Re: [Savannah-hackers-public] Suspicious ‘451-You dont seem to have a reverse dns entry.’

[Bob Proulx]

I removed sysadmin from the recipient list so that each of these would
not create an additional ticket in their system.

Tobias Geerinckx-Rice wrote:
> I noticed the following response in my mail logs:

That word wrapped.  Let me reconstruct it for readability.

    Nov 20 14:25:26 localhost smtpd[602]: 8be5d3679f9641dc mta delivery 
evpid=b7cb816f882ca1b8 from=<me@tobias.gr> to=<51512@debbugs.gnu.org> rcpt=<-> 
source="80.241.217.52" relay="209.51.188.43 (debbugs.gnu.org)" delay=3s 
result="Ok" stat="250 OK id=1moRJ1-0007Au-9p"

That message went to debbugs.  That does not happen to be a Savannah
system.  For debbugs help please write to help-debbugs@gnu.org where
the sysadmins for debbugs hang out.  But the above shows that the mail
was delivered okay.  It's happy.  The mail went through.  I think it
is this one in the logs.

    https://debbugs.gnu.org/cgi/bugreport.cgi?bug=51512#20

But note that the IP address used for debbugs was 80.241.217.52 and
the below was 2a02:c205:2020:6054::1 which is a big difference.  For
debbugs this is because it only advertises an IPv4 address.

    Nov 20 14:25:28 localhost smtpd[602]: 8be5d368064aaaa7 mta delivery 
evpid=b7cb816fe63e0547 from=<me@tobias.gr> to=<guix-patches@gnu.org> rcpt=<-> 
source="[2a02:c205:2020:6054::1]" relay="[2001:470:142:3::10] (eggs.gnu.org)" 
delay=5s result="TempFail" stat="451-You dont seem to have a reverse dns entry. 
Come back later. You aregreylisted for 20 minutes. See 
http://www.fsf.org/about/systems/greylistingfor more information."

That message went to eggs the inbound MX relay for @gnu.org email.
That does not happen to be a Savannah system.  You wrote to sysadmin
in your message and they are the correct admins to look at that
problem.  They are the only ones who can.

    Nov 20 15:25:30 localhost dovecot: imap-login: Disconnected: Connection 
closed (no auth attempts in 0 secs): user=<>, 
rip=2a01:4f8:251:53df:0:242:ac11:e, lip=2a02:c205:2020:6054::1:993, TLSv1.3 
with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
    Nov 20 15:25:31 localhost last message repeated 2 times

Two unrelated messages of a seemingly normal nature.

> I might be missing an obvious, but that claim looks bogus from here:

I think you are referring to the "451-You dont seem to have a reverse
dns entry. Come back later. You aregreylisted for 20 minutes. See
http://www.fsf.org/about/systems/greylistingfor more information."
part.  That "aregreylisted" smash together seems like something bad
happened assembling the report.

It does look like something on eggs failed to resolve
2a02:c205:2020:6054::1 because I can resolve it here.  Looks okay.
And the forward-reverse loop through there to tobias.gr and back to
the address looks okay.  Personally I prefer to see real hostnames
there rather than the domain name but either are acceptable.

No idea here of course and the only ones that can look into the
problem are sysadmin.

> IPv4 seems equally in order, although the log mentions only IPv6.

The OS prefers IPv6 first and IPv4 second.  Which means that if an
IPv6 address is published and then if an IPv6 connection can be made
then that is what is done.  If either of those two things fail then
IPv4 is tried second.  This is configurable on a system by system
basis but IPv6 is the future and the future is now.

> I'd love to get rid of this >= 20-minute delay.  Please let me know if
> there's anything more I can do!

Since it is reported as being greylisted this should have been a
single one time delay for the greylist and then all subsequent
interactions would remember your address and avoid the delay.  If it
were me I would need to produce two log entries showing that different
messages more than 20 minutes apart with the same IP address were both
greylisted in order to show that the greylisting was not operating
correctly.

Good luck!
Bob

signature.asc
Description: PGP signature