Postfix/smtpd hostname does not resolve to ip (but it does!)

April 11, 2017 720 views
Email Ubuntu

Hello;

I've been searching and reading through numerous posts, but can't seem to find a resolution to my email issue.

I'm seeing the following in my logs, every few minutes;

Apr 10 23:53:50 toronto01 postfix/smtpd[2497]: warning: hostname toronto01.kasnetwork.com does not resolve to address 159.203.56.205
Apr 10 23:53:50 toronto01 postfix/smtpd[2497]: connect from unknown[159.203.56.205]
Apr 10 23:53:50 toronto01 postfix/smtpd[2497]: disconnect from unknown[159.203.56.205]

I have reverse pointers setup and the hostname does resolve at mxtoolbox --> https://mxtoolbox.com/SuperTool.aspx?action=ptr%3a159.203.56.205&run=toolpage

I just can't seem to figure out why this error occurs as the logs offer no real explanation. No rejected messages, or SASL login failed, etc., such as this entry;

Apr 10 23:59:42 toronto01 postfix/smtpd[2666]: warning: hostname 80-69-247-10.pasargadnet.ir does not resolve to address 80.69.247.10
Apr 10 23:59:42 toronto01 postfix/smtpd[2666]: connect from unknown[80.69.247.10]
Apr 10 23:59:45 toronto01 postfix/smtpd[2666]: warning: unknown[80.69.247.10]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Apr 10 23:59:45 toronto01 postfix/smtpd[2666]: disconnect from unknown[80.69.247.10]

I don't know where this "connection" is coming from. It appears as if the server is connecting to itself, but for what reason and why it doesn't resolve I just can't understand.

Any pointers would be greatly appreciated!

Thanks;
Kyle

1 comment
  • As a follow up this morning, here is an excerpt from my mail.log;

    Apr 11 08:29:33 toronto01 postfix/smtpd[29543]: warning: hostname dedic878.hidehost.net does not resolve to address 91.200.12.173
    Apr 11 08:30:44 toronto01 postfix/smtpd[29543]: warning: hostname toronto01.kasnetwork.com does not resolve to address 159.203.56.205
    Apr 11 08:32:44 toronto01 postfix/smtpd[29945]: warning: hostname toronto01.kasnetwork.com does not resolve to address 159.203.56.205
    Apr 11 08:34:44 toronto01 postfix/smtpd[30002]: warning: hostname toronto01.kasnetwork.com does not resolve to address 159.203.56.205
    Apr 11 08:35:21 toronto01 postfix/smtpd[30002]: warning: hostname dedic869.hidehost.net does not resolve to address 91.200.12.145
    Apr 11 08:36:44 toronto01 postfix/smtpd[30002]: warning: hostname toronto01.kasnetwork.com does not resolve to address 159.203.56.205
    Apr 11 08:38:44 toronto01 postfix/smtpd[30002]: warning: hostname toronto01.kasnetwork.com does not resolve to address 159.203.56.205
    Apr 11 08:40:44 toronto01 postfix/smtpd[30284]: warning: hostname toronto01.kasnetwork.com does not resolve to address 159.203.56.205
    Apr 11 08:40:50 toronto01 postfix/smtpd[30284]: warning: hostname 155.cobranet.org does not resolve to address 41.86.155.53
    Apr 11 08:42:25 toronto01 postfix/smtpd[30284]: warning: hostname dedic869.hidehost.net does not resolve to address 91.200.12.145
    Apr 11 08:42:44 toronto01 postfix/smtpd[30284]: warning: hostname toronto01.kasnetwork.com does not resolve to address 159.203.56.205
    Apr 11 08:43:16 toronto01 postfix/smtpd[30284]: warning: hostname dedic878.hidehost.net does not resolve to address 91.200.12.173
    Apr 11 08:43:56 toronto01 postfix/smtpd[30284]: warning: hostname localhost does not resolve to address 27.72.45.109
    Apr 11 08:44:44 toronto01 postfix/smtpd[30284]: warning: hostname toronto01.kasnetwork.com does not resolve to address 159.203.56.205
    Apr 11 08:46:44 toronto01 postfix/smtpd[30511]: warning: hostname toronto01.kasnetwork.com does not resolve to address 159.203.56.205
    Apr 11 08:48:44 toronto01 postfix/smtpd[30564]: warning: hostname toronto01.kasnetwork.com does not resolve to address 159.203.56.205
    Apr 11 08:49:05 toronto01 postfix/smtpd[30564]: warning: hostname dedic869.hidehost.net does not resolve to address 91.200.12.145
    Apr 11 08:50:44 toronto01 postfix/smtpd[30564]: warning: hostname toronto01.kasnetwork.com does not resolve to address 159.203.56.205
    Apr 11 08:52:44 toronto01 postfix/smtpd[30564]: warning: hostname toronto01.kasnetwork.com does not resolve to address 159.203.56.205
    Apr 11 08:54:44 toronto01 postfix/smtpd[30564]: warning: hostname toronto01.kasnetwork.com does not resolve to address 159.203.56.205
    Apr 11 08:55:56 toronto01 postfix/smtpd[30564]: warning: hostname dedic869.hidehost.net does not resolve to address 91.200.12.145
    Apr 11 08:56:44 toronto01 postfix/smtpd[30564]: warning: hostname toronto01.kasnetwork.com does not resolve to address 159.203.56.205
    

