Results 1 to 9 of 9

Thread: Inbound Emails Rejected - "cannot find your hostname"

  1. #1
    Join Date
    Apr 2010
    Posts
    58
    Rep Power
    5

    Exclamation Inbound Emails Rejected - "cannot find your hostname"

    Release 7.0.0_GA_3077.UBUNTU10_64 UBUNTU10_64 FOSS edition.

    We are having trouble receiving emails from some of our vendors, below is an example of a log entry from mail.log, with the names/ips changed to protect privacy:

    Feb 23 04:08:31 zimbra postfix/smtpd[31640]: NOQUEUE: reject: RCPT from unknown[123.123.123.123]: 450 4.7.1 Client host rejected: cannot find your hostname, [123.123.123.123]; from=<user@vendor.com> to=<user@purchasingdept.com> proto=ESMTP helo=<mx.vendor.com>

    When I first saw this error I went to the admin panel and disabled some of the protocol and hostname checks. The error still occured, and so I disabled DNS Lookups and everything under the "Protocol Checks" and "DNS Checks" section. It is still occuring. How do I fix this?

  2. #2
    Join Date
    Apr 2010
    Posts
    58
    Rep Power
    5

    Default

    I may have narrowed this down.

    When I reverse lookup the IP in question, it does point to a valid hostname, but that hostname is not in the MX record for the sender's domain. Would this cause the failure? I realize it is probably in violation of some RFC, but is there anyway to disable this check?

  3. #3
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    25

    Default

    First thing would be to set back everything as it was as you will need to perform DNS lookups if you are not relaying through an upstream SMTP server.

    Second you should ask the sender to get their IT department to fix DNS

    Third go to the Admin GUI and under Global Configuration -> MTA -> Disable the DNS checks for Unknown Hostname.

    You will need to restart the MTA so from a command prompt
    Code:
    su - zimbra
    zmmtactl stop ; zmmtactl start
    It would also be useful to post which checks you have enabled
    Code:
    zmprov gacf zimbraMtaRestriction

  4. #4
    Join Date
    Apr 2010
    Posts
    58
    Rep Power
    5

    Default

    Yes I was formulating such an email, but as this is a vendor we purchase products from, I wanted to be certain I was correct in doing so.

    I have re-enabled the DNS Lookups, but left everything else disabled except for the RBL list, below is my restriction list:

    zimbra@zimbra:~$ zmprov gacf zimbraMtaRestriction
    zimbraMtaRestriction: reject_rbl_client dsn.rfc-ignorant.org
    zimbraMtaRestriction: reject_rbl_client zen.spamhaus.org
    zimbraMtaRestriction: reject_rbl_client dul.dnsbl.sorbs.net
    zimbraMtaRestriction: reject_rbl_client bl.spamcop.net
    Could you recommend which options I should enable that would be reasonable for a corporate environment?

  5. #5
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    25

    Default

    Out of the box the following are set. You have to gauge what your SPAM levels are like against causing issues by bounced emails. You can extend the anti-spam capability in ZCS; have a search for SaneSecurity on the forum.
    Attached Images Attached Images

  6. #6
    Join Date
    Apr 2010
    Posts
    58
    Rep Power
    5

    Default

    Thank you uxbod, you are always so helpful!

    Just to confirm that this is the cause though, I never had the reject_unknown_hostname option checked. So would it be their misconfigured DNS that triggered the error? I want to make sure I don't have them correct their DNS only to have it still fail.

  7. #7
    Join Date
    Apr 2010
    Posts
    58
    Rep Power
    5

    Default

    It just dawned on me that although their DNS is not right, it couldn't be the reason Zimbra rejected it, as it would mean that no relaying at all would be allowed. Often mail gets relayed from an MTA that is not in the MX list for a particular domain. For example, I send mail all the time from 4 or 5 different domains but through the same SMTP server.

    So now I'm back to: why is Zimbra rejecting these emails when I have the 'reject_unknown_hostname' option disabled?

  8. #8
    Join Date
    Apr 2010
    Posts
    58
    Rep Power
    5

    Default

    Maybe this is the problem. Here is my output from zmprov:

    zimbra@zimbra:~$ zmprov gacf zimbraMtaRestriction
    zimbraMtaRestriction: reject_invalid_hostname
    zimbraMtaRestriction: reject_non_fqdn_sender
    zimbraMtaRestriction: reject_rbl_client dsn.rfc-ignorant.org
    zimbraMtaRestriction: reject_rbl_client zen.spamhaus.org
    zimbraMtaRestriction: reject_rbl_client dul.dnsbl.sorbs.net
    zimbraMtaRestriction: reject_rbl_client bl.spamcop.net
    But a 'postconf -n' reveals something entirely different:

    smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unlisted_recipient, reject_invalid_hostname, reject_non_fqdn_sender, reject_unknown_client, reject_unknown_sender_domain, reject_rbl_client dsn.rfc-ignorant.org, reject_rbl_client zen.spamhaus.org, reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client bl.spamcop.net, permit
    I'm guessing that since postconf has the reject_unknown_client flag set, that is why the mails are being rejected... so now the question is: Why is Zimbra not setting the postfix configuration properly?!

  9. #9
    Join Date
    Apr 2010
    Posts
    58
    Rep Power
    5

    Default

    Nothing I do seems to get Zimbra to update the config file, including changing the file permissions so that zimbra is the owner (although that throws a warning from postfix upon restart).

    How/when is this file written/updated, and why is mine not? Also notice that the line in the quote above is truncated. That was not a copy-paste error, it is actually truncated like that in the file. Something is amiss.

Similar Threads

  1. 450 Client host rejected: cannot find your hostname
    By jhoelz in forum Administrators
    Replies: 3
    Last Post: 11-16-2012, 04:22 AM
  2. Client host rejected: cannot find your hostname
    By HTR in forum Administrators
    Replies: 2
    Last Post: 12-10-2010, 06:25 AM
  3. client host rejected: cannon find your host name
    By dipeshmehta in forum Administrators
    Replies: 1
    Last Post: 11-18-2010, 12:20 AM
  4. 450 Client host rejected: cannot find your hostname
    By ljramos in forum Installation
    Replies: 6
    Last Post: 08-27-2007, 11:57 AM
  5. Replies: 12
    Last Post: 05-16-2007, 11:54 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •