I have bumped into the following in my mail.log
file:
May 20 21:50:46 degas postfix/smtpd[1596]: NOQUEUE: reject: RCPT from unknown[109.170.250.177]: 450 4.7.1 Client host rejected: cannot find your hostname, [109.170.250.177]; from=<***> to=<***> proto=ESMTP helo=<jamnet.jamrec.jamjobs.co.uk>
In postfix configuration the reject_unknown_client_hostname
is set on smtpd_recipient_restrictions
What I find slightly baffling is that dig -x 109.170.250.177
returns a valid answer:
;; QUESTION SECTION:
;177.250.170.109.in-addr.arpa. IN PTR
;; ANSWER SECTION:
177.250.170.109.in-addr.arpa. 67434 IN PTR mail.jamjobs.co.uk.
According to the postfix documentation this is what this config option does
Reject the request when 1) the client IP address->name mapping fails, 2) the name->address mapping fails, or 3) the name->address mapping does not match the client IP address.
In this case, condition 1) is met, but condition 3) seems to cause the failure.
I could change to reject_unknown_reverse_client_hostname
to fix the problem.
Would you suggest that my current setting is too "strong" or too "restrictive"? Should I normally expect the announced hostname of the SMTPD client be potentially different from the IP address lookup? Is this configuration helpful protecting from spam. Currently it seems to cause too many false negatives.
You're interpreting the error wrong:
That's your problem - the HELO/EHLO identified hostname, not the IP.