Postfix error only with Hotmail messages

Discussion in 'ISPConfig 3 Priority Support' started by MaxT, Nov 20, 2020.

  1. MaxT

    MaxT Member HowtoForge Supporter

    I have this postfix error only with valid messages coming from hotmail servers. I don't understand the cause:
    Code:
    Nov 19 11:20:40 host postfix/smtpd[21784]: warning: hostname mail-vi1eur05olkn2092.outbound.protection.outlook.com does not resolve to address 40.92.90.92: Name or service not known
    Nov 19 11:20:40 host postfix/smtpd[21784]: connect from unknown[40.92.90.92]
    Nov 19 11:20:41 host postfix/smtpd[21784]: NOQUEUE: reject: RCPT from unknown[40.92.90.92]: 450 4.7.25 Client host rejected: cannot find your hostname, [40.92.90.92]; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<EUR05-VI1-obe.outbound.protection.outlook.com>
    
    it seems there is no problem is the host resolution:
    Code:
    # dig +noall +answer -x 40.92.90.92
    92.90.92.40.in-addr.arpa. 2631  IN      PTR     mail-vi1eur05olkn2092.outbound.protection.outlook.com.
    
    # host 40.92.90.92
    92.90.92.40.in-addr.arpa domain name pointer mail-vi1eur05olkn2092.outbound.protection.outlook.com.
    
    these are relevant sections in postfix files:
    /etc/postfix/main.cf
    Code:
    smtpd_recipient_restrictions = 
            permit_mynetworks,
            permit_sasl_authenticated,
            reject_unauth_pipelining,
            reject_invalid_hostname,
            reject_non_fqdn_sender,
            reject_unknown_sender_domain,
            reject_unknown_reverse_client_hostname,
            reject_unknown_recipient_domain,
            reject_unverified_recipient,
            reject_non_fqdn_recipient,
            reject_unauth_destination,
            check_policy_service unix:private/policy-spf,
            reject_rbl_client zen.spamhaus.org,
            reject_rbl_client bl.spamcop.net,
            reject_rhsbl_sender all.spamrats.com,
            check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf,
            check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf
    
    smtpd_client_restrictions =    
        reject_unknown_client_hostname,  
        sleep 3, 
        reject_unauth_pipelining, 
    
    smtpd_helo_required = yes
    
    smtpd_helo_restrictions = 
        permit_sasl_authenticated, 
        permit_mynetworks, 
        check_helo_access regexp:/etc/postfix/helo_access, 
        reject_invalid_hostname, 
        reject_non_fqdn_hostname, 
        reject_invalid_helo_hostname, 
        #reject_unknown_helo_hostname, 
        check_helo_access regexp:/etc/postfix/blacklist_helo
    
    

    /etc/postfix/helo_access
    Code:
    # helo_access - before permit_sasl
    # be sure to list your own hostname(s), domain(s) and IP address(es) here
    
    # Reject others identifying with this machine's hostnames and IP addresses
    #/^server\.myserver\.com$/  REJECT
    #/^((smtp|mx|mail)\.domain1\.com$/  REJECT
    #/^mail\.domain2\.com$/     REJECT
    
    # TODO: this server's ip addr loop here
    #/^\[?1\.2\.3\.4\]?$/   REJECT
    #/^\[?12\.34\.56\.78\]?$/   REJECT
    #/^\[?123\.234\.123\.234\]?$/   REJECT
    
    # Reject others identifying as domains we host
    # TODO: this server's hosted mail domains loop here
    #/^domain1\.com$/   REJECT
    #/^domain2\.com$/   REJECT
    #/^domain3\.net$/   REJECT
    
    
    by the way, I'm not sure if I should configure the /etc/postfix/helo_access file... No problem until today, although I don't know if this is recommendable.
    What's the common advice with this file?
     
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    WIth ISPConfig I would use the postfix configuration ISPConfig makes or tells to make in the Perfect Server Guide.
    As to the error message, check name service setup on your e-mail server host. For some reason the name did not resolve. It does resolve now that I tested it and matches the reverse name service. This error can not be solved with postfix configuration.
     
    MaxT likes this.
  3. MaxT

    MaxT Member HowtoForge Supporter

    thanks Taleman. I have checked the file /etc/hosts was rewritten by the system and the host name was replaced by the local name. The server is one VPS and there is another included file with options to avoid that behaviour. I hope it can be solved now.

    About the file /etc/postfix/helo_access, What is the best option?. I have read some people configure this file to avoid spammers who try to use the server's name.

    It is recommendable configure this file with the ip and name server?.
    Should I include all mail.domain1.com... mail.domain2.com... for all the domain names working in the server?

    thanks! :)
     
  4. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Using helo_access can block don't connections with obviously forged helo names, follow the examples in it as a start, and be sure to save your changes as a conf-custom templates so they don't get overwritten.
     
    MaxT likes this.
  5. MaxT

    MaxT Member HowtoForge Supporter

    thank you Jesse :)

    I have added this:
    Code:
    /^server\.myserver\.com$/  REJECT
    /^\[?1\.2\.3\.4\]?$/   REJECT
    
    there is no a helo_access.master template in the server, no postfix templates. Perhaps because still it has ISPC 3.1?

    thx!
     
  6. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    The template is likely in the install directory of the installer source, and would need copied to conf-custom/install/.
     
