HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   General (http://www.howtoforge.com/forums/forumdisplay.php?f=25)
-   -   Name or service not known (http://www.howtoforge.com/forums/showthread.php?t=61979)

scorpious 26th May 2013 21:00

Name or service not known
 
ISPConfig Version: 3.0.4.6 not upgraded yet.

Hi All

Hi, I am seeing this type of messages logged within the Mail Warn-Log

May 26 07:07:43 ns1 postfix/smtpd[32422]: warning: 77.87.157.191: hostname ip-77-87-157-191.airbites.net.ua verification failed: Name or service not known
May 26 12:31:24 ns1 postfix/smtpd[7083]: warning: 178.121.39.203: hostname mm-203-39-121-178.dynamic.pppoe.mgts.by verification failed: Name or service not known
May 26 14:17:58 ns1 postfix/smtpd[4138]: warning: 2.135.132.131: hostname 2.135.132.131.megaline.telecom.kz verification failed: Name or service not known
May 26 15:49:20 ns1 postfix/qmgr[1923]: warning: qmgr_active_done_3_generic: remove 881981D9A0D4 from active: No such file or directory
May 26 16:35:42 ns1 postfix/smtpd[4157]: warning: 188.94.153.21: hostname 188-94-153-21.static.pppoe.skytelecom.kz verification failed: Name or service not known
May 26 17:39:54 ns1 postfix/smtpd[5549]: warning: 66.6.131.88: hostname pm2-24.skyweb.net verification failed: Name or service not known

Could someone please explain what it means as I am not sure.

Cheers
Scorp

Turbanator 27th May 2013 07:30

what setup are you running?

chances are you have a dns issue and/or a bad setup in your postfix during some spam checking.....just guesses.

scorpious 27th May 2013 10:49

Hi Turbanator

The Perfect Server - Debian Squeeze (Debian 6.0) With BIND & Courier ISPConfig Version: 3.0.4.6

I have used Set Up Postfix For Relaying Emails Through Another Mailserver to which was working fine for the last few months

Cheers
Scorp

monkfish 27th May 2013 15:51

Possibly a few spam bots there - most of the hostnames showing are styled as dynamic addresses - issued to clients by ISPs from their pool.

They probably shouldn't be attempting to connect directly to your server.

Part of anti-spam checks postfix is trying to lookup the hosts that are attempting to connect. This look is failing and thats what postfix is giving you a warning for.

pm2-24.skyweb.net - no forward DNS record exists for that host, although a reverse PTR does seem to exist for 66.6.131.88.

Here's a transcript off one of mine:

Code:

May 27 13:43:35 server1 postfix/smtpd[9717]: warning: 2.83.18.167: hostname bl22-18-167.dsl.telepac.pt verification failed: Name or service not known
May 27 13:43:35 server1 postfix/smtpd[9717]: connect from unknown[2.83.18.167]
May 27 13:43:36 server1 postfix/smtpd[9717]: NOQUEUE: reject: RCPT from unknown[2.83.18.167]: 504 5.5.2 <2.83.18.167>: Helo command rejected: need fully-qualified hostname; from=<> to=<my.email.addy> proto=SMTP helo=<2.83.18.167>
May 27 13:43:36 server1 postfix/smtpd[9717]: lost connection after RCPT from unknown[2.83.18.167]

Postfix tries its reverse lookup and fails. Client tries to connect anyway and whatever spam its trying to push is rejected by the box as reject_non_fqdn_hostname is set.

The warning on its own isn't an issue - have a read of any further postfix hardening to prevent spam that you might not already have in place.

scorpious 28th May 2013 11:36

Hi

Thank you for that explanation, as I will be updating today to ISPConfig 3.0.5.2, any suggestions on how to harden Postfix, I will be reading up on hardening Postfix.

Cheers
Scorp

monkfish 28th May 2013 12:05

Check out settings in main.cf

From an installation done yesterday the stock settings look like this:

Code:

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination
There are, however a number of different restriction streams that can be set. The tighter the policy the more trouble a rogue email has getting through. But the same is also true of valid emails... watch your logs!

This page here gives a rather good description of the various postfix smtp restrictions available http://wiki.centos.org/HowTos/postfix_restrictions

One of my dev boxes looks like this instead

Code:

smtpd_helo_restrictions =
  permit_mynetworks,
  permit_sasl_authenticated,
  reject_invalid_helo_hostname,
  reject_non_fqdn_helo_hostname,

smtpd_sender_restrictions =
  permit_mynetworks
  permit_sasl_authenticated
  reject_non_fqdn_sender
  reject_unknown_sender_domain

smtpd_recipient_restrictions =
    reject_invalid_hostname,
    reject_non_fqdn_hostname,
    reject_non_fqdn_recipient,
    reject_unknown_recipient_domain,
    reject_unauth_pipelining,
    permit_mynetworks,
    permit_sasl_authenticated,
    check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf,
    reject_unauth_destination,
    reject_rbl_client multi.uribl.com,
    reject_rbl_client dsn.rfc-ignorant.org,
    reject_rbl_client dul.dnsbl.sorbs.net,
    reject_rbl_client zen.spamhaus.org,
    reject_rbl_client bl.spamcop.net,
    reject_rbl_client cbl.abuseat.org,
    reject_rbl_client combined.rbl.msrbl.net,
    reject_rbl_client b.barracudacentral.org

Watch out if you see a reference to using "reject_unknown_helo_hostname" - if this is set you may end up losing legitimate emails as quite a few mail servers out there do not identify themselves properly and fall foul of this setting. Especially servers behind NAT'd firewalls that send an "internal dns name" for a helo - cannot be resolved on the public internet.

A few linkys here:-
http://www.howtoforge.com/hardening-...or-ispconfig-3
http://support4hosting.wordpress.com...-blacklisting/

For most of the restriction settings you can use "warn_if_reject" instead so although a message will be passed by the MTA an entry will be placed in maillog showing that it would have been rejected.

Good luck with your upgrade!

scorpious 28th May 2013 12:57

Hi monkfish

Thanks again I really do appreciate your help.

Some reading and few cups of coffee now

Cheers
Scorp


All times are GMT +2. The time now is 07:32.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.