[Solved] Postfix/smtp: Client host rejected: cannot find your reverse hostname

Discussion in 'Server Operation' started by Uzumymw, Nov 28, 2016.

  1. Uzumymw

    Uzumymw New Member

    Hello,
    few days ago I've installed ISPConfig on VPS. Wverything worked, but in mail queue i found some logs like this:
    (host xx.xx.xx.xx[xx.xxx.xxx.xx] said: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [yyy.yyy.yy.yyy] (in reply to RCPT TO command))
    or
    (host mx.poczta.onet.pl[xxx.xxx.xxx.xxx] refused to talk to me: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [yyy.yyy.yy.yyy])

    I've tried to found reason in Google, but I have not found a clear answer: Is it a postfix configuration or DNS / domain site wine?
    And another question is how to fix it?
     
  2. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    dig +short -t A your_hostname
    dig +short -x IP_FROM_ABOVE
    ?
     
  3. Uzumymw

    Uzumymw New Member

    Problem solved. I forgot to set revDNS on VPS.
     
  4. Tuumke

    Tuumke Member

    I'm sorry to reply to such an old topic :) But i'm having this error too.
    [email protected]:/mnt/c/Windows/System32$ dig +short -t A mail.domain.tld @8.8.8.8
    213.x.x.x
    [email protected]:/mnt/c/Windows/System32$ dig +short -x 213.x.x.x @8.8.8.8
    x.128/27.x.x.213.in-addr.arpa.
    mail.domain.tld.

    Don't they do follow ups on CNAMEs?
     
  5. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    mail.domain.tld must be A-record. Reverse DNS is PTR-record, which can not be CNAME.
     
    Tuumke likes this.
  6. Tuumke

    Tuumke Member

    mail.domain.tld = a record as you can see by the DIG command i used
    [email protected]:/mnt/c/Windows/System32$ dig +short -t A mail.domain.tld @8.8.8.8
    213.x.x.x
    We dont have an actual PTR record in the zone of domain.tld but do have an authorative zone for
    128/27.x..x.213.in-addr.arpa zone with and record for 140 being a PTR set to mail.domain.tld
     
  7. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    In that case your error is not the same.
     
  8. Tuumke

    Tuumke Member

    It is though. We are getting mails back that cannot be delivered because of the same error message. Does that mean that the receiving party is not doing recursive lookups?
     
  9. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Is the same error message you get really
    What is the hostname for which the reverse can not be found?
    Does
    Code:
    host 213.x.x.x
    return the FQDN that your mail server sends mails as?
     
  10. Tuumke

    Tuumke Member

    Did this from an external system:

    [email protected]:~$ host 213.x.x.x
    x.x.x.213.in-addr.arpa is an alias for x.128/27.x.x.213.in-addr.arpa.
    x.128/27.x.x.213.in-addr.arpa domain name pointer mail.domain.tld
     
  11. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    You did not answer:
     
    Last edited: Mar 21, 2019
  12. Tuumke

    Tuumke Member

    You mean the real mail.domain.tld?
     
  13. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    I mean, if you get the error message
    and the PTR record exists for that IP-number, AND the return of reverse DNS matches the FQDN your mail server introduces itself to the other mail servers, then it should work. If, however, the receiving mail server tries to find some other hostname then mail server setup is faulty.
    But maybe that construct where command host returns
    Code:
    x.x.x.213.in-addr.arpa is an alias for x.128/27.x.x.213.in-addr.arpa.
    x.128/27.x.x.213.in-addr.arpa domain name pointer mail.domain.tld
    is not suitable for mail servers. I do not recognize what that is. Seems to be CNAME for PTR records, which I find strange. How is that reverse record made in name service?
    The PTR record should point to your mail server FQDN, that is mail.domain.tld.
     
  14. Tuumke

    Tuumke Member

    We send an e-mail, that doesn't get delivered and we receive an e-mail containing that error message..
     
  15. Tuumke

    Tuumke Member

    It's also not to every external domain. To google,hotmail etc it works just fine.
     

Share This Page