Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   CentOS (http://www.linux-archive.org/centos/)
-   -   Postfix - message queue filling with Host or name not found - try again (http://www.linux-archive.org/centos/453473-postfix-message-queue-filling-host-name-not-found-try-again.html)

Rob Kampen 11-16-2010 06:49 PM

Postfix - message queue filling with Host or name not found - try again
 
Hi list,
I have noted over the last week or so my DNS servers are dumping lots of
messages for bogus domain lookups. Examining the postfix queue with
postqueue -p: I see many
(Host or domain name not found. Name service error for
name=bdgiedjhea.po6e4ina.com type=MX: Host not found, try again)

Jake@bdgiedjhea.po6e4ina.com
My question - why does this stay in the message queue - why not dumped
back with message undeliverable or dropped?

I understand this is probably related to my config - which follows:
<main.cf>
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
myhostname = <mumble>
mydomain = <mumble>
myorigin = $mydomain
inet_interfaces = all
inet_protocols = ipv4
proxy_interfaces = <mumble>
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
mail.$mydomain, www.$mydomain, ftp.$mydomain
unknown_local_recipient_reject_code = 550
mynetworks = 192.168.230.0/24, 127.0.0.0/8
relay_domains =
virtual_alias_domains = hash:/etc/postfix/virtual_alias_domains
virtual_alias_maps = hash:/etc/postfix/virtual_alias_maps
smtpd_helo_required = yes
smtpd_delay_reject = yes
strict_rfc821_envelopes = yes
smtpd_helo_restrictions =
permit_mynetworks,
reject_non_fqdn_helo_hostname,
reject_invalid_helo_hostname,
permit
smtpd_sender_login_maps = hash:/etc/postfix/smtpd_sender_login_map
smtpd_client_restrictions =
check_client_access hash:/etc/postfix/access
smtpd_recipient_restrictions =
reject_unauth_pipelining,
reject_non_fqdn_recipient,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
check_recipient_access hash:/etc/postfix/roleaccount_exceptions,
reject_invalid_hostname,
check_helo_access pcre:/etc/postfix/helo_checks,
reject_rbl_client sbl-xbl.spamhaus.org,
permit
smtpd_sender_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_sender
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
tls_random_exchange_name = /var/spool/postfix/prng_exch
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/pki/tls/private/ssl.key.private.decrypted
smtpd_tls_cert_file = /etc/pki/tls/certs/<mumble>
smtpd_tls_CAfile = /etc/pki/tls/certs/sub.class2.server.ca.pem
smptd_tls_loglevel = 2
smtpd_tls_received_header = yes
smtpd_sasl_tls_security_options = noanonymous
smtpd_sasl_security_options = noanonymous
mailbox_size_limit = 102400000
message_size_limit = 40960000
in_flow_delay = 1s
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
home_mailbox = Maildir/
content_filter=amavisfeed:[127.0.0.1]:10024
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.2.2/samples
readme_directory = /usr/share/doc/postfix-2.2.2/README_FILES
</main.cf>


Any suggestions appreciated.
TIA rob
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Rob Kampen 11-16-2010 07:26 PM

Postfix - message queue filling with Host or name not found - try again
 
Alan Hodgson wrote:

On November 16, 2010 11:49:42 am Rob Kampen wrote:


Hi list,
I have noted over the last week or so my DNS servers are dumping lots of
messages for bogus domain lookups. Examining the postfix queue with
postqueue -p: I see many
(Host or domain name not found. Name service error for
name=bdgiedjhea.po6e4ina.com type=MX: Host not found, try again)
Jake@bdgiedjhea.po6e4ina.com
My question - why does this stay in the message queue - why not dumped
back with message undeliverable or dropped?



It will be after 5 days or something. DNS errors get temp failed in case they
start working again later. This is a good thing.


Agreed, however this opens a potential DoS attack vector - I'm trying
to determine why my postfix even has these requests present as I'm not
initiating the emails (as far as I know) and I do not forward emails
for any other domains.

I feel like I'm missing something......confused maybe


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos




_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Ben McGinnes 11-21-2010 11:00 AM

Postfix - message queue filling with Host or name not found - try again
 
On 17/11/10 7:26 AM, Rob Kampen wrote:
>
>>> Examining the postfix queue with postqueue -p: I see many
>>> (Host or domain name not found. Name service error for
>>> name=bdgiedjhea.po6e4ina.com type=MX: Host not found, try again)
>>> Jake@bdgiedjhea.po6e4ina.com
>>> My question - why does this stay in the message queue - why not dumped
>>> back with message undeliverable or dropped?

What is the complete output of postqueue -p? What is the From address
and, more to the point, is it MAILER-DAEMON?

> Agreed, however this opens a potential DoS attack vector - I'm
> trying to determine why my postfix even has these requests present
> as I'm not initiating the emails (as far as I know) and I do not
> forward emails for any other domains.
> I feel like I'm missing something......confused maybe

It could be backscatter.

Run postqueue -p and pick one of the messages, it shouldn't matter
which. Then run:

postcat -q $MSGID | less

Where $MSGID is one of the messages in the queue. That will show you
the message and headers. I'd be willing to bet it's your server
trying to send a rejection/spam detection to a server.


Regards,
Ben

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Rob Kampen 11-22-2010 02:47 AM

Postfix - message queue filling with Host or name not found - try again
 
Ben McGinnes wrote:

On 17/11/10 7:26 AM, Rob Kampen wrote:


Examining the postfix queue with postqueue -p: I see many
(Host or domain name not found. Name service error for
name=bdgiedjhea.po6e4ina.com type=MX: Host not found, try again)
Jake@bdgiedjhea.po6e4ina.com
My question - why does this stay in the message queue - why not dumped
back with message undeliverable or dropped?



What is the complete output of postqueue -p? What is the From address
and, more to the point, is it MAILER-DAEMON?


Yes it is


Agreed, however this opens a potential DoS attack vector - I'm
trying to determine why my postfix even has these requests present
as I'm not initiating the emails (as far as I know) and I do not
forward emails for any other domains.
I feel like I'm missing something......confused maybe



It could be backscatter.

Run postqueue -p and pick one of the messages, it shouldn't matter
which. Then run:

postcat -q $MSGID | less

Where $MSGID is one of the messages in the queue. That will show you
the message and headers. I'd be willing to bet it's your server
trying to send a rejection/spam detection to a server.


Correct - thanks for the pointers on how to track it down - so now my
question is how do I set things up to simply try this once and then drop
it, rather than queue it up for the next five days with all the
attendant dns errors. This is definitely at the boundaries of my mail
setup experience - for some reason the other two mail servers I run do
not seem to get the same level of spam and thus I seldom notice this.

Regards,
Ben


------------------------------------------------------------------------


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Indunil Jayasooriya 11-22-2010 02:54 AM

Postfix - message queue filling with Host or name not found - try again
 
Pls add bdgiedjhea.po6e4ina.com to /etc/hosts file

and , then add bdgiedjhea.po6e4ina.com to mydestination parameter in /etc/postfix/main.cf file


mydestination = $myhostname, localhost.$mydomain, localhost, bdgiedjhea.po6e4ina.com


then, restart postfix.

That't it.





On Mon, Nov 22, 2010 at 9:17 AM, Rob Kampen <rkampen@kampensonline.com> wrote:

Ben McGinnes wrote:


On 17/11/10 7:26 AM, Rob Kampen wrote:

*



Examining the postfix queue with postqueue -p: *I see many

(Host or domain name not found. Name service error for

name=bdgiedjhea.po6e4ina.com type=MX: Host not found, try again)

* * * * * * * * * * * * * * * * * * * * Jake@bdgiedjhea.po6e4ina.com

My question - why does this stay in the message queue - why not dumped

back with message undeliverable or dropped?

* * * *




What is the complete output of postqueue -p? *What is the From address

and, more to the point, is it MAILER-DAEMON?

*


Yes it is


*


Agreed, however this opens a potential DoS attack vector - I'm

trying to determine why my postfix even has these requests present

as I'm not initiating the emails (as far as I know) and I do not

forward emails for any other domains.

I feel like I'm missing something......confused maybe

* *




It could be backscatter.



Run postqueue -p and pick one of the messages, it shouldn't matter

which. *Then run:



postcat -q $MSGID | less



Where $MSGID is one of the messages in the queue. *That will show you

the message and headers. *I'd be willing to bet it's your server

trying to send a rejection/spam detection to a server.



*


Correct - thanks for the pointers on how to track it down - so now my question is how do I set things up to simply try this once and then drop it, rather than queue it up for the next five days with all the attendant dns errors. This is definitely at the boundaries of my mail setup experience - for some reason the other two mail servers I run do not seem to get the same level of spam and thus I seldom notice this.



Regards,

Ben



*------------------------------------------------------------------------



_______________________________________________

CentOS mailing list

CentOS@centos.org

http://lists.centos.org/mailman/listinfo/centos

*





_______________________________________________

CentOS mailing list

CentOS@centos.org

http://lists.centos.org/mailman/listinfo/centos




--
Thank you
Indunil Jayasooriya


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Ben McGinnes 11-22-2010 07:21 AM

Postfix - message queue filling with Host or name not found - try again
 
On 22/11/10 2:54 PM, Indunil Jayasooriya wrote:
>
> Pls add bdgiedjhea.po6e4ina.com <mailto:Jake@bdgiedjhea.po6e4ina.com> to
> /etc/hosts file
>
> and , then add bdgiedjhea.po6e4ina.com
> <mailto:Jake@bdgiedjhea.po6e4ina.com> to mydestination parameter in
> /etc/postfix/main.cf <http://main.cf> file
>
> mydestination = $myhostname, localhost.$mydomain, localhost,
> bdgiedjhea.po6e4ina.com <mailto:Jake@bdgiedjhea.po6e4ina.com>

This is a really *bad* idea, it makes Rob's mail server accept mail
for that domain, which is not what he wants. What he wants is to
prevent his system from sending an auto-response to an unreachable
host.


Regards,
Ben

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Ben McGinnes 11-22-2010 07:44 AM

Postfix - message queue filling with Host or name not found - try again
 
On 22/11/10 2:47 PM, Rob Kampen wrote:
> Ben McGinnes wrote:
>>
>> What is the complete output of postqueue -p? What is the From address
>> and, more to the point, is it MAILER-DAEMON?
>>
> Yes it is

Cool.

>> Where $MSGID is one of the messages in the queue. That will show
>> you the message and headers. I'd be willing to bet it's your
>> server trying to send a rejection/spam detection to a server.
>
> Correct - thanks for the pointers on how to track it down -

No problem.

> so now my question is how do I set things up to simply try this once
> and then drop it, rather than queue it up for the next five days
> with all the attendant dns errors.

That would be difficult to do without it affecting all mail and
resolution problems are supposed to induce temporary failures for a
reason. The reason normally being that if you are isolated from the
Internet for any length of time (e.g. link outage), you don't want
mail queued on the server being bounced or dropped because you can't
reach an external name server to find an A record or MX record.

> This is definitely at the boundaries of my mail setup experience -
> for some reason the other two mail servers I run do not seem to get
> the same level of spam and thus I seldom notice this.

Are they both running Postfix too? If so, compare the output of
postconf -n between the three servers and look for what is different.

In this case, the email address that the bounces are trying to be
delivered to is what appeared in the MAIL FROM section during
delivery. It is almost certainly intended to bounce and the mail will
all be spam. I haven't been able to find any A records for that
domain and the registration is in Russia. It's a fairly safe bet that
they're spammers.

I would recommend that you add the following to your
smtpd_recipient_restrictions in main.cf:

check_sender_access
hash:/etc/postfix/sender_access,

Probably immediately above or below the line for
"check_recipient_access" which is listed in your original post.

Create a file called /etc/postfix/sender_access with the text editor
of your choice and include the following line:

po6e4ina.com REJECT

Then run the following commands:

postmap /etc/postfix/sender_access
postfix reload

That should do the trick nicely.


Regards,
Ben

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Mike Fedyk 11-26-2010 05:48 PM

Postfix - message queue filling with Host or name not found - try again
 
On Tue, Nov 16, 2010 at 11:49 AM, Rob Kampen <rkampen@kampensonline.com> wrote:
> Hi list,
> I have noted over the last week or so my DNS servers are dumping lots of
> messages for bogus domain lookups. Examining the postfix queue with
> postqueue -p: *I see many
> (Host or domain name not found. Name service error for
> name=bdgiedjhea.po6e4ina.com type=MX: Host not found, try again)
> * * * * * * * * * * * * * * * * * * * *Jake@bdgiedjhea.po6e4ina.com
> My question - why does this stay in the message queue - why not dumped back
> with message undeliverable or dropped?
> I understand this is probably related to my config - which follows:
> <main.cf>