    You can see how often I'm seeing this warning, but what also interests me is if I do a reverse lookup on any of these (including my ip), they ALL resolve to the hostname shown.

    91.200.12.173 does indeed resolve to dedic878.hidehost.net (https://mxtoolbox.com/SuperTool.aspx?action=ptr%3a91.200.12.145&run=toolpage#) as do the rest.

    Is this something I have incorrectly set in a config file?

    Thanks;
    Kyle

3 Answers
kylestubbins May 6, 2017
Accepted Answer

Everything was working, so this wasn't urgent and I kinda back-burnered it for a while.

It seems I resolved it today when I ran into a discussion about setting up /etc/hosts and the purpose of 127.0.1.1. That led me to this -> https://serverfault.com/questions/363095/why-does-my-hostname-appear-with-the-address-127-0-1-1-rather-than-127-0-0-1-in

From the Debian manual;
For a system with a permanent IP address, that permanent IP address should be used here instead of 127.0.1.1.

So, my hostname was resolving (as far as Postfix was concerned) to 127.0.1.1.

Removing the 127.0.1.1 line from /etc/hosts, so it looks like this;

127.0.0.1       localhost.localdomain           localhost
159.203.56.205  toronto01.kasnetwork.com        toronto01

and then restarting Postfix, has resolved the hostname verification errors I was seeing.

As a side note, I did have both smtp_host_lookup and lmpt_host_lookup = native before these changes to see if it would help. It did not, so I removed them both before restarting Postfix so the default settings (dns) would be used. It appears as these settings are not needed and can be left at their default values.

Hopefully it will help someone else.

Kyle

Hi @kylestubbins

Add smtp_host_lookup = native to your main.cf. That should make use of your /etc/hosts - if you have anything special setup there.

It's just warnings, so it's still working correctly. You can safely ignore that warning.
When I run dig toronto01.kasnetwork.com A

toronto01.kasnetwork.com. 1799  IN  CNAME   www.kasnetwork.com.
www.kasnetwork.com. 1799    IN  A   159.203.56.205

I don't think Postfix can handle multiple different returns. This should be an A-record instead of a CNAME, just to make sure we play nice with old mail servers.

And as for 80-69-247-10.pasargadnet.ir it does not resolve, so the warning is legit.

  • Thanks, @hansen;

    Sure you had to pick one I didn't resolve. ;-)

    I'll give that a go when I get home tonight & let you know how it goes.

    • @hansen - I have made the changes and have given it a day just to make sure the DNS changes propagated. I didn't create an A record for the hostname when I set things up. It was being caught by the domains CNAME wildcard catch-all for the www subdomain. For some reason, I thought the hostname was automatically setup/handled during install. Live and learn. Dig looks good now.

      toronto01.kasnetwork.com. 933   IN  A   159.203.56.205
      

      I made the changes to my main.cf file and also changed my /etc/hosts to reflect as I had the big scary warning at the top saying changes wouldn't persist and to make changes to the template file.… read up on this and found it was a 'bug' of sorts on install and can be ignored. So, I removed the warning and setup /etc/hosts as per normal.

      127.0.0.1       localhost.localdomain           localhost
      127.0.1.1       toronto01.kasnetwork.com        toronto01
      159.203.56.205  toronto01.kasnetwork.com        toronto01
      

      I restarted postfix and it's been a day, but I'm still seeing these warnings in my logs. Not sure if I need to restart any other services, but I'll keep an eye on it, particularly next reboot.

      I know you said it's just warnings, so they can be safely ignored. I'm more curious to understand why this occurs. I have resolve.conf setup to use google. Maybe I should try openDNS?

      nameserver 8.8.8.8
      nameserver 8.8.4.4
      

      I'll keep trying and see what I eventually come up with. Suggestions are welcome!

      Thanks;
      Kyle

Have another answer? Share your knowledge.