Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 26th May 2013, 21:00
scorpious scorpious is offline
Member
 
Join Date: Jan 2011
Posts: 31
Thanks: 1
Thanked 3 Times in 3 Posts
Default Name or service not known

ISPConfig Version: 3.0.4.6 not upgraded yet.

Hi All

Hi, I am seeing this type of messages logged within the Mail Warn-Log

May 26 07:07:43 ns1 postfix/smtpd[32422]: warning: 77.87.157.191: hostname ip-77-87-157-191.airbites.net.ua verification failed: Name or service not known
May 26 12:31:24 ns1 postfix/smtpd[7083]: warning: 178.121.39.203: hostname mm-203-39-121-178.dynamic.pppoe.mgts.by verification failed: Name or service not known
May 26 14:17:58 ns1 postfix/smtpd[4138]: warning: 2.135.132.131: hostname 2.135.132.131.megaline.telecom.kz verification failed: Name or service not known
May 26 15:49:20 ns1 postfix/qmgr[1923]: warning: qmgr_active_done_3_generic: remove 881981D9A0D4 from active: No such file or directory
May 26 16:35:42 ns1 postfix/smtpd[4157]: warning: 188.94.153.21: hostname 188-94-153-21.static.pppoe.skytelecom.kz verification failed: Name or service not known
May 26 17:39:54 ns1 postfix/smtpd[5549]: warning: 66.6.131.88: hostname pm2-24.skyweb.net verification failed: Name or service not known

Could someone please explain what it means as I am not sure.

Cheers
Scorp
Reply With Quote
Sponsored Links
  #2  
Old 27th May 2013, 07:30
Turbanator Turbanator is offline
Senior Member
 
Join Date: Jun 2008
Posts: 220
Thanks: 23
Thanked 16 Times in 16 Posts
Default

what setup are you running?

chances are you have a dns issue and/or a bad setup in your postfix during some spam checking.....just guesses.
Reply With Quote
  #3  
Old 27th May 2013, 10:49
scorpious scorpious is offline
Member
 
Join Date: Jan 2011
Posts: 31
Thanks: 1
Thanked 3 Times in 3 Posts
Default

Hi Turbanator

The Perfect Server - Debian Squeeze (Debian 6.0) With BIND & Courier ISPConfig Version: 3.0.4.6

I have used Set Up Postfix For Relaying Emails Through Another Mailserver to which was working fine for the last few months

Cheers
Scorp
Reply With Quote
  #4  
Old 27th May 2013, 15:51
monkfish monkfish is offline
HowtoForge Supporter
 
Join Date: Mar 2013
Posts: 106
Thanks: 9
Thanked 15 Times in 14 Posts
Default

Possibly a few spam bots there - most of the hostnames showing are styled as dynamic addresses - issued to clients by ISPs from their pool.

They probably shouldn't be attempting to connect directly to your server.

Part of anti-spam checks postfix is trying to lookup the hosts that are attempting to connect. This look is failing and thats what postfix is giving you a warning for.

pm2-24.skyweb.net - no forward DNS record exists for that host, although a reverse PTR does seem to exist for 66.6.131.88.

Here's a transcript off one of mine:

Code:
May 27 13:43:35 server1 postfix/smtpd[9717]: warning: 2.83.18.167: hostname bl22-18-167.dsl.telepac.pt verification failed: Name or service not known
May 27 13:43:35 server1 postfix/smtpd[9717]: connect from unknown[2.83.18.167]
May 27 13:43:36 server1 postfix/smtpd[9717]: NOQUEUE: reject: RCPT from unknown[2.83.18.167]: 504 5.5.2 <2.83.18.167>: Helo command rejected: need fully-qualified hostname; from=<> to=<my.email.addy> proto=SMTP helo=<2.83.18.167>
May 27 13:43:36 server1 postfix/smtpd[9717]: lost connection after RCPT from unknown[2.83.18.167]
Postfix tries its reverse lookup and fails. Client tries to connect anyway and whatever spam its trying to push is rejected by the box as reject_non_fqdn_hostname is set.

The warning on its own isn't an issue - have a read of any further postfix hardening to prevent spam that you might not already have in place.
Reply With Quote
  #5  
Old 28th May 2013, 11:36
scorpious scorpious is offline
Member
 
Join Date: Jan 2011
Posts: 31
Thanks: 1
Thanked 3 Times in 3 Posts
Thumbs up

Hi

Thank you for that explanation, as I will be updating today to ISPConfig 3.0.5.2, any suggestions on how to harden Postfix, I will be reading up on hardening Postfix.

Cheers
Scorp
Reply With Quote
The Following User Says Thank You to scorpious For This Useful Post:
monkfish (28th May 2013)
  #6  
Old 28th May 2013, 12:05
monkfish monkfish is offline
HowtoForge Supporter
 
Join Date: Mar 2013
Posts: 106
Thanks: 9
Thanked 15 Times in 14 Posts
Default

Check out settings in main.cf

From an installation done yesterday the stock settings look like this:

Code:
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination
There are, however a number of different restriction streams that can be set. The tighter the policy the more trouble a rogue email has getting through. But the same is also true of valid emails... watch your logs!

This page here gives a rather good description of the various postfix smtp restrictions available http://wiki.centos.org/HowTos/postfix_restrictions

One of my dev boxes looks like this instead

Code:
smtpd_helo_restrictions =
  permit_mynetworks,
  permit_sasl_authenticated,
  reject_invalid_helo_hostname,
  reject_non_fqdn_helo_hostname,

smtpd_sender_restrictions =
  permit_mynetworks
  permit_sasl_authenticated
  reject_non_fqdn_sender
  reject_unknown_sender_domain

smtpd_recipient_restrictions =
    reject_invalid_hostname,
    reject_non_fqdn_hostname,
    reject_non_fqdn_recipient,
    reject_unknown_recipient_domain,
    reject_unauth_pipelining,
    permit_mynetworks,
    permit_sasl_authenticated,
    check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf,
    reject_unauth_destination,
    reject_rbl_client multi.uribl.com,
    reject_rbl_client dsn.rfc-ignorant.org,
    reject_rbl_client dul.dnsbl.sorbs.net,
    reject_rbl_client zen.spamhaus.org,
    reject_rbl_client bl.spamcop.net,
    reject_rbl_client cbl.abuseat.org,
    reject_rbl_client combined.rbl.msrbl.net,
    reject_rbl_client b.barracudacentral.org
Watch out if you see a reference to using "reject_unknown_helo_hostname" - if this is set you may end up losing legitimate emails as quite a few mail servers out there do not identify themselves properly and fall foul of this setting. Especially servers behind NAT'd firewalls that send an "internal dns name" for a helo - cannot be resolved on the public internet.

A few linkys here:-
http://www.howtoforge.com/hardening-...or-ispconfig-3
http://support4hosting.wordpress.com...-blacklisting/

For most of the restriction settings you can use "warn_if_reject" instead so although a message will be passed by the MTA an entry will be placed in maillog showing that it would have been rejected.

Good luck with your upgrade!
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
haproxy with stunnel problem abubin Server Operation 6 10th April 2012 15:08
Need help with ISPConfig Mail and Squirrelmail m.xander Installation/Configuration 109 3rd February 2012 00:15
Update bind in Debian issue jortega General 1 20th November 2011 22:10
Sites stopped working Toucan Installation/Configuration 21 3rd January 2010 23:27
dns server error Hellbound General 7 2nd August 2007 09:18


All times are GMT +2. The time now is 23:09.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.