From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-lf1-x132.google.com (mail-lf1-x132.google.com [IPv6:2a00:1450:4864:20::132]) by sourceware.org (Postfix) with ESMTPS id 005503851C29 for ; Fri, 19 Mar 2021 21:58:04 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 005503851C29 Received: by mail-lf1-x132.google.com with SMTP id 75so12199959lfa.2 for ; Fri, 19 Mar 2021 14:58:04 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=XlvIxYiXSbPCwc3lwxj9wOpu0n7X1vb7hWRUX0YvxLo=; b=bxhN8NfDmk5Wgla1O9O6m70iD1rFZWsxanw9pAt/B49lVein1rNlCo9cWBZHs2N3t7 c1aSQHv4243D8QN4kaufuqof93ndBd4+nxzYv/XnCuInzpV/hwNbBTZr/FsBOHpf5vCK 7HYCrM+9RWT5HF2rbDNDcxOOQlRCfLSd8o9exV1wG0YPjrCXWE8nc8DpgoxEWHhrldar OuR39WYISwHcos+G7zOeY0ipdQ7NB02Qlk2K/1ALOQqfM0MRMNxpIYbwx1iKnBYvftvE Gi5KLb5FgVQS33Vy6h+MFCEbQkjeufacnTD/+fTppy+wLjKLPb45dXtF7eD4exGvccZ8 qNmg== X-Gm-Message-State: AOAM530vRODpIq4bC/OAN+4VPlKw9rtA9xV0xWAH0WOqAkfpgOGz9rWr lCstY9jfUd6uDiuElw5eXx1t5k5bc4+sE0/p0NJxY5vlBnQ= X-Google-Smtp-Source: ABdhPJxLctrp/7eM44SVNYOoLFgoXBHfgJCBU8puf/6SV2of3swZ8mZJacBuwAcOotPfdwCUSTujPKHz4V1zg+qIMCw= X-Received: by 2002:a19:224d:: with SMTP id i74mr2024172lfi.224.1616191078868; Fri, 19 Mar 2021 14:57:58 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: lkcl Date: Fri, 19 Mar 2021 21:57:47 +0000 Message-ID: Subject: Re: [Frank Ch. Eigler] Re: friend reports blocked IP address To: Alexandre Oliva , fche@redhat.org, overseers@sourceware.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-2.2 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: overseers@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Overseers mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Mar 2021 21:58:06 -0000 the setup of sourceware.org has been triggering exim4 to put warnings such as the following into /var/log/exim4/mainlog: 2021-03-19 20:01:35 no IP address found for host ip-8-43-85-97.sourceware.org (during SMTP connection from [8.43.85.97]) i have fail2ban set up to monitor for such "no IP address" messages, and enough of those will trigger a full-on recidive ban for at least 2 weeks. this is what you hit, Frank, so apologies, the tests you did would have been invalid (expected behaviour). i've since whitelisted 8.43.85.97 (as of 3 hours ago) so any further tests you do should succeed to 217.147.94.29 the outgoing connection from postfix running on sourceware.org appears to be reporting its hostname as "ip-8-43-85-97.sourceware.org". this is a hostname that doesn't exist. where exim4, as the recipient incoming connection, is getting that host name from, i couldn't tell you. i don't know if it's making that up (unlikely), or if it's part of the HELO from postfix (plausible), or other. l. On Fri, Mar 19, 2021 at 7:31 PM Alexandre Oliva wrote: > > FYI (thx) > > > > ---------- Forwarded message ---------- > From: "Frank Ch. Eigler" > To: Overseers mailing list > Cc: Alexandre Oliva > Bcc: > Date: Fri, 19 Mar 2021 11:26:13 -0400 > Subject: Re: friend reports blocked IP address > Hi - > In the postfix logs, I see numerous errors like: > > Mar 19 15:22:05 server2 postfix/smtp[3889716]: connect to smtp.lkcl.net[2002:2eeb:e34d::1]:25: Connection timed out > Mar 19 15:22:35 server2 postfix/smtp[3889716]: connect to smtp.lkcl.net[217.147.94.29]:25: Connection timed out > Mar 19 15:23:05 server2 postfix/smtp[3889716]: connect to smtp2.lkcl.net[217.147.94.29]:25: Connection timed out > Mar 19 15:23:05 server2 postfix/smtp[3889716]: 7F05B3857C60: to=, relay=none, delay=357781, delays=357691/0/90/0, dsn=4.4.1, status=deferred (connect to smtp2.lkcl.net[217.147.94.29]:25: Connection timed out) > > and a local outgoing telnet confirms inability to reach that host on > port 25, but I don't think it's anything we're doing. > > > - FChE