Here's what you want (copied from my config):

maps_rbl_reject_code = 450
non_fqdn_reject_code = 450
smtpd_delay_reject = yes
smtpd_helo_required = yes

smtpd_helo_restrictions =
reject_unauth_pipelining
permit_sasl_authenticated
permit_mynetworks
reject_invalid_hostname
reject_non_fqdn_hostname
reject_unknown_helo_hostname
permit

smtpd_sender_restrictions =
reject_unauth_pipelining
reject_non_fqdn_sender
reject_non_fqdn_recipient
reject_unknown_recipient_domain
reject_unknown_sender_domain
permit

smtpd_client_restrictions =
# sleep 1
reject_unauth_pipelining
permit_sasl_authenticated
permit_mynetworks
reject_unknown_client_hostname
permit

smtpd_recipient_restrictions =
reject_unauth_pipelining
reject_non_fqdn_recipient
reject_unknown_recipient_domain
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
#fully automated RBLs
reject_rbl_client truncate.gbudb.net
reject_rbl_client dnsbl.proxybl.org
reject_rbl_client psbl.surriel.com
reject_rbl_client db.wpbl.info
reject_rbl_client bl.spamcop.net
# reject_rbl_client bl.spamcannibal.org #blocked charles
reject_rbl_client intercept.datapacket.net
reject_rbl_client spamtrap.drbl.drand.net
# reject_rbl_client dnsbl.ahbl.org #blocked godaddy
reject_rbl_client dnsbl-1.uceprotect.net
reject_rbl_client bhnc.njabl.org
reject_rbl_client dnsbl.njabl.org
#larder RBLs with some non-automation and larger ranges of IPs
# reject_rbl_client dnsbl.sorbs.net #(blocked fedora)
# reject_rbl_client dnsbl-2.uceprotect.net
reject_rbl_client dnsbl-3.uceprotect.net
reject_rbl_client zen.spamhaus.org
# reject_rbl_client
# reject_rbl_client dnsbl-2.uceprotect.net,
# check_policy_service unix:private/spfpolicy
# check_policy_service inet:127.0.0.1:10023
permit

strict_rfc821_envelopes = yes
smtpd_reject_unlisted_sender = yes
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Alexander Dalloz 11-26-2010 07:24 PM

Postfix - message queue filling with Host or name not found - try again
 
Am 26.11.2010 19:48, schrieb Mike Fedyk:
> On Tue, Nov 16, 2010 at 11:49 AM, Rob Kampen <rkampen@kampensonline.com> wrote:
>> Hi list,
>> I have noted over the last week or so my DNS servers are dumping lots of
>> messages for bogus domain lookups. Examining the postfix queue with
>> postqueue -p: I see many
>> (Host or domain name not found. Name service error for
>> name=bdgiedjhea.po6e4ina.com type=MX: Host not found, try again)
>> Jake@bdgiedjhea.po6e4ina.com
>> My question - why does this stay in the message queue - why not dumped back
>> with message undeliverable or dropped?
>> I understand this is probably related to my config - which follows:
>> <main.cf>
>
>
> Here's what you want (copied from my config):

Not really - because the shown part of the Postfix config is doubtful.

> maps_rbl_reject_code = 450
> non_fqdn_reject_code = 450

Why a temporary DSN? You want those to come back again and again and
again ...?

> smtpd_delay_reject = yes

Running the default of a delayed reject, why then splitting up the
smtpd_*_restrictions causing plenty of tests to be run more than 1 time?

> smtpd_helo_required = yes
>
> smtpd_helo_restrictions =
> reject_unauth_pipelining
> permit_sasl_authenticated
> permit_mynetworks
> reject_invalid_hostname
> reject_non_fqdn_hostname

Can lead to a lot of rejects for legitimate senders.

> reject_unknown_helo_hostname
> permit
>
> smtpd_sender_restrictions =
> reject_unauth_pipelining
> reject_non_fqdn_sender
> reject_non_fqdn_recipient

Again in smptd_recipient_restrictions.

> reject_unknown_recipient_domain

Again in smptd_recipient_restrictions.

> reject_unknown_sender_domain
> permit
>
> smtpd_client_restrictions =
> # sleep 1
> reject_unauth_pipelining
> permit_sasl_authenticated
> permit_mynetworks
> reject_unknown_client_hostname
> permit
>
> smtpd_recipient_restrictions =
> reject_unauth_pipelining
> reject_non_fqdn_recipient
> reject_unknown_recipient_domain
> permit_mynetworks
> permit_sasl_authenticated
> reject_unauth_destination
> #fully automated RBLs

Much too much RBLs, really.

