Email Error: 450 Client host rejected

A couple of our clients sometimes have issues when sending email, with a returned non-delivery report stating the following:

Peer server rejected email:

450 Client host rejected: ‘cannot find your hostname’

It turns out this is a very strict check (usually performed by postfix), that is controlled via the directive reject_unknown_client_hostname in the postfix configuration. The documentation for the directuve can be found here:

http://www.postfix.org/postconf.5.html#reject_unknown_client_hostname

As per the link above, the 450 error is returned when:

1) the client IP address to name mapping fails

-or-

2) the name to address mapping fails

-or-

3) the name to address mapping does not match the client IP address. 

 

the solutions to each of the issues above are all related to the DNS infrastructure:

1) Ensure you have the correct PTR (reverse record) that returns a valid hostname for your outgoing email server’s IP address. Example:

host 78.133.115.83
83.115.133.78.in-addr.arpa domain name pointer compunet.com.mt.

2) Ensure that the hostname returned in the SMTP greeting and that returned in step (1) both resolve back to the correct IP address. Example:

host compunet.com.mt
compunet.com.mt has address 78.133.115.83

3) Ensure that your public IP for the email server matches that returned in (2)

About these ads

Nugget Post : Excellent article re web security

Even though the article focuses on ruby, it is an excellent all round security article that highlights web application vulnerabilities and countermeasures. All in all, every developer and pentester should read, regardless of the language they develop in:

http://guides.rubyonrails.org/security.html