Home / server / Questions / 456356
Accepted
Mike
Asked: 2012-12-09 07:55:58 +0800 CST

Having trouble interpreting mail log DNS errors

  • 772

I have a postfix mail server on Debian. A client of mine just informed me that they were unable to send an email to me and it appears that there is a problem with their mail server. I would like to get back to them with the actual problem, but I'm unable to figure this out. This was in the bounce email:

The address to which the message has not yet been delivered is:

[email protected]
Delay reason: SMTP error from remote mail server after RCPT
TO::
host dog.myhostname.com [{server_ip}]: 450 4.7.1
:
Recipient address rejected: SPF-Result=server.thehostingserver.co.uk:
'SERVFAIL' error on DNS 'TXT' lookup of 'server.thehostingserver.co.uk'

Checking through the /var/log/mail.log file I see the following lines which coincide with the bounce email:

Dec  6 10:32:16 dog postfix/smtpd[366]: connect from unknown[37.26.106.210]
Dec  6 10:32:16 dog postfix/smtpd[366]: setting up TLS connection from unknown[37.26.106.210]
Dec  6 10:32:16 dog postfix/smtpd[366]: Anonymous TLS connection established from unknown[37.26.106.210]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Dec  6 10:32:18 dog postfix/policy-spf[421]: Policy action=DEFER_IF_PERMIT SPF-Result=server.thehostingserver.co.uk: 'SERVFAIL' error on DNS 'TXT' lookup of 'server.thehostingserver.co.uk'
Dec  6 10:32:18 dog postfix/smtpd[366]: NOQUEUE: reject: RCPT from unknown[37.26.106.210]: 450 4.7.1 <[email protected]>: Recipient address rejected: SPF-Result=server.thehostingserver.co.uk: 'SERVFAIL' error on DNS 'TXT' lookup of 'server.thehostingserver.co.uk'; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<server.thehostingserver.co.uk>

I am having a bit of trouble understanding this.

1) Why does it say "connect from unknown"? This IP clearly resolves to server.oovavoohosting.co.uk. (Note, other incoming connections do show up correctly with their hostnames)

# nslookup 37.26.106.210
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
210.106.26.37.in-addr.arpa      name = server.oovavoohosting.co.uk.

Authoritative answers can be found from:
106.26.37.in-addr.arpa  nameserver = ns1.racksrv.com.
106.26.37.in-addr.arpa  nameserver = ns2.racksrv.com.
ns1.racksrv.com internet address = 37.26.104.214
ns2.racksrv.com internet address = 37.26.105.214

2) If the aforementioned IP resolves to server.oovavoohosting.co.uk, where does it get the hostname server.thehostingserver.co.uk from? I can see this hostname doesn't exist, which is why it's returning a SERVFAIL, I just don't know where it comes from.

domain-name-system

1 Answers

  1. Best Answer

    1) The unknown in the log means that the reverse name for the IP (server.oovavoohosting.co.uk) does not forward resolve to the original IP address.

    2) It looks like the remote server introduced itself as server.thehostingserver.co.uk. Looking at the log, I see helo=server.thehostingserver.co.uk, which I interpret as what the server used in the SMTP greeting.

    Why that is used in the SPF test I did not know until I looked it up on wikipedia and it seems that this is now a mandatory test:

    For an empty Return-Path as used in error messages and other auto-replies, an SPF check of the HELO-identity is mandatory.

    With a bogus HELO identity the result NONE would not help, but for valid host names SPF also protects the HELO identity. This SPF feature was always supported as an option for receivers, and later SPF drafts including the final specification recommend to check the HELO always.

    In summary, a server connected to your mail server and said

    HELO server.thehostingserver.co.uk

    in its greeting. Your server then looked up the SPF record and not finding a DNS entry for this server refused the mail.

    • 3