Results 1 to 6 of 6

Thread: Erratic NOQUEUE Behavior

Hybrid View

  1. #1
    Join Date
    Oct 2005
    Posts
    12
    Rep Power
    10

    Default Erratic NOQUEUE Behavior

    In an effort to reduce spam, I recently enabled reject_unknown_hostname in Zimbra 6.04 via the admin panel. I've checked the logs to verify that this is indeed blocking a lot of spam. A few legitimate inbound emails are getting blocked with the error 450 4.7.1 Helo command rejected: Host not found;, but I handle this by maintaining a white list in postfix_recipient_restrictions.cf.

    Today I had a user contact me about a legitimate sender who was having her mail rejected with the above-noted error. When I checked the logs, I noticed that an earlier mail from the same sender had made it through. Why would postfix decide to reject the sender after an earlier email from the same sender was accepted? In checking my logs, it appears that this has happened more than once with different senders.

    In both cases, the helo host was the same. A reverse lookup shows the IP to be valid, but doesn't match the host name sent by the Helo command. Could this be a DNS timeout error?

    Following are the two entries in my logs, the first being successful and the second being rejected.

    Mar 24 09:11:17 freedomics postfix/smtpd[2927]: connect from mail.pti.cc[72.215.236.181]
    Mar 24 09:11:18 freedomics postfix/smtpd[2927]: B5B2319B065C: client=mail.pti.cc[72.215.236.181]
    Mar 24 09:11:19 freedomics amavis[18294]: (18294-16) Checking: elU+uYIZHqYP [72.215.236.181] <ACamp@ptitime.com> -> <jeremy@freedomics.com>
    Mar 24 09:11:19 freedomics postfix/smtpd[2927]: disconnect from mail.pti.cc[72.215.236.181]
    Mar 24 09:11:19 freedomics amavis[18294]: (18294-16) Passed CLEAN, [72.215.236.181] [72.215.236.181] <ACamp@ptitime.com> -> <jeremy@freedomics.com>, Message-ID: <B3C0CE4436B5FF4A8C81DCE0E048BA6B0186C732@fs3.pti.cc>, mail_id: elU+uYIZHqYP, Hits: 1.677, size: 1665, queued_as: 9BCFDDC0005, 631 ms


    Mar 24 09:23:18 freedomics postfix/smtpd[15355]: connect from mail.pti.cc[72.215.236.181]
    Mar 24 09:23:18 freedomics postfix/smtpd[15355]: NOQUEUE: reject: RCPT from mail.pti.cc[72.215.236.181]: 450 4.7.1 <fs3.pti.cc>: Helo command rejected: Host not found; from=<ACamp@ptitime.com> to=<jeremy@freedomics.com> proto=ESMTP helo=<fs3.pti.cc>
    Mar 24 09:23:18 freedomics postfix/smtpd[15355]: lost connection after RSET from mail.pti.cc[72.215.236.181]
    Mar 24 09:23:18 freedomics postfix/smtpd[15355]: disconnect from mail.pti.cc[72.215.236.181]

  2. #2
    Join Date
    Jul 2007
    Location
    Baltimore
    Posts
    1,649
    Rep Power
    11

    Default

    using my dns server

    Code:
    bdial@hercules:~> host fs3.pti.cc
    Host fs3.pti.cc not found: 3(NXDOMAIN)
    using level3's public dns server

    Code:
    bdial@hercules:~> host fs3.pti.cc 4.2.2.2
    Using domain server:
    Name: 4.2.2.2
    Address: 4.2.2.2#53
    Aliases: 
    
    Host fs3.pti.cc not found: 3(NXDOMAIN)

  3. #3
    Join Date
    Oct 2005
    Posts
    12
    Rep Power
    10

    Default

    Quote Originally Posted by bdial View Post
    using my dns server

    Code:
    bdial@hercules:~> host fs3.pti.cc
    Host fs3.pti.cc not found: 3(NXDOMAIN)
    using level3's public dns server

    Code:
    bdial@hercules:~> host fs3.pti.cc 4.2.2.2
    Using domain server:
    Name: 4.2.2.2
    Address: 4.2.2.2#53
    Aliases: 
    
    Host fs3.pti.cc not found: 3(NXDOMAIN)
    Agreed. The helo host fs3.pti.cc is not valid. It should have been rejected. Why then did postfix accept it at one point and then reject it later the same hour?

  4. #4
    Join Date
    Jul 2007
    Location
    Baltimore
    Posts
    1,649
    Rep Power
    11

    Default

    hard to say without a time machine. maybe it was valid? maybe they've screwed up their zone file? maybe you had a cached valid address? but it's definately broken right now.

  5. #5
    Join Date
    Oct 2005
    Location
    USA, Canada and India
    Posts
    777
    Rep Power
    10

    Default

    its DNS issue at your user end..if you see different DNS info on internet then that is the root of the problem.

    on the side note..this is NOT the most reliable way to stop spam connections as many many good email servers have bad DNS or during any dns changes you may get this kind of results.
    you can try GREYLISTING the zimrba server which will reject everyting by default and wait for retry, spammers dont like to retry
    moreover GREYLISTING is not prone to this kind of DNS problem and is self maintained.

    there are lots of other things you can do also to stop spam
    Improving Anti-spam system - Zimbra :: Wiki

    Raj
    i2k2 Networks
    Dedicated & Shared Zimbra Hosting Provider

  6. #6
    Join Date
    Oct 2005
    Posts
    12
    Rep Power
    10

    Default

    Thanks for your quick responses.

    I took a closer look at my logs and found a few other instances of inbound mail with the same seemingly random behavior of being rejected (450 4.7.1) or accepted.

    My guess is that there's some type of occassional error between postfix and my DNS server. I guess I'll have to turn up the log levels to see what's happening.

Similar Threads

  1. weird behavior with kmail client
    By egrasso in forum Users
    Replies: 1
    Last Post: 05-14-2013, 05:19 AM
  2. [SOLVED] Important Mta Issue!!!!!!!!
    By borngunners in forum Migration
    Replies: 2
    Last Post: 01-05-2010, 05:44 AM
  3. Calendar invites on iPhone - Behavior
    By vandehey in forum Mobility
    Replies: 1
    Last Post: 10-27-2009, 10:34 AM
  4. Address Book Screwy Behavior
    By msmcknight in forum Administrators
    Replies: 0
    Last Post: 08-09-2009, 11:04 PM
  5. Changed behavior for "canonical address" since 5.0.5
    By CrypTom in forum Administrators
    Replies: 0
    Last Post: 05-21-2008, 11:24 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •