Dear Support and colleagues, Installed Perfect tutorial ISPC 3.13 Debian 9.6 apache 1. Server is behind pfSense NAT Should we put internal 10.x.x.x or external 123.x.x.x IP address in /etc/hosts ? 2. Lot of logs in mail.warn like this: warning:hostname mail.xxdomain.com does not resolve to address 123.456.789.xxx Name or service not known Some problem with DNS as i see!? 2.a How can i whitelist this mail servers in postfix as a quick-fix untill i find the final DNS issue? 2.b Should i disable some protection feature from postfix, so it wouldnt check for reverse lookup, untill i find the final DNS issue? Please i need urgent help, the user is not getting a lot of needed email messages. Best Regards
Edit /(etc/postfix/main.cf and change the line: Code: smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, reject_invalid_hostname, reject_non_fqdn_hostname, reject_invalid_helo_hostname, reject_unknown_helo_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo to Code: smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, check_helo_access regexp:/etc/postfix/blacklist_helo and restart postfix to avoid that postfix rejects unknown or unresolvable hostnames.
Thank you for the support Till. Can you please clear the first question to me, also? 1. Server is behind pfSense NAT Should we put internal 10.x.x.x or external 123.x.x.x IP address in /etc/hosts ?
I would put the internal IP in /etc/hosts, that way all requests from your server to a domain / hostname defined there will stay in your local network without doing a roundtrip to the firewall.
The problem is that the internal DNSes of Hetzner (which i have in resolv.conf) doesn't always have the updated info on world ip address changes, and if the internal IP is set in hosts, the request cannot pass to 8.8.8.8 or 1.1.1.1 for check If i try dig @8. -x 1.2.3.4 or @1. i will get a timeout if the server is out of nat and on external ip, then the check passes, and so will the checkups from postfix... what do you think about that? Is this the core of the problem? both the fw and vm are on the same metal, so the roundtrip to the fw shouldnt be a problem...
Is there no route to public Internet from that private network? Once you configure the route, you can use 8.8.8.8 as name server. It is normal that changes do not show immediately. But they should show eventually, maybe within 4 to 48 hours.
The perfect server guides don't set postfix to require reverse dns. On that topic, definitely don't require it if you are having dns problems; I looked at enabling that around here not long ago and decided not to due to the number of legitimate servers that would be rejected. But some places do check that, I think a lot more than even a few years ago, so you just have to decide whether you want to our not.