Name or service not known

Discussion in 'General' started by scorpious, May 26, 2013.

  1. scorpious

    scorpious Member

    ISPConfig Version: 3.0.4.6 not upgraded yet.

    Hi All

    Hi, I am seeing this type of messages logged within the Mail Warn-Log

    May 26 07:07:43 ns1 postfix/smtpd[32422]: warning: 77.87.157.191: hostname ip-77-87-157-191.airbites.net.ua verification failed: Name or service not known
    May 26 12:31:24 ns1 postfix/smtpd[7083]: warning: 178.121.39.203: hostname mm-203-39-121-178.dynamic.pppoe.mgts.by verification failed: Name or service not known
    May 26 14:17:58 ns1 postfix/smtpd[4138]: warning: 2.135.132.131: hostname 2.135.132.131.megaline.telecom.kz verification failed: Name or service not known
    May 26 15:49:20 ns1 postfix/qmgr[1923]: warning: qmgr_active_done_3_generic: remove 881981D9A0D4 from active: No such file or directory
    May 26 16:35:42 ns1 postfix/smtpd[4157]: warning: 188.94.153.21: hostname 188-94-153-21.static.pppoe.skytelecom.kz verification failed: Name or service not known
    May 26 17:39:54 ns1 postfix/smtpd[5549]: warning: 66.6.131.88: hostname pm2-24.skyweb.net verification failed: Name or service not known

    Could someone please explain what it means as I am not sure.

    Cheers
    Scorp
     
  2. Turbanator

    Turbanator Member HowtoForge Supporter

    what setup are you running?

    chances are you have a dns issue and/or a bad setup in your postfix during some spam checking.....just guesses.
     
  3. scorpious

    scorpious Member

    Hi Turbanator

    The Perfect Server - Debian Squeeze (Debian 6.0) With BIND & Courier ISPConfig Version: 3.0.4.6

    I have used Set Up Postfix For Relaying Emails Through Another Mailserver to which was working fine for the last few months

    Cheers
    Scorp
     
  4. monkfish

    monkfish New Member

    Possibly a few spam bots there - most of the hostnames showing are styled as dynamic addresses - issued to clients by ISPs from their pool.

    They probably shouldn't be attempting to connect directly to your server.

    Part of anti-spam checks postfix is trying to lookup the hosts that are attempting to connect. This look is failing and thats what postfix is giving you a warning for.

    pm2-24.skyweb.net - no forward DNS record exists for that host, although a reverse PTR does seem to exist for 66.6.131.88.

    Here's a transcript off one of mine:

    Code:
    May 27 13:43:35 server1 postfix/smtpd[9717]: warning: 2.83.18.167: hostname bl22-18-167.dsl.telepac.pt verification failed: Name or service not known
    May 27 13:43:35 server1 postfix/smtpd[9717]: connect from unknown[2.83.18.167]
    May 27 13:43:36 server1 postfix/smtpd[9717]: NOQUEUE: reject: RCPT from unknown[2.83.18.167]: 504 5.5.2 <2.83.18.167>: Helo command rejected: need fully-qualified hostname; from=<> to=<my.email.addy> proto=SMTP helo=<2.83.18.167>
    May 27 13:43:36 server1 postfix/smtpd[9717]: lost connection after RCPT from unknown[2.83.18.167]
    Postfix tries its reverse lookup and fails. Client tries to connect anyway and whatever spam its trying to push is rejected by the box as reject_non_fqdn_hostname is set.

    The warning on its own isn't an issue - have a read of any further postfix hardening to prevent spam that you might not already have in place.
     
  5. scorpious

    scorpious Member

    Hi

    Thank you for that explanation, as I will be updating today to ISPConfig 3.0.5.2, any suggestions on how to harden Postfix, I will be reading up on hardening Postfix.

    Cheers
    Scorp
     
  6. monkfish

    monkfish New Member

    Check out settings in main.cf

    From an installation done yesterday the stock settings look like this:

    Code:
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination
    
    There are, however a number of different restriction streams that can be set. The tighter the policy the more trouble a rogue email has getting through. But the same is also true of valid emails... watch your logs!

    This page here gives a rather good description of the various postfix smtp restrictions available http://wiki.centos.org/HowTos/postfix_restrictions

    One of my dev boxes looks like this instead

    Code:
    smtpd_helo_restrictions =
      permit_mynetworks,
      permit_sasl_authenticated,
      reject_invalid_helo_hostname,
      reject_non_fqdn_helo_hostname,
    
    smtpd_sender_restrictions =
      permit_mynetworks
      permit_sasl_authenticated
      reject_non_fqdn_sender
      reject_unknown_sender_domain
    
    smtpd_recipient_restrictions =
        reject_invalid_hostname,
        reject_non_fqdn_hostname,
        reject_non_fqdn_recipient,
        reject_unknown_recipient_domain,
        reject_unauth_pipelining,
        permit_mynetworks,
        permit_sasl_authenticated,
        check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf,
        reject_unauth_destination,
        reject_rbl_client multi.uribl.com,
        reject_rbl_client dsn.rfc-ignorant.org,
        reject_rbl_client dul.dnsbl.sorbs.net,
        reject_rbl_client zen.spamhaus.org,
        reject_rbl_client bl.spamcop.net,
        reject_rbl_client cbl.abuseat.org,
        reject_rbl_client combined.rbl.msrbl.net,
        reject_rbl_client b.barracudacentral.org
    
    Watch out if you see a reference to using "reject_unknown_helo_hostname" - if this is set you may end up losing legitimate emails as quite a few mail servers out there do not identify themselves properly and fall foul of this setting. Especially servers behind NAT'd firewalls that send an "internal dns name" for a helo - cannot be resolved on the public internet.

    A few linkys here:-
    http://www.howtoforge.com/hardening-postfix-for-ispconfig-3
    http://support4hosting.wordpress.co...onfigure-postfix-with-anti-spam-blacklisting/

    For most of the restriction settings you can use "warn_if_reject" instead so although a message will be passed by the MTA an entry will be placed in maillog showing that it would have been rejected.

    Good luck with your upgrade!
     
  7. scorpious

    scorpious Member

    Hi monkfish

    Thanks again I really do appreciate your help.

    Some reading and few cups of coffee now

    Cheers
    Scorp
     

Share This Page