[9.065][ANSWERED] SMTP Failed To Expand ACL String on DNS ptr failure

Hi, I have a few emails that are getting temporarily rejected due to ACL string error. Here are a few log snippets...

/var/log/smtp/2013/02/smtp-2013-02-10.log.gz:2013:02:10-06:15:54 gatekeeper exim-in[4648]: 2013-02-10 06:15:54 H=([36.73.64.11]) [36.73.64.11]:18546 F= temporarily rejected RCPT : failed to expand ACL string "${lookup dnsdb{ptr=$sender_host_address}{0}{1}}": lookup of "ptr=36.73.64.11" gave DEFER:

gatekeeper exim-in[24914]: 2013-02-13 03:11:53 H=([180.245.209.110]) [180.245.209.110]:15930 F= temporarily rejected RCPT : failed to expand ACL string "${lookup dnsdb{ptr=$sender_host_address}{0}{1}}": lookup of "ptr=180.245.209.110" gave DEFER:

gatekeeper exim-in[20166]: 2013-02-14 10:16:33 H=(mta27.agedpr.com) [192.69.94.222]:37556 F= temporarily rejected RCPT : failed to expand ACL string "${lookup dnsdb{ptr=$sender_host_address}{0}{1}}": lookup of "ptr=192.69.94.222" gave DEFER:

and DNS query.........

gatekeeper:/var/log # dig ptr 222.94.69.192.in-addr.arpa



; <>> DiG 9.6-ESV-R7-P4 <>> ptr 222.94.69.192.in-addr.arpa

;; global options: +cmd

;; Got answer:

;; ->>HEADER

and DNS log...

2013:02:18-21:10:40 gatekeeper named[4207]: error (unexpected RCODE SERVFAIL) resolving '222.94.69.192.in-addr.arpa/PTR/IN': 199.19.111.7#53

2013:02:18-21:10:40 gatekeeper named[4207]: error (unexpected RCODE SERVFAIL) resolving '222.94.69.192.in-addr.arpa/PTR/IN': 204.124.182.253#53

Regards
Bill

Parents

0 bulirich_01 over 12 years ago

For me this looks like a problem with the reverse zone hosting 192.69.94.222. With "dig ptr 222.94.69.192.in-addr.arpa @z.arin.net" i get "dns4.volumedrive.com" and "dns3.volumedrive.com" in authority section. Doing a "dig ptr 222.94.69.192.in-addr.arpa @dns4.volumedrive.com" then gets me a "SERVFAIL". I also get a fail for the other two ips.

Do you have "Reject invalid HELO / missing RDNS" activated on your UTM? I assume the UTM is checking the RDNS on incoming mail. In case of 192.69.94.222 the reverse lookup results in a "SERVFAIL" and the UTM rejects the mails temporarily. Looks like the desired behaviour for me.

Then, one option would be to disable RDNS checking, maybe on a exception basis just for these ips. Or wait until volumedrive.com gets its dns servers up and running the reverse zone...
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 bulirich_01 over 12 years ago

For me this looks like a problem with the reverse zone hosting 192.69.94.222. With "dig ptr 222.94.69.192.in-addr.arpa @z.arin.net" i get "dns4.volumedrive.com" and "dns3.volumedrive.com" in authority section. Doing a "dig ptr 222.94.69.192.in-addr.arpa @dns4.volumedrive.com" then gets me a "SERVFAIL". I also get a fail for the other two ips.

Do you have "Reject invalid HELO / missing RDNS" activated on your UTM? I assume the UTM is checking the RDNS on incoming mail. In case of 192.69.94.222 the reverse lookup results in a "SERVFAIL" and the UTM rejects the mails temporarily. Looks like the desired behaviour for me.

Then, one option would be to disable RDNS checking, maybe on a exception basis just for these ips. Or wait until volumedrive.com gets its dns servers up and running the reverse zone...
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 Billybob over 12 years ago in reply to bulirich_01

Hi, I do have RDNS/ Strict RDNS checking enabled. However the mail should get a permanent deny after some retries and not a temporary defer like in my case. On a heavy loaded smtp server, this can become a huge problem...

