Does reject_invalid_hostname cause a DNS lookup?

[Simulcast]

Hi,

I'm using reject_invalid_hostname as the first of my smtpd_recipient_restrictions in Postfix.

I believe the following is a log entry for a related (eventual) rejection:

Dec 29 23:57:18 smtp postfix/smtpd[26403]: warning: 209.124.166.41: hostname atclientaccess.baltimorehousing.org verification failed: Name or service not known

In the interest of performance and possible reordering of my restrictions, does anyone happen to know if reject_invalid_hostname causes a DNS lookup?

If not, how does Postfix deem "atclientaccess.baltimorehousing.org" "invalid"?

Thanks in advance!

[phoenix]

Quote:

Originally Posted by Simulcast

In the interest of performance and possible reordering of my restrictions, does anyone happen to know if reject_invalid_hostname causes a DNS lookup?

No, it doesn't.

Quote:

Originally Posted by Simulcast

If not, how does Postfix deem "atclientaccess.baltimorehousing.org" "invalid"?

Search for the restriction name here: http://www.troubleshootingwiki.org/P...i-Spam_Methods

[vavai]

Quote:

Originally Posted by Simulcast

Hi,

If not, how does Postfix deem "atclientaccess.baltimorehousing.org" "invalid"?

Thanks in advance!

CMIIW,

Quote:

nslookup atclientaccess.baltimorehousing.org
Server: 8.8.8.8
Address: 8.8.8.8#53

** server can't find atclientaccess.baltimorehousing.org: NXDOMAIN

Actually, I've never activate "reject_invalid_hostname" as my restriction. The parameter works as expected but too many Mail Administrator simply don't care about their DNS records

[Simulcast]

Thanks Phoenix and Vavai.

Fwiw, for a test I turned off ALL Zimbra admin interface MTA protocol and DNS checks, bounced postfix, verified via postconf that restrictions were reduced to "reject_non_fqdn_recipient, reject_unlisted_recipient, permit_mynetworks, permit_sasl_authenticated, check_sender_access hash:/opt/zimbra/conf/zmmta_white_and_black_list, reject_unauth_destination, permit", and still get the warnings.

And, "tcpdump -i eth0 udp port 53" confirmed there ARE DNS queries associated associated with the log entries:

Code:

zimbra.log: Jan  1 13:38:32 smtp postfix/smtpd[28178]: warning: 110.138.133.5: hostname 5.subnet110-138-133.speedy.telkom.net.id verification failed: Name or service not known
tcpdump: 13:38:27.665938 IP smtp.domain.com.56060 > 172.16.0.1.domain:  19696+ PTR? 5.133.138.110.in-addr.arpa. (44)

zimbra.log: Jan  1 13:40:57 smtp postfix/smtpd[28178]: warning: 190.189.34.68: hostname 68-34-189-190.cab.prima.net.ar verification failed: Name or service not known
tcpdump: 13:40:57.430417 IP smtp.domain.com.45127 > 172.16.0.1.domain:  15487+ PTR? 68.34.189.190.in-addr.arpa. (44)

zimbra.log: Jan  1 13:41:21 tamago postfix/smtpd[28178]: warning: 110.138.133.5: hostname 5.subnet110-138-133.speedy.telkom.net.id verification failed: Name or service not known
tcpdump: 13:41:21.463231 IP smtp.domain.com.48700 > 172.16.0.1.domain: 45231+ PTR? 5.133.138.110.in-addr.arpa. (44)

Perhaps not critical but I'm still curious. Since they entries are warnings maybe they are just default postfix behavior though I couldn't verify this.