Results 1 to 3 of 3

Thread: mail rejected for HELO IP/fqdn mismatch, though "reject_unknown_client_hostname"=[ ]

  1. #1
    Join Date
    Mar 2013
    Posts
    5
    Rep Power
    2

    Question mail rejected for HELO IP/fqdn mismatch, though "reject_unknown_client_hostname"=[ ]

    I'm getting email rejected -- well, at least it never makes it through beyond this -- from a legitimate host:
    Code:
    	Mar  3 09:17:38 zimbra postfix/smtpd[32248]: warning: hostname mail.ultratools.com does not resolve to address 199.58.208.118
    	Mar  3 09:17:38 zimbra postfix/smtpd[32248]: connect from unknown[199.58.208.118]
    	Mar  3 09:17:38 zimbra postfix/smtpd[32248]: disconnect from unknown[199.58.208.118]
    	Mar  3 09:18:07 zimbra postfix/smtpd[32248]: warning: hostname mail.ultratools.com does not resolve to address 199.58.208.118
    	Mar  3 09:18:07 zimbra postfix/smtpd[32248]: connect from unknown[199.58.208.118]
    	Mar  3 09:18:07 zimbra postfix/smtpd[32248]: disconnect from unknown[199.58.208.118]
    Checking I get
    Code:
    	host 199.58.208.118
    		118.208.58.199.in-addr.arpa domain name pointer mail.ultratools.com.
    	host mail.ultratools.com 
    		mail.ultratools.com has address 199.58.208.117
    So I need to turn OFF the check&reject that's happening. IIUC, it's not even recommended by RFC

    Afaict, one of the settings at
    Code:
    	https://mydom.com:7071/zimbraAdmin/
    		Home -> Configure -> Global Settings -> MTA
    is supposed to do it. But my current config, with the descriptions from postfix docs for each of the items listed there, is:
    Code:
    	Protocol checks
    		[X]	Hostname in greeting violates RFC (reject_invalid_helo_hostname)
    			"Reject the request when the HELO or EHLO hostname is malformed"
    		[X]	Client must greet with a fully qualified hostname (reject_non_fqdn_helo_hostname)	
    			"Reject the request when the HELO or EHLO hostname is not in fully-qualified domain form"
    		[X]	Sender address must be fully qualified (reject_non_fqdn_sender)	
    			"Reject the request when the MAIL FROM address is not in fully-qualified domain form"
    		
    	DNS checks
    		[ ]	Client's IP address (reject_unknown_client_hostname)
    			"Reject the request when
    				1) the client IP address->name mapping fails,
    				2) the name->address mapping fails,
    				or
    				3) the name->address mapping does not match the client IP address."
    		[ ]	Hostname in greeting (reject_unknown_helo_hostname)
    			"Reject the request when the HELO or EHLO hostname has no DNS A or MX record"
    		[X]	Sender's domain (reject_unknown_sender_domain)
    			"Reject the request when Postfix is not final destination for the sender address, and the MAIL FROM domain has
    				1) no DNS A or MX record,
    				or
    				2) a malformed MX record such as a record with a zero-length MX hostname (Postfix version 2.3 and later)."
    and already *HAS* The "reject_unknown_client_hostname" DNS check *UN-CHECKED*.

    If I check gacf for all of these settings, only two seem to show up:
    Code:
    	zmprov gacf | egrep "reject_invalid_helo_hostname|reject_non_fqdn_helo_hostname|reject_non_fqdn_sender|reject_unknown_client_hostname|reject_unknown_helo_hostname|reject_unknown_sender_domain"
    		zimbraMtaRestriction: reject_non_fqdn_sender
    		zimbraMtaRestriction: reject_unknown_sender_domain
    and, specifically, NOT the one I'm looking for, reject_unknown_client_hostname

    Have I missed something in the required config? Is there some additional/other setting/config I need to stop the rejections on this check?

    darx

  2. #2
    Join Date
    Jan 2010
    Posts
    11
    Rep Power
    5

    Default

    Quote Originally Posted by darx View Post
    [ ] Client's IP address (reject_unknown_client_hostname)
    As far as I can tell, the above setting does nothing in 8.0.4. Checking it, saving and restarting doesn't show any change in zimbraMtaRestrictions or when looking at smtpd_recipient_restrictions.

    Sounds like a bug to me.

  3. #3
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Some idea of your ZCS version & release would be a good useful. Post the output of the following command (and update your forum profile with the output):

    Code:
    zmcontrol -v
    Quote Originally Posted by darx View Post
    Checking I get
    Code:
    	host 199.58.208.118
    		118.208.58.199.in-addr.arpa domain name pointer mail.ultratools.com.
    	host mail.ultratools.com 
    		mail.ultratools.com has address 199.58.208.117
    If you look at the information you've posted, the IP addresses do not match and the error message appears to be correct.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

Similar Threads

  1. Replies: 1
    Last Post: 08-27-2012, 11:12 PM
  2. Replies: 1
    Last Post: 05-22-2012, 02:59 AM
  3. Replies: 3
    Last Post: 04-02-2012, 09:06 AM
  4. Inbound Emails Rejected - "cannot find your hostname"
    By amnesia in forum Administrators
    Replies: 8
    Last Post: 02-23-2011, 09:50 AM
  5. Replies: 30
    Last Post: 12-09-2010, 04:25 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •