CocoonTech.com and 67.225.233.115

[GraysonPeddie]

Entering 67.225.233.115 does not point to cocoontech.com, resulting in this from Postfix (/var/log/mail.log):

root@server1:~# cat /var/log/mail.log | grep 67.225.233.115
Aug 28 14:45:23 server1 postfix/smtpd[18447]: warning: hostname www.cocoontech.com does not resolve to address 67.225.233.115
Aug 28 14:45:23 server1 postfix/smtpd[18447]: connect from unknown[67.225.233.115]
Aug 28 14:45:23 server1 postfix/smtpd[18447]: NOQUEUE: reject: RCPT from unknown[67.225.233.115]: 554 5.7.1 Client host rejected: cannot find your hostname, [67.225.233.115]; from= to= proto=ESMTP helo=
Aug 28 14:45:23 server1 postfix/smtpd[18447]: disconnect from unknown[67.225.233.115]
Aug 28 14:48:43 server1 postfix/anvil[18449]: statistics: max connection rate 1/60s for (smtp:67.225.233.115) at Aug 28 14:45:23
Aug 28 14:48:43 server1 postfix/anvil[18449]: statistics: max connection count 1 for (smtp:67.225.233.115) at Aug 28 14:45:23
root@server1:~# nslookup 67.225.233.115
Server:         8.8.8.8
Address:        8.8.8.8#53

Non-authoritative answer:
115.233.225.67.in-addr.arpa     name = www.cocoontech.com.

Authoritative answers can be found from:

root@server1:~#

 

[sic0048]

If you "ping" cocoontech.com from a command prompt, it sends back this address: 141.101.126.107, but you cannot seem to use that address directly either as it sends back a DNS error (although you can ping that address and get a valid return).

 

[GraysonPeddie]

I tried to ping 67.225.233.115 but without a response they seem to be non-existent. Same thing with Chrome:

Oops! Google Chrome could not connect to 67.225.233.115

Suggestions:
Try reloading: 67.­225.­233.­115
Search on Google

It is important to make sure that the information is up to date. Otherwise, a properly-configured mail server can reject the mail if it fails a DNS lookup.

 

[tmbrown97]

It's not uncommon at all for a single IP to host multiple sites and distinguish which site to display via host headers. Also I believe Dan was using some caching/high availability services so people might get different IP's depending on where they are.

Mail servers do MX Lookups and reverse DNS on the server that sends email, not generally the web-server.

What's the actual problem?

 

[GraysonPeddie]

Well, the problem is this:


Aug 28 14:45:23 server1 postfix/smtpd[18447]: warning: hostname www.cocoontech.com does not resolve to address 67.225.233.115
Aug 28 14:45:23 server1 postfix/smtpd[18447]: connect from unknown[67.225.233.115]
Aug 28 14:45:23 server1 postfix/smtpd[18447]: NOQUEUE: reject: RCPT from unknown[67.225.233.115]: 554 5.7.1 Client host rejected: cannot find your hostname, [67.225.233.115]; from=<www-data[at]cocoontech.com> to=<admin[at]...> proto=ESMTP helo=<www.cocoontech.com>
Aug 28 14:45:23 server1 postfix/smtpd[18447]: disconnect from unknown[67.225.233.115]

Shouldn't cocoontech.com resolve to 141.101.126.107?

I am going to whitelist both www.cocoontech.com and cocoontech.com (even though in the first sticky forum www.cocoontech.com had been changed to cocoontech.com) in my Postfix server so that e-mails from cocoontech.com can go through.

Here's the subset of my Postfix configuration.

smtpd_sender_restrictions =
check_sender_access hash:/etc/postfix/sender_access,
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
permit
smtpd_delay_reject = yes
smtpd_helo_restrictions =
permit_mynetworks,
regexp:/etc/postfix/helo.regexp
reject_non_fqdn_hostname,
reject_invalid_hostname,
permit
smtpd_recipient_restrictions =
reject_unauth_pipelining,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
permit_mynetworks,
permit_sasl_authenticated,
check_sender_mx_access
cidr:/etc/postfix/reject_private_mx.cidr,
reject_unauth_destination,

check_client_access hash:/etc/postfix/rbl_override,
check_policy_service unix:private/policy-spf,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_invalid_hostname,
reject_rbl_client multi.uribl.com,
reject_rbl_client dsn.rfc-ignorant.org,
reject_rbl_client dul.dnsbl.sorbs.net,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client dnsbl.sorbs.net,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client ix.dnsbl.manitu.net,
reject_rbl_client combined.rbl.msrbl.net,
reject_rbl_client rabl.nuclearelephant.com,
permit
smtpd_client_restrictions =
permit_mynetworks,
reject_unknown_client,
reject_unknown_reverse_client_hostname,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl.spamhaus.org
smtpd_data_restrictions =
reject_unauth_pipelining

If I remove some of the checks, this will probably open up a hole for spammers but still get checked by SpamAssassin.

