hostname does not resolve to address

[JCV]

Greetings,
"hostname does not resolve to address" but, in fact the IP address resolves to the correct name. I get this kind of rejection for some hosts from time to ttime


2024-01-19T11:25:22.303105+00:00 proxmox postfix/smtpd[190151]: warning: hostname domain.com does not resolve to address xx.xx.xx.xx
2024-01-19T11:25:22.303302+00:00 proxmox postfix/smtpd[190151]: connect from unknown[xx.xx.xx.xx]
2024-01-19T11:25:22.318490+00:00 proxmox postfix/smtpd[190151]: NOQUEUE: reject: RCPT from unknown[xx.xx.xx.xx]: 450 4.7.25 Client host rejected: cannot find your hostname, [185.58.81.13]; from=<no.reply.domain.com> to=<domain2.com> proto=ESMTP helo=<domain.com>
2024-01-19T11:25:22.324004+00:00 proxmox postfix/smtpd[190151]: disconnect from unknown[xx.xx.xx.xx] ehlo=1 mail=1 rcpt=0/1 quit=1 commands=3/4

What can I do to solve this?
thank you

 

[sb-jw]

Forward and backward resolution must produce identical results. If you don't manage the other servers, there's nothing you can do here except point out to the admin that he should please check and correct his configuration.

 

[JCV]

This e-mail is from a major company, I don't think that it is not correctly configured. While pinging name and reverse IP, from windows, the results are correct. I think that I may have some error on my pmg configuration but I can find it.

 

[sb-jw]

But the error message says that it could not be resolved. That's just a fact. The cause can be incorrect DNS settings, a TTL that is too short and possibly caused caching problems, or a temporary inaccessibility of the DNS resolver (unless the local one is used).

Whatever the cause, the error message remains correct and reflects the actual situation at that moment.

 

[JCV]

Just found out that IP address is resolved but ICMP looks to be blocked (mail.edp.pt), could it be the cause?

 

[Stoiko Ivanov]

Just found out that IP address is resolved but ICMP looks to be blocked (mail.edp.pt), could it be the cause?

no - postfix does not rely on icmp to detect reachability ...

as @sb-jw correctly pointed out - the issue is with DNS as seen on the PMG.
you can test this by installing drill (`apt install ldnsutils`) and checking on the PMG:
* `drill mail.edp.pt` (use the hostname you see in the logs here!
* `drill -x <ip.ad.dr.es>` (use the ip-address from the logs here
those should coincide.

 

[JCV]

no - postfix does not rely on icmp to detect reachability ...

as @sb-jw correctly pointed out - the issue is with DNS as seen on the PMG.
you can test this by installing drill (`apt install ldnsutils`) and checking on the PMG:
* `drill mail.edp.pt` (use the hostname you see in the logs here!
* `drill -x <ip.ad.dr.es>` (use the ip-address from the logs here
those should coincide.

Thank you for your reply, both, direct and reverse ping get correct answers
root@proxmox:~# drill mail.edp.pt
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 35949
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; mail.edp.pt. IN A

;; ANSWER SECTION:
mail.edp.pt. 30 IN A 185.58.81.13

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 13 msec
;; SERVER: 195.23.129.126
;; WHEN: Mon Jan 22 09:41:05 2024
;; MSG SIZE rcvd: 45
root@proxmox:~# drill -x 185.58.81.13
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 5166
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; 13.81.58.185.in-addr.arpa. IN PTR

;; ANSWER SECTION:
13.81.58.185.in-addr.arpa. 38400 IN PTR mail.edp.pt.

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 13 msec
;; SERVER: 195.23.129.126
;; WHEN: Mon Jan 22 09:41:39 2024
;; MSG SIZE rcvd: 68

 

[critech]

I believe I'm experiencing the same issue, PMG 8.1.2

I have both Mail Proxy > Options > Reject unknown clients & Reject unknown senders enabled.

Emails are being rejected like this:

rejected >> hostname mail-vs1-f44.google.com does not resolve to address 209.85.217.44​

However....

root@proxmox:~# nslookup mail-vs1-f44.google.com​

Server: 8.8.8.8​

Address: 8.8.8.8#53​

​

Non-authoritative answer:​

Name: mail-vs1-f44.google.com​

Address: 209.85.217.44​

Looks like it's resolving?

 

[Stoiko Ivanov]

how about the reverse lookup?

dig -x 209.85.217.44

 

[critech]

root@proxmox:~# dig -x 209.85.217.44

; <<>> DiG 9.18.24-1-Debian <<>> -x 209.85.217.44
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19283
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;44.217.85.209.in-addr.arpa. IN PTR

;; ANSWER SECTION:
44.217.85.209.in-addr.arpa. 16269 IN PTR mail-vs1-f44.google.com.

;; Query time: 20 msec
;; SERVER: 8.8.8.8#53(8.8.8.8) (UDP)
;; WHEN: Tue Jun 04 13:14:13 EDT 2024
;; MSG SIZE rcvd: 92

 

[critech]

I should add that, so far, each time I've had to deal with this issue, it was related to a google.com domain:

2024-06-03T11:43:46.671317-04:00 proxmox postfix/smtpd[958415]: warning: hostname mail-qk1-f173.google.com does not resolve to address 209.85.222.173​

2024-06-03T11:43:46.671463-04:00 proxmox postfix/smtpd[958415]: connect from unknown[209.85.222.173]​

2024-06-03T11:43:46.836121-04:00 proxmox postfix/smtpd[958415]: NOQUEUE: reject: RCPT from unknown[209.85.222.173]: 450 4.7.25 Client host rejected: cannot find your hostname​

I solve it by whitelisting the sender domain, which in this case was a @umich.edu addy.

My guess is that the sender has their domain name hosted with Google and use GMAIL as their MX. So, maybe, PMG see's google.com but the sender is something diff?