OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: Postfix log warning

From: Brian Evans - Postfix List (grknightscent-team.com)
Date: Tue Aug 05 2008 - 14:12:16 CDT

Ken Hathaway wrote:
>
> First off I don't think this is a postfix problem. I'm hoping someone
> here has seen something similar and can help me out. Google so far has
> turned up nothing for me. :(
>
> I get this same warning from gmail, yahoo & live. The email goes
> straight the the junk email folder on all of these systems. :( Makes
> me very unhappy.
>
> Log snippet: (74.86.26.64 <http://74.86.26.64> spellwellinc.com
> <http://spellwellinc.com> is my server)
>
> Aug 4 16:55:03 swi postfix/smtpd[23275]: warning: 74.86.26.64
> <http://74.86.26.64>: address not listed for hostname spellwellinc.com
> <http://spellwellinc.com>
> Aug 4 16:55:03 swi postfix/smtpd[23275]: connect from
> unknown[74.86.26.64 <http://74.86.26.64>]
> Aug 4 16:55:03 swi postfix/smtpd[23275]: 03377BDCC2:
> client=unknown[74.86.26.64 <http://74.86.26.64>]
> Aug 4 16:55:03 swi postfix/cleanup[23278]: 03377BDCC2:
> message-id=<20080804_165503_084218.supportspellwellinc.com
> <mailto:20080804_165503_084218.supportspellwellinc.com> (Spell Well
> Inc. Password Reset)>
> Aug 4 16:55:03 swi postfix/qmgr[66310]: 03377BDCC2:
> from=<supportspellwellinc.com <mailto:supportspellwellinc.com>>,
> size=1193, nrcpt=1 (queue active)
> Aug 4 16:55:03 swi postfix/smtpd[23275]: disconnect from
> unknown[74.86.26.64 <http://74.86.26.64>]
> Aug 4 16:55:04 swi postfix/smtp[23279]: 03377BDCC2:
> to=<someusergmail.com <mailto:someusergmail.com>>,
> relay=gmail-smtp-in.l.google.com
> <http://gmail-smtp-in.l.google.com>[64.233.185.27
> <http://64.233.185.27>]:25, delay=1.4, delays=0.11/0.01/0.09/1.2,
> dsn=2.0.0, status=sent (250 2.0.0 OK 1217868904 l43si10712889wrl.17)
> Aug 4 16:55:04 swi postfix/qmgr[66310]: 03377BDCC2: removed
>
> I assume the warning: 27.86.26.64 <http://27.86.26.64>: address not
> listed message if from the far end. I check DNS and see PTR is there.
> Then check dig -x

Postfix smtpd uses gethostbyaddr() and gethostbyname() system libraries.
Here's a great post by Wietse from the archives to see what Postfix
sees: http://archives.neohapsis.com/archives/postfix/2001-02/1165.html
This should help you debug a bit more.

If that turns up nothing interesting, someone more knowledgeable than me
can help further.

> I must have something screwed up in DNS but can't find it. I can post
> my zone file if that helps. Anyone out there that can toss me a bone?
>
> I'm only using postfix for outgoing mail. No incoming.
>
> Just in case someone thinks my postconf might help.
>
> root: postconf -n
[...]
> mydestination = $myhostname, localhost.$mydomain, localhost
myhostname is default. Hard to tell what it is from this output.
'postconf -d myhostname' may help you know what postfix is using.

> smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks

This line is useless as everything permits (implied permit at the end).

Brian