  7. MaxT

    MaxT Member HowtoForge Supporter

    I cannot find it. Folder /usr/local/ispconfig/server/conf-custom/install/ is empty
    Code:
    #  locate ispconfig | grep install
    /usr/local/ispconfig/interface/web/admin/software_package_install.php
    /usr/local/ispconfig/interface/web/admin/lib/lang/ar_package_install.lng
    /usr/local/ispconfig/interface/web/admin/lib/lang/ar_software_package_install.lng
    /usr/local/ispconfig/interface/web/admin/lib/lang/bg_package_install.lng
    /usr/local/ispconfig/interface/web/admin/lib/lang/bg_software_package_install.lng
    /usr/local/ispconfig/interface/web/admin/lib/lang/br_package_install.lng
    /usr/local/ispconfig/interface/web/admin/lib/lang/br_software_package_install.lng
    /usr/local/ispconfig/interface/web/admin/lib/lang/ca_package_install.lng
    /usr/local/ispconfig/interface/web/admin/lib/lang/ca_software_package_install.lng
    /usr/local/ispconfig/interface/web/admin/lib/lang/cz_package_install.lng
    /usr/local/ispconfig/interface/web/admin/lib/lang/cz_software_package_install.lng
    /usr/local/ispconfig/interface/web/admin/lib/lang/de_package_install.lng
    /usr/local/ispconfig/interface/web/admin/lib/lang/de_software_package_install.lng
    /usr/local/ispconfig/interface/web/admin/lib/lang/dk_package_install.lng
    /usr/local/ispconfig/interface/web/admin/lib/lang/dk_software_package_install.lng
    /usr/local/ispconfig/interface/web/admin/lib/lang/el_package_install.lng
    /usr/local/ispconfig/interface/web/admin/lib/lang/el_software_package_install.lng
    /usr/local/ispconfig/interface/web/admin/lib/lang/en_package_install.lng
    /usr/local/ispconfig/interface/web/admin/lib/lang/en_software_package_install.lng
    /usr/local/ispconfig/interface/web/admin/lib/lang/es_package_install.lng
    /usr/local/ispconfig/interface/web/admin/lib/lang/es_software_package_install.lng
    /usr/local/ispconfig/interface/web/admin/lib/lang/fi_package_install.lng
    /usr/local/ispconfig/interface/web/admin/lib/lang/fi_software_package_install.lng
    /usr/local/ispconfig/interface/web/admin/lib/lang/fr_package_install.lng
    /usr/local/ispconfig/interface/web/admin/lib/lang/fr_software_package_install.lng
    /usr/local/ispconfig/interface/web/admin/lib/lang/hr_package_install.lng
    /usr/local/ispconfig/interface/web/admin/lib/lang/hr_software_package_install.lng
    /usr/local/ispconfig/interface/web/admin/lib/lang/hu_package_install.lng
    /usr/local/ispconfig/interface/web/admin/lib/lang/hu_software_package_install.lng
    /usr/local/ispconfig/interface/web/admin/lib/lang/id_package_install.lng
    /usr/local/ispconfig/interface/web/admin/lib/lang/id_software_package_install.lng
    /usr/local/ispconfig/interface/web/admin/lib/lang/it_package_install.lng
    /usr/local/ispconfig/interface/web/admin/lib/lang/it_software_package_install.lng
    /usr/local/ispconfig/interface/web/admin/lib/lang/ja_package_install.lng
    /usr/local/ispconfig/interface/web/admin/lib/lang/ja_software_package_install.lng
    /usr/local/ispconfig/interface/web/admin/lib/lang/nl_package_install.lng
    /usr/local/ispconfig/interface/web/admin/lib/lang/nl_software_package_install.lng
    /usr/local/ispconfig/interface/web/admin/lib/lang/pl_package_install.lng
    /usr/local/ispconfig/interface/web/admin/lib/lang/pl_software_package_install.lng
    /usr/local/ispconfig/interface/web/admin/lib/lang/pt_package_install.lng
    /usr/local/ispconfig/interface/web/admin/lib/lang/pt_software_package_install.lng
    /usr/local/ispconfig/interface/web/admin/lib/lang/ro_package_install.lng
    /usr/local/ispconfig/interface/web/admin/lib/lang/ro_software_package_install.lng
    /usr/local/ispconfig/interface/web/admin/lib/lang/ru_package_install.lng
    /usr/local/ispconfig/interface/web/admin/lib/lang/ru_software_package_install.lng
    /usr/local/ispconfig/interface/web/admin/lib/lang/se_package_install.lng
    /usr/local/ispconfig/interface/web/admin/lib/lang/se_software_package_install.lng
    /usr/local/ispconfig/interface/web/admin/lib/lang/sk_package_install.lng
    /usr/local/ispconfig/interface/web/admin/lib/lang/sk_software_package_install.lng
    /usr/local/ispconfig/interface/web/admin/lib/lang/tr_package_install.lng
    /usr/local/ispconfig/interface/web/admin/lib/lang/tr_software_package_install.lng
    /usr/local/ispconfig/interface/web/admin/templates/software_package_install.htm
    /usr/local/ispconfig/interface/web/sites/aps_install_package.php
    /usr/local/ispconfig/interface/web/sites/aps_installedpackages_list.php
    /usr/local/ispconfig/interface/web/sites/list/aps_installedpackages.list.php
    /usr/local/ispconfig/interface/web/sites/templates/aps_install_package.htm
    /usr/local/ispconfig/server/conf-custom/install
    /usr/local/ispconfig/server/conf-custom/install/empty.dir
    /usr/local/ispconfig/server/lib/classes/aps_installer.inc.php
    /var/log/ispconfig_install.log
    
    What's the name of the installer source?

    thanks!
     
  8. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

  9. MaxT

    MaxT Member HowtoForge Supporter

    ok, I understand. Thanks! :)
     

Share This Page