ISPConfig Version: 3.0.4.6 not upgraded yet. Hi All Hi, I am seeing this type of messages logged within the Mail Warn-Log May 26 07:07:43 ns1 postfix/smtpd[32422]: warning: 77.87.157.191: hostname ip-77-87-157-191.airbites.net.ua verification failed: Name or service not known May 26 12:31:24 ns1 postfix/smtpd[7083]: warning: 178.121.39.203: hostname mm-203-39-121-178.dynamic.pppoe.mgts.by verification failed: Name or service not known May 26 14:17:58 ns1 postfix/smtpd[4138]: warning: 2.135.132.131: hostname 2.135.132.131.megaline.telecom.kz verification failed: Name or service not known May 26 15:49:20 ns1 postfix/qmgr[1923]: warning: qmgr_active_done_3_generic: remove 881981D9A0D4 from active: No such file or directory May 26 16:35:42 ns1 postfix/smtpd[4157]: warning: 188.94.153.21: hostname 188-94-153-21.static.pppoe.skytelecom.kz verification failed: Name or service not known May 26 17:39:54 ns1 postfix/smtpd[5549]: warning: 66.6.131.88: hostname pm2-24.skyweb.net verification failed: Name or service not known Could someone please explain what it means as I am not sure. Cheers Scorp
what setup are you running? chances are you have a dns issue and/or a bad setup in your postfix during some spam checking.....just guesses.
Hi Turbanator The Perfect Server - Debian Squeeze (Debian 6.0) With BIND & Courier ISPConfig Version: 3.0.4.6 I have used Set Up Postfix For Relaying Emails Through Another Mailserver to which was working fine for the last few months Cheers Scorp
Possibly a few spam bots there - most of the hostnames showing are styled as dynamic addresses - issued to clients by ISPs from their pool. They probably shouldn't be attempting to connect directly to your server. Part of anti-spam checks postfix is trying to lookup the hosts that are attempting to connect. This look is failing and thats what postfix is giving you a warning for. pm2-24.skyweb.net - no forward DNS record exists for that host, although a reverse PTR does seem to exist for 66.6.131.88. Here's a transcript off one of mine: Code: May 27 13:43:35 server1 postfix/smtpd[9717]: warning: 2.83.18.167: hostname bl22-18-167.dsl.telepac.pt verification failed: Name or service not known May 27 13:43:35 server1 postfix/smtpd[9717]: connect from unknown[2.83.18.167] May 27 13:43:36 server1 postfix/smtpd[9717]: NOQUEUE: reject: RCPT from unknown[2.83.18.167]: 504 5.5.2 <2.83.18.167>: Helo command rejected: need fully-qualified hostname; from=<> to=<my.email.addy> proto=SMTP helo=<2.83.18.167> May 27 13:43:36 server1 postfix/smtpd[9717]: lost connection after RCPT from unknown[2.83.18.167] Postfix tries its reverse lookup and fails. Client tries to connect anyway and whatever spam its trying to push is rejected by the box as reject_non_fqdn_hostname is set. The warning on its own isn't an issue - have a read of any further postfix hardening to prevent spam that you might not already have in place.
Hi Thank you for that explanation, as I will be updating today to ISPConfig 3.0.5.2, any suggestions on how to harden Postfix, I will be reading up on hardening Postfix. Cheers Scorp
Check out settings in main.cf From an installation done yesterday the stock settings look like this: Code: smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination There are, however a number of different restriction streams that can be set. The tighter the policy the more trouble a rogue email has getting through. But the same is also true of valid emails... watch your logs! This page here gives a rather good description of the various postfix smtp restrictions available http://wiki.centos.org/HowTos/postfix_restrictions One of my dev boxes looks like this instead Code: smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, smtpd_sender_restrictions = permit_mynetworks permit_sasl_authenticated reject_non_fqdn_sender reject_unknown_sender_domain smtpd_recipient_restrictions = reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination, reject_rbl_client multi.uribl.com, reject_rbl_client dsn.rfc-ignorant.org, reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client cbl.abuseat.org, reject_rbl_client combined.rbl.msrbl.net, reject_rbl_client b.barracudacentral.org Watch out if you see a reference to using "reject_unknown_helo_hostname" - if this is set you may end up losing legitimate emails as quite a few mail servers out there do not identify themselves properly and fall foul of this setting. Especially servers behind NAT'd firewalls that send an "internal dns name" for a helo - cannot be resolved on the public internet. A few linkys here:- http://www.howtoforge.com/hardening-postfix-for-ispconfig-3 http://support4hosting.wordpress.co...onfigure-postfix-with-anti-spam-blacklisting/ For most of the restriction settings you can use "warn_if_reject" instead so although a message will be passed by the MTA an entry will be placed in maillog showing that it would have been rejected. Good luck with your upgrade!
Hi monkfish Thanks again I really do appreciate your help. Some reading and few cups of coffee now Cheers Scorp
