[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Savannah-hackers-public] Suspicious ‘451-You dont seem to have a r

From: Bob Proulx
Subject: Re: [Savannah-hackers-public] Suspicious ‘451-You dont seem to have a reverse dns entry.’
Date: Sat, 20 Nov 2021 15:35:57 -0700

I removed sysadmin from the recipient list so that each of these would
not create an additional ticket in their system.

Tobias Geerinckx-Rice wrote:
> I noticed the following response in my mail logs:

That word wrapped.  Let me reconstruct it for readability.

    Nov 20 14:25:26 localhost smtpd[602]: 8be5d3679f9641dc mta delivery 
evpid=b7cb816f882ca1b8 from=<> to=<> rcpt=<-> 
source="" relay=" (" delay=3s 
result="Ok" stat="250 OK id=1moRJ1-0007Au-9p"

That message went to debbugs.  That does not happen to be a Savannah
system.  For debbugs help please write to where
the sysadmins for debbugs hang out.  But the above shows that the mail
was delivered okay.  It's happy.  The mail went through.  I think it
is this one in the logs.

But note that the IP address used for debbugs was and
the below was 2a02:c205:2020:6054::1 which is a big difference.  For
debbugs this is because it only advertises an IPv4 address.

    Nov 20 14:25:28 localhost smtpd[602]: 8be5d368064aaaa7 mta delivery 
evpid=b7cb816fe63e0547 from=<> to=<> rcpt=<-> 
source="[2a02:c205:2020:6054::1]" relay="[2001:470:142:3::10] (" 
delay=5s result="TempFail" stat="451-You dont seem to have a reverse dns entry. 
Come back later. You aregreylisted for 20 minutes. See more information."

That message went to eggs the inbound MX relay for email.
That does not happen to be a Savannah system.  You wrote to sysadmin
in your message and they are the correct admins to look at that
problem.  They are the only ones who can.

    Nov 20 15:25:30 localhost dovecot: imap-login: Disconnected: Connection 
closed (no auth attempts in 0 secs): user=<>, 
rip=2a01:4f8:251:53df:0:242:ac11:e, lip=2a02:c205:2020:6054::1:993, TLSv1.3 
with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
    Nov 20 15:25:31 localhost last message repeated 2 times

Two unrelated messages of a seemingly normal nature.

> I might be missing an obvious, but that claim looks bogus from here:

I think you are referring to the "451-You dont seem to have a reverse
dns entry. Come back later. You aregreylisted for 20 minutes. See more information."
part.  That "aregreylisted" smash together seems like something bad
happened assembling the report.

It does look like something on eggs failed to resolve
2a02:c205:2020:6054::1 because I can resolve it here.  Looks okay.
And the forward-reverse loop through there to and back to
the address looks okay.  Personally I prefer to see real hostnames
there rather than the domain name but either are acceptable.

No idea here of course and the only ones that can look into the
problem are sysadmin.

> IPv4 seems equally in order, although the log mentions only IPv6.

The OS prefers IPv6 first and IPv4 second.  Which means that if an
IPv6 address is published and then if an IPv6 connection can be made
then that is what is done.  If either of those two things fail then
IPv4 is tried second.  This is configurable on a system by system
basis but IPv6 is the future and the future is now.

> I'd love to get rid of this >= 20-minute delay.  Please let me know if
> there's anything more I can do!

Since it is reported as being greylisted this should have been a
single one time delay for the greylist and then all subsequent
interactions would remember your address and avoid the delay.  If it
were me I would need to produce two log entries showing that different
messages more than 20 minutes apart with the same IP address were both
greylisted in order to show that the greylisting was not operating

Good luck!

Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]