Re: DNS Clarification

From: Tom Allison (no email)
Date: Tue Oct 01 2002 - 21:24:04 EDT

Next message: Roger B.A. Klorese: "RE: Spam restrictions"
Previous message: Russell Mosemann: "Re: Order of evaluation?"
In reply to: Len Conrad: "Re: DNS Clarification"
Next in thread: Len Conrad: "Re: DNS Clarification"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Len Conrad wrote:
>
>> Sep 30 11:16:26 penguin postfix/smtpd[29651]: connect from
>> unknown[63.126.78.2]
>> Sep 30 11:16:26 penguin postfix/smtpd[29651]: lost connection after
>> EHLO from unknown[63.126.78.2]
>
>
> hmmm
>
>> Sep 30 11:16:26 penguin postfix/smtpd[29651]: disconnect from
>> unknown[63.126.78.2]
>> Sep 30 11:17:35 penguin postfix/smtpd[29651]: connect from
>> unknown[63.126.78.2]
>> Sep 30 11:17:35 penguin postfix/smtpd[29651]: 8080B2309E:
>> client=unknown[63.126.78.2]
>
>
> no PTR record was found for 2.78.126.63.in-addr.arpa
>
> # dig -x 63.126.78.2 ns
>
>
> # dig -x 63.126.78.2 ns
>
> ; <<>> DiG 8.3 <<>> -x ns
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
> ;; QUERY SECTION:
> ;; 2.78.126.63.in-addr.arpa, type = NS, class = IN
>
> ;; ANSWER SECTION:
> 2.78.126.63.in-addr.arpa. 5h58m53s IN CNAME 2.0.78.126.63.in-addr.arpa.
>
> but
>
> # dig 2.0.78.126.63.in-addr.arpa. ptr
>
> ; <<>> DiG 8.3 <<>> 2.0.78.126.63.in-addr.arpa. ptr
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>
>> Sep 30 11:17:35 penguin postfix/smtpd[29651]: reject: RCPT from
>> unknown[63.126.78.2]: 450 Client host rejected: cannot find your
>> hostname,
>
>
> "client" = "MTA client" to postfix's SMTPD server = 63.126.78.2
>
> Rejecting unknown clients will cause a lot of false positives. not
> recommended.
>
>> [63.126.78.2]; from=<> to=<>
>> Sep 30 11:17:40 penguin postfix/smtpd[29651]: disconnect from
>> unknown[63.126.78.2]
>
>
> what you can do is reduce forgeries with
>
> bogus_from_senders.map
>
> containing:
>
> oscillon.com reject_unknown_client
>
> ... which requires that any ip with a sender.domain of @oscillon.com
> will need to have matching PTR and A records to be accepted by postfix.
>
> Since uu NS is authoritative for .2, you´ll have to get uu to match up
> the A and PTR records.
>
> Len
>
> -
> To unsubscribe, send mail to with content
> (not subject): unsubscribe postfix-user
> s

Someone suggestiong I do this:smtpd_client_restrictions =
reject_maps_rbl check_client_access hash:/etc/postfix/access
reject_unknown_client

Where my /etc/postfix/access includes "63.126.78.2 OK"

Which I think is a little quick and dirty compared to what you
have proposed...

Thank you.

-- 
Oh, I've seen copies [of Linux Journal] around the terminal room 
at The Labs.
	-- Dennis Ritchie
-
To unsubscribe, send mail to  with content
(not subject): unsubscribe postfix-users

Next message: Roger B.A. Klorese: "RE: Spam restrictions"
Previous message: Russell Mosemann: "Re: Order of evaluation?"
In reply to: Len Conrad: "Re: DNS Clarification"
Next in thread: Len Conrad: "Re: DNS Clarification"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Invaluement Anti-Spam DNSBLs