> reject_rbl_client truncate.gbudb.net
> reject_rbl_client dnsbl.proxybl.org
> reject_rbl_client psbl.surriel.com
> reject_rbl_client db.wpbl.info
> reject_rbl_client bl.spamcop.net

spamcop can be too aggressive.

> # reject_rbl_client bl.spamcannibal.org #blocked charles
> reject_rbl_client intercept.datapacket.net
> reject_rbl_client spamtrap.drbl.drand.net
> # reject_rbl_client dnsbl.ahbl.org #blocked godaddy
> reject_rbl_client dnsbl-1.uceprotect.net
> reject_rbl_client bhnc.njabl.org
> reject_rbl_client dnsbl.njabl.org
> #larder RBLs with some non-automation and larger ranges of IPs
> # reject_rbl_client dnsbl.sorbs.net #(blocked fedora)
> # reject_rbl_client dnsbl-2.uceprotect.net
> reject_rbl_client dnsbl-3.uceprotect.net
> reject_rbl_client zen.spamhaus.org
> # reject_rbl_client
> # reject_rbl_client dnsbl-2.uceprotect.net,
> # check_policy_service unix:private/spfpolicy
> # check_policy_service inet:127.0.0.1:10023
> permit
>
> strict_rfc821_envelopes = yes
> smtpd_reject_unlisted_sender = yes

Alexander

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Rob Kampen 11-27-2010 05:06 PM

Postfix - message queue filling with Host or name not found - try again
 
Mike Fedyk wrote:

On Tue, Nov 16, 2010 at 11:49 AM, Rob Kampen <rkampen@kampensonline.com> wrote:


Hi list,
I have noted over the last week or so my DNS servers are dumping lots of
messages for bogus domain lookups. Examining the postfix queue with
postqueue -p: I see many
(Host or domain name not found. Name service error for
name=bdgiedjhea.po6e4ina.com type=MX: Host not found, try again)
Jake@bdgiedjhea.po6e4ina.com
My question - why does this stay in the message queue - why not dumped back
with message undeliverable or dropped?
I understand this is probably related to my config - which follows:
<main.cf>




Here's what you want (copied from my config):

maps_rbl_reject_code = 450
non_fqdn_reject_code = 450

450 implies not available try again later - definitely not what I want
for blacklisted senders - I want 550 or something that makes their
server go up in smoke.

smtpd_delay_reject = yes
smtpd_helo_required = yes

smtpd_helo_restrictions =
reject_unauth_pipelining
permit_sasl_authenticated
permit_mynetworks
reject_invalid_hostname
reject_non_fqdn_hostname
reject_unknown_helo_hostname
permit

smtpd_sender_restrictions =
reject_unauth_pipelining
reject_non_fqdn_sender
reject_non_fqdn_recipient
reject_unknown_recipient_domain
reject_unknown_sender_domain
permit

smtpd_client_restrictions =
# sleep 1
reject_unauth_pipelining
permit_sasl_authenticated
permit_mynetworks
reject_unknown_client_hostname
permit

smtpd_recipient_restrictions =
reject_unauth_pipelining
reject_non_fqdn_recipient
reject_unknown_recipient_domain
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
#fully automated RBLs
reject_rbl_client truncate.gbudb.net
reject_rbl_client dnsbl.proxybl.org
reject_rbl_client psbl.surriel.com
reject_rbl_client db.wpbl.info
reject_rbl_client bl.spamcop.net
# reject_rbl_client bl.spamcannibal.org #blocked charles
reject_rbl_client intercept.datapacket.net
reject_rbl_client spamtrap.drbl.drand.net
# reject_rbl_client dnsbl.ahbl.org #blocked godaddy
reject_rbl_client dnsbl-1.uceprotect.net
reject_rbl_client bhnc.njabl.org
reject_rbl_client dnsbl.njabl.org
#larder RBLs with some non-automation and larger ranges of IPs
# reject_rbl_client dnsbl.sorbs.net #(blocked fedora)
# reject_rbl_client dnsbl-2.uceprotect.net
reject_rbl_client dnsbl-3.uceprotect.net
reject_rbl_client zen.spamhaus.org
# reject_rbl_client
# reject_rbl_client dnsbl-2.uceprotect.net,
# check_policy_service unix:private/spfpolicy
# check_policy_service inet:127.0.0.1:10023
permit

strict_rfc821_envelopes = yes
smtpd_reject_unlisted_sender = yes

Thanks for sharing your config - when I get some spare time I'll check
it out.

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


All times are GMT. The time now is 11:34 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.