/var/log/smtp/2013/02/smtp-2013-02-18.log.gz:2013:02:18-22:21:52 gatekeeper exim-in[15360]: 2013-02-18 22:21:52 H=(mta36.agedpr.com) [192.69.94.231]:34375 F= temporarily rejected RCPT : failed to expand ACL string "${lookup dnsdb{ptr=$sender_host_address}{0}{1}}": lookup of "ptr=192.69.94.231" gave DEFER:

/var/log/smtp/2013/02/smtp-2013-02-18.log.gz:2013:02:18-22:22:56 gatekeeper exim-in[15376]: 2013-02-18 22:22:56 H=(mta36.agedpr.com) [192.69.94.231]:34458 F= temporarily rejected RCPT : failed to expand ACL string "${lookup dnsdb{ptr=$sender_host_address}{0}{1}}": lookup of "ptr=192.69.94.231" gave DEFER:

/var/log/smtp/2013/02/smtp-2013-02-18.log.gz:2013:02:18-22:24:13 gatekeeper exim-in[15393]: 2013-02-18 22:24:13 H=(mta36.agedpr.com) [192.69.94.231]:47885 F= temporarily rejected RCPT : failed to expand ACL string "${lookup dnsdb{ptr=$sender_host_address}{0}{1}}": lookup of "ptr=192.69.94.231" gave DEFER:

/var/log/smtp/2013/02/smtp-2013-02-18.log.gz:2013:02:18-22:25:17 gatekeeper exim-in[15442]: 2013-02-18 22:25:17 H=(mta36.agedpr.com) [192.69.94.231]:51251 F= temporarily rejected RCPT : failed to expand ACL string "${lookup dnsdb{ptr=$sender_host_address}{0}{1}}": lookup of "ptr=192.69.94.231" gave DEFER:

/var/log/smtp/2013/02/smtp-2013-02-18.log.gz:2013:02:18-22:26:39 gatekeeper exim-in[15607]: 2013-02-18 22:26:39 H=(mta36.agedpr.com) [192.69.94.231]:41406 F= temporarily rejected RCPT : failed to expand ACL string "${lookup dnsdb{ptr=$sender_host_address}{0}{1}}": lookup of "ptr=192.69.94.231" gave DEFER:

/var/log/smtp/2013/02/smtp-2013-02-18.log.gz:2013:02:18-22:27:49 gatekeeper exim-in[15623]: 2013-02-18 22:27:49 H=(mta36.agedpr.com) [192.69.94.231]:43204 F= temporarily rejected RCPT : failed to expand ACL string "${lookup dnsdb{ptr=$sender_host_address}{0}{1}}": lookup of "ptr=192.69.94.231" gave DEFER:

/var/log/smtp/2013/02/smtp-2013-02-18.log.gz:2013:02:18-22:29:11 gatekeeper exim-in[15637]: 2013-02-18 22:29:11 H=(mta36.agedpr.com) [192.69.94.231]:35567 F= temporarily rejected RCPT : failed to expand ACL string "${lookup dnsdb{ptr=$sender_host_address}{0}{1}}": lookup of "ptr=192.69.94.231" gave DEFER:

/var/log/smtp/2013/02/smtp-2013-02-18.log.gz:2013:02:18-22:30:21 gatekeeper exim-in[15804]: 2013-02-18 22:30:21 H=(mta36.agedpr.com) [192.69.94.231]:54103 F= temporarily rejected RCPT : failed to expand ACL string "${lookup dnsdb{ptr=$sender_host_address}{0}{1}}": lookup of "ptr=192.69.94.231" gave DEFER:

/var/log/smtp/2013/02/smtp-2013-02-18.log.gz:2013:02:18-22:31:33 gatekeeper exim-in[16187]: 2013-02-18 22:31:33 H=(mta36.agedpr.com) [192.69.94.231]:34956 F= temporarily rejected RCPT : failed to expand ACL string "${lookup dnsdb{ptr=$sender_host_address}{0}{1}}": lookup of "ptr=192.69.94.231" gave DEFER:

