Postfix

utnalove · 10-04-2018, 02:57 AM

Hello,

PROBLEM
Postfix is not resolving rDNS... -> (unknown
See below the headers of an email.

However I can see that in journalctl -f, it translates some IP to name.
If I turn chroot for smtps ON, it stops translating in journalctl, and all the connections appear as unknown.

The problem is with received emails. All of them have (unknown before the IP address, no matter if smtpd has chroot on or off.

here is a header of an email sent from a website contact form IP 94.177.253.49.
The mail server is at IP 185.43.211.43.

Both of them have a rDNS assigned. (please don't post here the DNS name assigned to 94.177.253.49 for privacy reason, because it has name, and I want to avoid google to crawl and index it).

Chroot is OFF

Code:

# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       n       -       -       smtpd
submission inet n       -       -       -       -       smtpd
  -o smtpd_tls_security_level=encrypt
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       -       -       -       smtp
relay     unix  -       -       -       -       -       smtp
        -o smtp_fallback_relay=
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
retry     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix  -       n       n       -       2       pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}
dovecot   unix  -       n       n       -       -       pipe flags=DRhu user=vmail:vmail argv=/usr/bin/spamc -4 -u vmail -e /usr/libexec/dovecot/deliver -d ${recipient} -f ${sender}

policy-spf  unix  -       n       n       -       -       spawn user=nobody argv=/usr/libexec/postfix/policyd-spf

And this is part of a header of an email sent from the website contact form to the email:

Code:

Date: Thu, 4 Oct 2018 07:37:25 +0000
To: xxx@tantramassageamsterdam.net
From: 2342 <xxx@tantramassageamsterdam.net>
Reply-To: fsdfsa@sdfas.com

This is host from the mail server:

Code:

~]# host 94.177.253.49
49.253.177.94.in-addr.arpa domain name pointer se******o.com.

And here nslookup:

Code:

 ~]# nslookup  94.177.253.49
Server:         62.149.128.4
Address:        62.149.128.4#53

Non-authoritative answer:
49.253.177.94.in-addr.arpa      name = se******o.com.

Authoritative answers can be found from:

And here some more info:

Code:

 ~]# postconf | grep dns
disable_dns_lookups = no
dnsblog_reply_delay = 0s
dnsblog_service_name = dnsblog
lmtp_dns_resolver_options =
lmtp_host_lookup = dns
postscreen_dnsbl_action = ignore
postscreen_dnsbl_reply_map =
postscreen_dnsbl_sites =
postscreen_dnsbl_threshold = 1
postscreen_dnsbl_ttl = 1h
smtp_dns_resolver_options =
smtp_host_lookup = dns

Does anybody know what's wrong or what else I can check?

scasey · 10-04-2018, 08:26 PM

What problem are you having? I see no errors or.problems in your post.

utnalove · 10-05-2018, 12:30 AM

Ups, sorry, I forgot the most important part. Just added.

scasey · 10-05-2018, 02:43 AM

Are you asking about this?

Code:

Received: from www.tantramassageamsterdam.net (unknown [94.177.253.49])

That's typical, in my experience. The from www.... part can be forged, but the IP address should be accurate.
I don't know postfix, but in qmail, the smtp server has to be configured to resolve the IP address. Usually, that's NOT what is wanted, because it causes more bandwith consumption and can slow down the processing of incoming mail.

What's important is which IP delivered the mail, 'cause if it's spam, that's who you want to report it to. The delivering domain is pretty much irrelevant.

Again, what problem are you trying to solve. I still am not following your actual question.

Sorry if I'm being dense...

utnalove · 10-05-2018, 02:49 AM

Yes the problem is

Code:

(unknown [94.177.253.49])

If it doesn't resolve, then I can't configure well Spamassassin, so it's crucial for me to have postfix to resolve those names and let unknown disappear and instead have the right host name.

scasey · 10-05-2018, 03:20 PM

Quote:

Originally Posted by utnalove

Yes the problem is

Code:

(unknown [94.177.253.49])

If it doesn't resolve, then I can't configure well Spamassassin, so it's crucial for me to have postfix to resolve those names and let unknown disappear and instead have the right host name.

OK Now we're getting to it.
What are you trying to configure spamassassin to do that you need the domain name?
Spamassassin has a test that will add score if there is no rDNS for the delivering IP address, so it can check that even if the mail server doesn't.

As I said, I don't know postfix, but I'm sure there's probably a way to make it do the rDNS lookups. Check the documentation.
I don't recommend it, but it your server

utnalove · 10-06-2018, 12:56 AM

What I am trying to do is to configure whitelist_from_rcvd. But it needs postfix to get the name from IP. And if that doesn't work, so also whitelist_from_rcvd doesn't work.