I've got a problem that has probably more to do with the overloaded DNS of
my ISP than Postfix, but that I'm asking your advice for anyway.

I've a lot of '554 Client host rejected: cannot find your hostname' entries
in my log, and while most of those seem to be potential spammers, I also see
some false positives. Checking the false positives with host or dig does
give me a fully qualified domain name.

So, I thought timing could be a problem, so I tried to get some IP-numbers
reversed and got mostly the following two errors replied for unknown host
names:
 
Host 20.25.243.207.in-addr.arpa not found: 3(NXDOMAIN)
Host 20.25.242.207.in-addr.arpa not found: 2(SERVFAIL)

That's OK, and those hostnames should be rejected. Once in a while however,
I get the response:

;; connection timed out; no servers could be reached

Which just means (I presume) that my ISPs name servers were overloaded with
requests, and that the name could not be resolved within the specified time.

So, the final question is: can I block mail from hosts that return a
(NXDOMAIN) or (SERVFAIL), but let the hosts that time out pass?

-
To unsubscribe, send mail to majordomopostfix.org with content
(not subject): unsubscribe postfix-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]