Thanks Phoenix and Vavai.
Fwiw, for a test I turned off ALL Zimbra admin interface MTA protocol and DNS checks, bounced postfix, verified via postconf that restrictions were reduced to "reject_non_fqdn_recipient, reject_unlisted_recipient, permit_mynetworks, permit_sasl_authenticated, check_sender_access hash:/opt/zimbra/conf/zmmta_white_and_black_list, reject_unauth_destination, permit", and still get the warnings.
And, "tcpdump -i eth0 udp port 53" confirmed there ARE DNS queries associated associated with the log entries:
Code:
zimbra.log: Jan 1 13:38:32 smtp postfix/smtpd[28178]: warning: 110.138.133.5: hostname 5.subnet110-138-133.speedy.telkom.net.id verification failed: Name or service not known
tcpdump: 13:38:27.665938 IP smtp.domain.com.56060 > 172.16.0.1.domain: 19696+ PTR? 5.133.138.110.in-addr.arpa. (44)
zimbra.log: Jan 1 13:40:57 smtp postfix/smtpd[28178]: warning: 190.189.34.68: hostname 68-34-189-190.cab.prima.net.ar verification failed: Name or service not known
tcpdump: 13:40:57.430417 IP smtp.domain.com.45127 > 172.16.0.1.domain: 15487+ PTR? 68.34.189.190.in-addr.arpa. (44)
zimbra.log: Jan 1 13:41:21 tamago postfix/smtpd[28178]: warning: 110.138.133.5: hostname 5.subnet110-138-133.speedy.telkom.net.id verification failed: Name or service not known
tcpdump: 13:41:21.463231 IP smtp.domain.com.48700 > 172.16.0.1.domain: 45231+ PTR? 5.133.138.110.in-addr.arpa. (44)
Perhaps not critical but I'm still curious. Since they entries are warnings maybe they are just default postfix behavior though I couldn't verify this.
LinkBack URL
About LinkBacks
Does reject_invalid_hostname cause a DNS lookup?
Originally Posted by Simulcast 