 

[tmbrown97]

Yeah - it does look like he has another server sending the emails that doesn't have proper reverse DNS set up. Should either correct the reverse DNS or have the web-site send emails via his main mail service (gmail). Very rarely have I seen this setup cause problems for personal mail; only overly anxious company mail servers which use stringent rules like this in lieu of good gateway protection.

That's not a shot against your setup... I'm just saying, I deal with customers and exchange servers of all sizes, and it's extremely rare that I come across a server that rejects on that basis alone; it's usually only the low-budget IT shops that turn that on. That said, it's still best practice to have your sending mail servers set up correctly anyways.

 

[GraysonPeddie]

I'm using http://www.zarafa.com/]Zarafa[/url] (http://community.zar.../]Collaboration Platform[/url]) as my Sherweb Hosted Exchange Server 2007 replacement. I've setup my own virtual private server myself. The learning curve is very steep for even an advanced Linux user like me, but once I got it all setup the way I want it, I'm very happy with my setup. It's nice knowing that I get the feeling of using a premium version of Outlook Web Access in Google Chrome or Firefox. Those with either Firefox or Chrome can go with only the lite version of OWA, aka the OWA Lite. No drag-and-drop, no viewing of MIME headers, no nothing. Just the basics. Well, once I went with Zarafa, I feel like I'm free from the clutches of Microsoft--well, almost, since I have Windows 7 and Office 2010 that's already paid for.

Update: Oh, one thing: I've informed the owner of BikeForums.net of a blacklisted IP address in the thread
bikeforums.net blacklisted by ix.dnsbl.manitu.net for spamming and were told that I had to whitelist bikeforums.net; which in my case, I had to override the blacklist (yep, that's /etc/postfix/rbl_override). I had no idea how bikeforums.net got blacklisted in the first place, but oh well.

Well, at least I'm doing my part and effort to help others for those with misconfigured servers, blacklisted IP addresses (unless they are spamming others for no reason), have them contact their ISP to get the reverse DNS updated for the particular IP address, and whatever I can do to help so that the legitimate e-mail messages do not get blocked by "host name not found" or "IP address blacklisted by 'insert blacklist URL here'."

 

[mustangcoupe]

Those with either Firefox or Chrome can go with only the lite version of OWA, aka the OWA Lite. No drag-and-drop, no viewing of MIME headers, no nothing. Just the basics.

I disagree with this statement, I use chrome and OWA (now called outlook web app in exchange 2010) and it works flawlessly. So I am assuming from you calling it Outlook Web Access you are talking about an earlier version, most likely 2003.


And a MXlookup of cocoontech.com shows who is hosting the mail, and they are a multi-server company with more then one address. I am assuming That there needs to be some dns settings changes, maybe a spf record created

 

[GraysonPeddie]

Have you tried using Outlook Web Access that's available in Exchange Server 2007?

I've tried to access Outlook Web Access that's part of Hosted Exchange 2007 and the premium version will only function with Internet Explorer.

Update: Here's one: http://helpdesk.yourofficeanywhere.co.uk/KB/a138/limited-functionality-outlook-web-access-exchange-2007.aspx

 

[wuench]

How well OWA works with Firefox and Chrome depends on the version of OWA you are using. Exchange 2010 OWA works fine for me on Firefox, no lite version needed. Older versions definitely had issues, but that is what ietab is for I actually prefer OWA to Outlook these days.... Outlook is (and always has been) a pig....

 

[GraysonPeddie]

Yeah, that's true. But IETab won't work in Linux.

 

[electron]

I am indeed using a caching/HA service, and the mail service is sitting on a different private machine. I'll have to look into this, since reverse DNS is set up, but it's not where the issue is. I have been dealing with some personal issues, but am hoping to catch up in the next few weeks.