|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: "reject_unknown_reverse_client_hostname" bouncing mail when name server is down
From: Jordan Russell (jr-list-2006
quo.to)
Date: Thu Aug 24 2006 - 01:41:15 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Wietse Venema wrote:
> Jordan Russell:
>> Does an unreachable name server not count as a "temporary problem"?
>
> That depends entirely on what your SYSTEM library routines do.
>
> Don't shoot Postfix. It is only the MESSENGER.
Okay, I looked into this some more...
Postfix is expecting getnameinfo() to return EAI_AGAIN for temporary
failures. I took a look at the current getnameinfo() implementations in
glibc and FreeBSD's libc, and found that neither return EAI_AGAIN for
any reason. Rather, when they fail to retrieve a name, they return
EAI_NONAME regardless of whether the failure is permanent or temporary
in nature. See:
http://sources.redhat.com/cgi-bin/cvsweb.cgi/libc/inet/getnameinfo.c?rev=1.34&content-type=text/x-cvsweb-markup&cvsroot=glibc
and
http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libc/net/getnameinfo.c?rev=1.17.2.1&content-type=text/x-cvsweb-markup
Therefore, on Linux and BSD, failures to contact name servers during
reverse lookups are always treated as permanent failures by Postfix.
gethostbyaddr(), however, does return distinct codes for temporary and
permanent failures. I hacked sockaddr_to_hostname() in util/myaddrinfo.c
to always use the "EMULATE_IPV4_ADDRINFO" version, and
"reject_unknown_reverse_client_hostname" now returns a 450 response when
the name server is down.
Is there any real advantage to using getnameinfo() in place of
gethostbyaddr(), apart from the transparent IPv6 support?
--
Jordan Russell
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]