| Welcome to the Zimbra :: Forums! | |
Welcome, if you would like to post a comment please register.
We also encourage you to explore all things Zimbra with our team and members of the community.
|
 | 
02-23-2011, 06:33 AM
| | |  Inbound Emails Rejected - "cannot find your hostname"
Release 7.0.0_GA_3077.UBUNTU10_64 UBUNTU10_64 FOSS edition.
We are having trouble receiving emails from some of our vendors, below is an example of a log entry from mail.log, with the names/ips changed to protect privacy:
Feb 23 04:08:31 zimbra postfix/smtpd[31640]: NOQUEUE: reject: RCPT from unknown[123.123.123.123]: 450 4.7.1 Client host rejected: cannot find your hostname, [123.123.123.123]; from=<user@vendor.com> to=<user@purchasingdept.com> proto=ESMTP helo=<mx.vendor.com>
When I first saw this error I went to the admin panel and disabled some of the protocol and hostname checks. The error still occured, and so I disabled DNS Lookups and everything under the "Protocol Checks" and "DNS Checks" section. It is still occuring. How do I fix this?  |
02-23-2011, 07:14 AM
| | |
I may have narrowed this down.
When I reverse lookup the IP in question, it does point to a valid hostname, but that hostname is not in the MX record for the sender's domain. Would this cause the failure? I realize it is probably in violation of some RFC, but is there anyway to disable this check? |
02-23-2011, 07:25 AM
| | |
First thing would be to set back everything as it was as you will need to perform DNS lookups if you are not relaying through an upstream SMTP server.
Second you should ask the sender to get their IT department to fix DNS 
Third go to the Admin GUI and under Global Configuration -> MTA -> Disable the DNS checks for Unknown Hostname.
You will need to restart the MTA so from a command prompt Code: su - zimbra
zmmtactl stop ; zmmtactl start It would also be useful to post which checks you have enabled Code: zmprov gacf zimbraMtaRestriction
__________________  |
02-23-2011, 07:34 AM
| | |
Yes I was formulating such an email, but as this is a vendor we purchase products from, I wanted to be certain I was correct in doing so. 
I have re-enabled the DNS Lookups, but left everything else disabled except for the RBL list, below is my restriction list: Quote:
zimbra@zimbra:~$ zmprov gacf zimbraMtaRestriction
zimbraMtaRestriction: reject_rbl_client dsn.rfc-ignorant.org
zimbraMtaRestriction: reject_rbl_client zen.spamhaus.org
zimbraMtaRestriction: reject_rbl_client dul.dnsbl.sorbs.net
zimbraMtaRestriction: reject_rbl_client bl.spamcop.net
| Could you recommend which options I should enable that would be reasonable for a corporate environment? |
02-23-2011, 07:44 AM
| | |
Out of the box the following are set. You have to gauge what your SPAM levels are like against causing issues by bounced emails. You can extend the anti-spam capability in ZCS; have a search for SaneSecurity on the forum.
__________________ |
02-23-2011, 07:53 AM
| | |
Thank you uxbod, you are always so helpful!
Just to confirm that this is the cause though, I never had the reject_unknown_hostname option checked. So would it be their misconfigured DNS that triggered the error? I want to make sure I don't have them correct their DNS only to have it still fail. |
02-23-2011, 08:48 AM
| | |
It just dawned on me that although their DNS is not right, it couldn't be the reason Zimbra rejected it, as it would mean that no relaying at all would be allowed. Often mail gets relayed from an MTA that is not in the MX list for a particular domain. For example, I send mail all the time from 4 or 5 different domains but through the same SMTP server.
So now I'm back to: why is Zimbra rejecting these emails when I have the 'reject_unknown_hostname' option disabled? |
02-23-2011, 09:24 AM
| | | 
Maybe this is the problem. Here is my output from zmprov: Quote:
zimbra@zimbra:~$ zmprov gacf zimbraMtaRestriction
zimbraMtaRestriction: reject_invalid_hostname
zimbraMtaRestriction: reject_non_fqdn_sender
zimbraMtaRestriction: reject_rbl_client dsn.rfc-ignorant.org
zimbraMtaRestriction: reject_rbl_client zen.spamhaus.org
zimbraMtaRestriction: reject_rbl_client dul.dnsbl.sorbs.net
zimbraMtaRestriction: reject_rbl_client bl.spamcop.net
| But a 'postconf -n' reveals something entirely different: Quote: |
smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unlisted_recipient, reject_invalid_hostname, reject_non_fqdn_sender, reject_unknown_client, reject_unknown_sender_domain, reject_rbl_client dsn.rfc-ignorant.org, reject_rbl_client zen.spamhaus.org, reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client bl.spamcop.net, permit
| I'm guessing that since postconf has the reject_unknown_client flag set, that is why the mails are being rejected... so now the question is: Why is Zimbra not setting the postfix configuration properly?!  |
02-23-2011, 09:50 AM
| | |
Nothing I do seems to get Zimbra to update the config file, including changing the file permissions so that zimbra is the owner (although that throws a warning from postfix upon restart).
How/when is this file written/updated, and why is mine not? Also notice that the line in the quote above is truncated. That was not a copy-paste error, it is actually truncated like that in the file. Something is amiss.  | | Thread Tools | Search this Thread | | | | | Display Modes |  Linear Mode | | Why Join? Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.   |
Bugzilla
Wiki
Source
