From: Noel Jones (no email)
Date: Thu Jan 29 2004 - 13:59:43 EST
On Thu, Jan 29, 2004 at 01:30:50PM -0500, Chateauneuf wrote:
> On Thu, 2004-01-29 at 13:20, Noel Jones wrote:
> > >
> > > Jan 28 09:48:56 www postfix/smtpd[19722]: warning: 68.114.207.238: hostname
> > > 68-114-207-238-rcp1.ubr1.ftrl.ks.charter.com verification failed: Host not found
> >
> > This warning is generated by postfix because the client's forward and
> reverse DNS don't match.
>
> Does that mean it matches to Sender's domain to the client's RDNS? To
> what level of precision?
> ---------
> Quality Management - A Commitment to Excellence
>
No, it does exactly what I showed in my example. This has nothing to
do with the sender's domain, only the client.
In this case, first do a lookup on the client IP
$ host 68.114.207.238
238.207.114.68.IN-ADDR.ARPA domain name pointer 68-114-207-238-rcp1.ubr1.ftrl.ks.charter.com
Now do a lookup on the name returned by client IP lookup
$ host 68-114-207-238-rcp1.ubr1.ftrl.ks.charter.com
Host not found.
There is a reverse DNS entry, but there is no matching A entry for it.
This host is therefore classified as [unknown].
Postfix logs a warning that the reverse DNS result,
68-114-207-238-rcp1.ubr1.ftrl.ks.charter.com, could not be verified
with a DNS A lookup because "Host not found". In further logs for
this connection, this host will be referred to as
unknown[68.114.207.238].
I find there are far too many otherwise legit hosts with bad DNS
information for me to use reject_unknown_client, and too many legit but
misconfigured hosts to use reject_unknown_hostname. YMMV
-- Noel Jones
|
|
|