Loading ...
Sorry, an error occurred while loading the content.
 

How to read log entry to understand what is happening

Expand Messages
  • Joey
    I have these 2 reject messages from maillog, no I am very happy they were blocked because they are spam, however I wanted to understand what part of this made
    Message 1 of 4 , Jul 6, 2007

      I have these 2 reject messages from maillog, no I am very happy they were blocked because they are spam, however I wanted to understand what part of this made it get rejected FQDN?

       

      Thanks!

      ------------------------------------------------------------------------------------------------------------------------ TM: 36

      16 Jul  6 15:51:46 houston postfix/smtpd[23430]: NOQUEUE: reject: RCPT from pool-71-107-96-148.lsanca.dsl-w.verizon.net[71.107.96.148]: 504 <jxsocblw>: Helo command rejected: need fully-qualified hostname; from=<brn4nmhe@...> to=<bruxo@...> proto=SMTP helo=<jxsocblw>

       

       

      ------------------------------------------------------------------------------------------------------------------------ TM: 37

      17 Jul  6 15:51:47 houston postfix/smtpd[23430]: NOQUEUE: reject: RCPT from pool-71-107-96-148.lsanca.dsl-w.verizon.net[71.107.96.148]: 504 <jxsocblw>: Helo command rejected: need fully-qualified hostname; from=<brn4nmhe@...> to=<bsalim@...> proto=SMTP helo=<jxsocblw>

       

       

    • MrC
      ... helo= jxsocblw is not a fully qualified host name.
      Message 2 of 4 , Jul 6, 2007
        Joey wrote:
        > I have these 2 reject messages from maillog, no I am very happy they
        > were blocked because they are spam, however I wanted to understand what
        > part of this made it get rejected FQDN?
        >
        > Thanks!
        >
        > ------------------------------------------------------------------------------------------------------------------------
        > TM: 36
        >
        > 16 Jul 6 15:51:46 houston postfix/smtpd[23430]: NOQUEUE: reject: RCPT
        > from pool-71-107-96-148.lsanca.dsl-w.verizon.net[71.107.96.148]: 504
        > <jxsocblw>: Helo command rejected: need fully-qualified hostname;
        > from=<brn4nmhe@...> to=<bruxo@...>
        > proto=SMTP helo=<jxsocblw>
        >
        >

        helo=<jxsocblw>

        jxsocblw is not a fully qualified host name.

        >
        >
        >
        > ------------------------------------------------------------------------------------------------------------------------
        > TM: 37
        >
        > 17 Jul 6 15:51:47 houston postfix/smtpd[23430]: NOQUEUE: reject: RCPT
        > from pool-71-107-96-148.lsanca.dsl-w.verizon.net[71.107.96.148]: 504
        > <jxsocblw>: Helo command rejected: need fully-qualified hostname;
        > from=<brn4nmhe@...> to=<bsalim@...>
        > proto=SMTP helo=<jxsocblw>
        >
      • Noel Jones
        ... These were rejected with the reject_non_fqdn_helo_hostname restriction http://www.postfix.org/postconf.5.html#reject_non_fqdn_helo_hostname The relevant
        Message 3 of 4 , Jul 6, 2007
          At 05:07 PM 7/6/2007, Joey wrote:
          >I have these 2 reject messages from maillog, no I am very happy they
          >were blocked because they are spam, however I wanted to understand
          >what part of this made it get rejected FQDN?
          >
          >Thanks!
          >------------------------------------------------------------------------------------------------------------------------
          >TM: 36
          >16 Jul 6 15:51:46 houston postfix/smtpd[23430]: NOQUEUE: reject:
          >RCPT from
          >pool-71-107-96-148.lsanca.dsl-w.verizon.net[71.107.96.148]: 504
          ><jxsocblw>: Helo command rejected: need fully-qualified hostname;
          >from=<brn4nmhe@...> to=<bruxo@...>
          >proto=SMTP helo=<jxsocblw>
          >
          >
          >------------------------------------------------------------------------------------------------------------------------
          >TM: 37
          >17 Jul 6 15:51:47 houston postfix/smtpd[23430]: NOQUEUE: reject:
          >RCPT from
          >pool-71-107-96-148.lsanca.dsl-w.verizon.net[71.107.96.148]: 504
          ><jxsocblw>: Helo command rejected: need fully-qualified hostname;
          >from=<brn4nmhe@...> to=<bsalim@...>
          >proto=SMTP helo=<jxsocblw>
          >

          These were rejected with the "reject_non_fqdn_helo_hostname" restriction
          http://www.postfix.org/postconf.5.html#reject_non_fqdn_helo_hostname

          The relevant text above "Helo command rejected" tells us *what* was
          rejected, and "need fully-qualified hostname" tells us why. Later in
          the entry we see "helo=<jxsocblw>" which is the HELO command the
          client issued that was unacceptable.

          --
          Noel Jones
        • mouss
          ... The client helo ed with jxsocblmw , which contains no dot. thus the reject_non_fqnd_hostname. fqdn in dns is similar to an absolute path in unix.
          Message 4 of 4 , Jul 6, 2007
            Joey wrote:
            > I have these 2 reject messages from maillog, no I am very happy they were
            > blocked because they are spam, however I wanted to understand what part of
            > this made it get rejected FQDN?
            >
            >
            >
            > Thanks!
            >
            > ----------------------------------------------------------------------------
            > -------------------------------------------- TM: 36
            >
            > 16 Jul 6 15:51:46 houston postfix/smtpd[23430]: NOQUEUE: reject: RCPT from
            > pool-71-107-96-148.lsanca.dsl-w.verizon.net[71.107.96.148]: 504 <jxsocblw>:
            > Helo command rejected: need fully-qualified hostname;
            > from=<brn4nmhe@...> to=<bruxo@...> proto=SMTP
            > helo=<jxsocblw>
            >
            >
            >

            The client helo'ed with "jxsocblmw", which contains no dot. thus the
            reject_non_fqnd_hostname.

            fqdn in dns is similar to an absolute path in unix. foo.example.com is
            like /com/example.foo while foo alone is like foo. more precisely, a
            domain is fdqn if it contains the full path until a top level domain
            (tld). so foo.bar is not fqdn, because bar is not a tld. however,
            reject_non_fqdn_hostname will not check the latter, because that would
            mean looking up somewhere else (dns, ...) whether bar is a tld (new
            tld's get added once in a while). while strictly speaking a dot is not
            necessary, many large companies append their own domains when there is
            no dot (so if they see mail coming from "ws", they don't consider it
            coming from the ws tld, but from a machine called "ws").
          Your message has been successfully submitted and would be delivered to recipients shortly.