1

So, how can I force Postfix to make reverse lookup and logs a domain name of mailserver not IP address? I'm running CentOS 7.4

P.S. Postix "chained" in chroot

You should pick one set of DNS servers and use them exclusively. Mixing up between Google's, CloudFlare's and Yandex's DNS servers, and even the ones from your hosting provider, means that you can't tell where the problem is coming from. — Michael Hampton, May 11 '18 at 16:23
@MichaelHampton, I had already tried this, but there is no effect. Is postfix in general can send reverse lookup query by it design? — Twissell, May 11 '18 at 18:15
Yes, Postfix can do this. I tested this on Debian Wheezy, but with different config. So, I'm digging to direction of DNS configuration and _smtp_host_lookup_ parametr — Twissell, May 11 '18 at 18:51

score 1 · Answer 1 · answered May 11 '18 at 15:39

1

Try changing smtp_host_lookup to dns instead of your current dns,native. I'd like to refer you to the manual for further information.

answered May 11 '18 at 15:39

Yvan

153
6

No, unfortunately, it doesn't work. I've just check your suggestion. – Twissell May 11 '18 at 16:17
What does it tell you know @Twissell ? – Yvan May 11 '18 at 20:55
There is no new messages and no changes. Just _unknown_ and IP was written in the log. I guess it's some kind of internal issue of my VDS provider – Twissell May 12 '18 at 04:58

score 1 · Accepted Answer · edited Jun 25 '18 at 19:49

1

The issue was caused by Postfix in chroot mode. Almost the same problem was described earlier for Ubuntu.

You need to copy libraries needed for reverse lookup name resolution inside the chroot, e.g.

sudo cp -vl /usr/lib64/libnss_* /var/spool/postfix/lib64

edited Jun 25 '18 at 19:49

Esa Jokinen

46,944
3
83
129

answered May 14 '18 at 22:43

Twissell

70
1
13

As this solution is **only for chroot** environments, I reordered your answer a bit, if you don't mind. This way it might be more useful for others in the future. +1 for a good self-answer. – Esa Jokinen Jun 25 '18 at 19:50
OK, thanks! There is no problem about your correction. – Twissell Jun 27 '18 at 04:15

Postfix: forced reverse lookup for incoming connections

2 Answers2