/var/log/smtp/2013/02/smtp-2013-02-18.log.gz:2013:02:18-22:32:50 gatekeeper exim-in[16242]: 2013-02-18 22:32:50 H=(mta36.agedpr.com) [192.69.94.231]:48851 F= temporarily rejected RCPT : failed to expand ACL string "${lookup dnsdb{ptr=$sender_host_address}{0}{1}}": lookup of "ptr=192.69.94.231" gave DEFER:

/var/log/smtp/2013/02/smtp-2013-02-18.log.gz:2013:02:18-22:33:54 gatekeeper exim-in[16258]: 2013-02-18 22:33:54 H=(mta36.agedpr.com) [192.69.94.231]:38429 F= temporarily rejected RCPT : failed to expand ACL string "${lookup dnsdb{ptr=$sender_host_address}{0}{1}}": lookup of "ptr=192.69.94.231" gave DEFER:

/var/log/smtp/2013/02/smtp-2013-02-18.log.gz:2013:02:18-22:35:04 gatekeeper exim-in[16276]: 2013-02-18 22:35:04 H=(mta36.agedpr.com) [192.69.94.231]:35687 F= temporarily rejected RCPT : failed to expand ACL string "${lookup dnsdb{ptr=$sender_host_address}{0}{1}}": lookup of "ptr=192.69.94.231" gave DEFER:

/var/log/smtp/2013/02/smtp-2013-02-18.log.gz:2013:02:18-22:36:13 gatekeeper exim-in[16323]: 2013-02-18 22:36:13 H=(mta36.agedpr.com) [192.69.94.231]:39333 F= temporarily rejected RCPT : failed to expand ACL string "${lookup dnsdb{ptr=$sender_host_address}{0}{1}}": lookup of "ptr=192.69.94.231" gave DEFER:

/var/log/smtp/2013/02/smtp-2013-02-18.log.gz:2013:02:18-22:37:17 gatekeeper exim-in[16339]: 2013-02-18 22:37:17 H=(mta36.agedpr.com) [192.69.94.231]:40656 F= temporarily rejected RCPT : failed to expand ACL string "${lookup dnsdb{ptr=$sender_host_address}{0}{1}}": lookup of "ptr=192.69.94.231" gave DEFER:

/var/log/smtp/2013/02/smtp-2013-02-18.log.gz:2013:02:18-22:38:22 gatekeeper exim-in[16349]: 2013-02-18 22:38:22 H=(mta36.agedpr.com) [192.69.94.231]:45241 F= temporarily rejected RCPT : failed to expand ACL string "${lookup dnsdb{ptr=$sender_host_address}{0}{1}}": lookup of "ptr=192.69.94.231" gave DEFER:

/var/log/smtp/2013/02/smtp-2013-02-18.log.gz:2013:02:18-22:39:29 gatekeeper exim-in[16367]: 2013-02-18 22:39:29 H=(mta36.agedpr.com) [192.69.94.231]:49944 F= temporarily rejected RCPT : failed to expand ACL string "${lookup dnsdb{ptr=$sender_host_address}{0}{1}}": lookup of "ptr=192.69.94.231" gave DEFER:

/var/log/smtp/2013/02/smtp-2013-02-18.log.gz:2013:02:18-22:40:41 gatekeeper exim-in[16567]: 2013-02-18 22:40:41 H=(mta36.agedpr.com) [192.69.94.231]:34738 F= temporarily rejected RCPT : failed to expand ACL string "${lookup dnsdb{ptr=$sender_host_address}{0}{1}}": lookup of "ptr=192.69.94.231" gave DEFER:

/var/log/smtp/2013/02/smtp-2013-02-18.log.gz:2013:02:18-22:41:45 gatekeeper exim-in[16582]: 2013-02-18 22:41:45 H=(mta36.agedpr.com) [192.69.94.231]:54034 F= temporarily rejected RCPT : failed to expand ACL string "${lookup dnsdb{ptr=$sender_host_address}{0}{1}}": lookup of "ptr=192.69.94.231" gave DEFER:

/var/log/smtp/2013/02/smtp-2013-02-18.log.gz:2013:02:18-22:42:55 gatekeeper exim-in[16597]: 2013-02-18 22:42:55 H=(mta36.agedpr.com) [192.69.94.231]:49892 F= temporarily rejected RCPT : failed to expand ACL string "${lookup dnsdb{ptr=$sender_host_address}{0}{1}}": lookup of "ptr=192.69.94.231" gave DEFER:

/var/log/smtp/2013/02/smtp-2013-02-18.log.gz:2013:02:18-22:44:11 gatekeeper exim-in[16610]: 2013-02-18 22:44:11 H=(mta36.agedpr.com) [192.69.94.231]:43812 F= temporarily rejected RCPT : failed to expand ACL string "${lookup dnsdb{ptr=$sender_host_address}{0}{1}}": lookup of "ptr=192.69.94.231" gave DEFER:

/var/log/smtp/2013/02/smtp-2013-02-18.log.gz:2013:02:18-22:45:23 gatekeeper exim-in[16807]: 2013-02-18 22:45:23 H=(mta36.agedpr.com) [192.69.94.231]:57350 F= temporarily rejected RCPT : failed to expand ACL string "${lookup dnsdb{ptr=$sender_host_address}{0}{1}}": lookup of "ptr=192.69.94.231" gave DEFER:

/var/log/smtp/2013/02/smtp-2013-02-18.log.gz:2013:02:18-22:46:27 gatekeeper exim-in[17154]: 2013-02-18 22:46:27 H=(mta36.agedpr.com) [192.69.94.231]:39320 F= temporarily rejected RCPT : failed to expand ACL string "${lookup dnsdb{ptr=$sender_host_address}{0}{1}}": lookup of "ptr=192.69.94.231" gave DEFER:

/var/log/smtp/2013/02/smtp-2013-02-18.log.gz:2013:02:18-22:47:31 gatekeeper exim-in[17213]: 2013-02-18 22:47:31 H=(mta36.agedpr.com) [192.69.94.231]:55202 F= temporarily rejected RCPT : failed to expand ACL string "${lookup dnsdb{ptr=$sender_host_address}{0}{1}}": lookup of "ptr=192.69.94.231" gave DEFER:

/var/log/smtp/2013/02/smtp-2013-02-18.log.gz:2013:02:18-22:48:56 gatekeeper exim-in[17231]: 2013-02-18 22:48:56 H=(mta36.agedpr.com) [192.69.94.231]:32983 F= temporarily rejected RCPT : failed to expand ACL string "${lookup dnsdb{ptr=$sender_host_address}{0}{1}}": lookup of "ptr=192.69.94.231" gave DEFER:

/var/log/smtp/2013/02/smtp-2013-02-18.log.gz:2013:02:18-22:50:12 gatekeeper exim-in[17281]: 2013-02-18 22:50:12 H=(mta36.agedpr.com) [192.69.94.231]:45740 F= temporarily rejected RCPT : failed to expand ACL string "${lookup dnsdb{ptr=$sender_host_address}{0}{1}}": lookup of "ptr=192.69.94.231" gave DEFER:

/var/log/smtp/2013/02/smtp-2013-02-18.log.gz:2013:02:18-22:51:20 gatekeeper exim-in[17297]: 2013-02-18 22:51:20 H=(mta36.agedpr.com) [192.69.94.231]:55957 F= temporarily rejected RCPT : failed to expand ACL string "${lookup dnsdb{ptr=$sender_host_address}{0}{1}}": lookup of "ptr=192.69.94.231" gave DEFER:

/var/log/smtp/2013/02/smtp-2013-02-18.log.gz:2013:02:18-22:54:06 gatekeeper exim-in[17332]: 2013-02-18 22:54:06 H=(mta36.agedpr.com) [192.69.94.231]:60802 F= temporarily rejected RCPT : failed to expand ACL string "${lookup dnsdb{ptr=$sender_host_address}{0}{1}}": lookup of "ptr=192.69.94.231" gave DEFER:

/var/log/smtp/2013/02/smtp-2013-02-18.log.gz:2013:02:18-22:58:22 gatekeeper exim-in[17562]: 2013-02-18 22:58:22 H=(mta36.agedpr.com) [192.69.94.231]:60625 F= temporarily rejected RCPT : failed to expand ACL string "${lookup dnsdb{ptr=$sender_host_address}{0}{1}}": lookup of "ptr=192.69.94.231" gave DEFER:

Regards
Bill