Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Administrators
Reload this Page Erratic NOQUEUE Behavior

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 03-24-2010, 07:56 AM
Member
  
Posts: 11
Default Erratic NOQUEUE Behavior
In an effort to reduce spam, I recently enabled reject_unknown_hostname in Zimbra 6.04 via the admin panel. I've checked the logs to verify that this is indeed blocking a lot of spam. A few legitimate inbound emails are getting blocked with the error 450 4.7.1 Helo command rejected: Host not found;, but I handle this by maintaining a white list in postfix_recipient_restrictions.cf.

Today I had a user contact me about a legitimate sender who was having her mail rejected with the above-noted error. When I checked the logs, I noticed that an earlier mail from the same sender had made it through. Why would postfix decide to reject the sender after an earlier email from the same sender was accepted? In checking my logs, it appears that this has happened more than once with different senders.

In both cases, the helo host was the same. A reverse lookup shows the IP to be valid, but doesn't match the host name sent by the Helo command. Could this be a DNS timeout error?

Following are the two entries in my logs, the first being successful and the second being rejected.

Mar 24 09:11:17 freedomics postfix/smtpd[2927]: connect from mail.pti.cc[72.215.236.181]
Mar 24 09:11:18 freedomics postfix/smtpd[2927]: B5B2319B065C: client=mail.pti.cc[72.215.236.181]
Mar 24 09:11:19 freedomics amavis[18294]: (18294-16) Checking: elU+uYIZHqYP [72.215.236.181] <ACamp@ptitime.com> -> <jeremy@freedomics.com>
Mar 24 09:11:19 freedomics postfix/smtpd[2927]: disconnect from mail.pti.cc[72.215.236.181]
Mar 24 09:11:19 freedomics amavis[18294]: (18294-16) Passed CLEAN, [72.215.236.181] [72.215.236.181] <ACamp@ptitime.com> -> <jeremy@freedomics.com>, Message-ID: <B3C0CE4436B5FF4A8C81DCE0E048BA6B0186C732@fs3.pti.cc>, mail_id: elU+uYIZHqYP, Hits: 1.677, size: 1665, queued_as: 9BCFDDC0005, 631 ms


Mar 24 09:23:18 freedomics postfix/smtpd[15355]: connect from mail.pti.cc[72.215.236.181]
Mar 24 09:23:18 freedomics postfix/smtpd[15355]: NOQUEUE: reject: RCPT from mail.pti.cc[72.215.236.181]: 450 4.7.1 <fs3.pti.cc>: Helo command rejected: Host not found; from=<ACamp@ptitime.com> to=<jeremy@freedomics.com> proto=ESMTP helo=<fs3.pti.cc>
Mar 24 09:23:18 freedomics postfix/smtpd[15355]: lost connection after RSET from mail.pti.cc[72.215.236.181]
Mar 24 09:23:18 freedomics postfix/smtpd[15355]: disconnect from mail.pti.cc[72.215.236.181]
Reply With Quote
  #2 (permalink)  
Old 03-24-2010, 08:11 AM
Moderator
  
Posts: 1,554
Default
using my dns server

Code:
bdial@hercules:~> host fs3.pti.cc
Host fs3.pti.cc not found: 3(NXDOMAIN)
using level3's public dns server

Code:
bdial@hercules:~> host fs3.pti.cc 4.2.2.2
Using domain server:
Name: 4.2.2.2
Address: 4.2.2.2#53
Aliases: 

Host fs3.pti.cc not found: 3(NXDOMAIN)
Reply With Quote
  #3 (permalink)  
Old 03-24-2010, 08:38 AM
Member
  
Posts: 11
Default
Quote:
Originally Posted by bdial View Post
using my dns server

Code:
bdial@hercules:~> host fs3.pti.cc
Host fs3.pti.cc not found: 3(NXDOMAIN)
using level3's public dns server

Code:
bdial@hercules:~> host fs3.pti.cc 4.2.2.2
Using domain server:
Name: 4.2.2.2
Address: 4.2.2.2#53
Aliases: 

Host fs3.pti.cc not found: 3(NXDOMAIN)
Agreed. The helo host fs3.pti.cc is not valid. It should have been rejected. Why then did postfix accept it at one point and then reject it later the same hour?
Reply With Quote
  #4 (permalink)  
Old 03-24-2010, 08:43 AM
Moderator
  
Posts: 1,554
Default
hard to say without a time machine. maybe it was valid? maybe they've screwed up their zone file? maybe you had a cached valid address? but it's definately broken right now.
Reply With Quote
  #5 (permalink)  
Old 03-24-2010, 09:12 AM
raj raj is offline
Moderator
  
Posts: 768
Default
its DNS issue at your user end..if you see different DNS info on internet then that is the root of the problem.

on the side note..this is NOT the most reliable way to stop spam connections as many many good email servers have bad DNS or during any dns changes you may get this kind of results.
you can try GREYLISTING the zimrba server which will reject everyting by default and wait for retry, spammers dont like to retry
moreover GREYLISTING is not prone to this kind of DNS problem and is self maintained.

there are lots of other things you can do also to stop spam
Improving Anti-spam system - Zimbra :: Wiki

Raj
__________________
i2k2 Networks
Dedicated & Shared Zimbra Hosting Provider
Reply With Quote
  #6 (permalink)  
Old 03-24-2010, 11:27 AM
Member
  
Posts: 11
Default
Thanks for your quick responses.

I took a closer look at my logs and found a few other instances of inbound mail with the same seemingly random behavior of being rejected (450 4.7.1) or accepted.

My guess is that there's some type of occassional error between postfix and my DNS server. I guess I'll have to turn up the log levels to see what's happening.
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.