From owner-freebsd-current@freebsd.org  Thu Feb 27 15:57:07 2020
Return-Path: <owner-freebsd-current@freebsd.org>
Delivered-To: freebsd-current@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 96975245CF1
 for <freebsd-current@mailman.nyi.freebsd.org>;
 Thu, 27 Feb 2020 15:57:07 +0000 (UTC)
 (envelope-from herbert@gojira.at)
Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3])
 by mx1.freebsd.org (Postfix) with ESMTP id 48Sy3Q64g9z4hhN
 for <freebsd-current@freebsd.org>; Thu, 27 Feb 2020 15:57:06 +0000 (UTC)
 (envelope-from herbert@gojira.at)
Received: by mailman.nyi.freebsd.org (Postfix)
 id D07D6245CF0; Thu, 27 Feb 2020 15:57:06 +0000 (UTC)
Delivered-To: current@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id D048A245CEF
 for <current@mailman.nyi.freebsd.org>; Thu, 27 Feb 2020 15:57:06 +0000 (UTC)
 (envelope-from herbert@gojira.at)
Received: from mail.bsd4all.net (mail.bsd4all.net [IPv6:2a01:4f8:13b:240c::25])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mail.bsd4all.net",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 48Sy3P4SWxz4hfJ
 for <current@freebsd.org>; Thu, 27 Feb 2020 15:57:05 +0000 (UTC)
 (envelope-from herbert@gojira.at)
Date: Thu, 27 Feb 2020 16:56:55 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=gojira.at;
 s=mail201809; t=1582819015;
 bh=yNVNThDrsiyee41iAH2N/JezZ/F2+SP7lsuuzegDcBY=;
 h=Date:From:To:Subject:Message-ID:MIME-Version:Content-Type;
 b=KHGfwHtd10yhYENARKZ1oF7VnKL4wSVavRcR4QfoK6q9HAhLyeAUa120pJ3lzmEDZ
 bslrkiOKsQ+FVKp9zVJHx6uYDDsbW96ww0qzY34NF2g7/0U/pVlAKN8UU3N88duaCt
 k1ztzYcV+gG1EsMjkdrWF1cgsyjxEP6/aaB9qT8HfDNp+CvsxHf6Tg/GVMMUKB2YEH
 8rltXjS0IjdMY1s1TVKltq3PA1PfEfbYYuBNL6A+cu9GumBrIH9Eh5Xe7t6AMUT4wg
 BjyWCvXttpQvCL129Bh/Fz7+C6ebe+S9QO4Mv7yc2N84+MAopFA8LSgqXo68Ok8Djf
 mbFEW7HREk7rQ==
From: "Herbert J. Skuhra" <herbert@gojira.at>
To: current@freebsd.org
Subject: Re: lame reverse DNS?
Message-ID: <20200227155655.GA1730@mail.bsd4all.net>
References: <db42c2a5-f42e-ee4a-5cf8-0136e0867105@protected-networks.net>
 <8736axm50b.wl-herbert@gojira.at>
 <20200227093159.GS37073@home.opsec.eu>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20200227093159.GS37073@home.opsec.eu>
X-Rspamd-Queue-Id: 48Sy3P4SWxz4hfJ
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=gojira.at header.s=mail201809 header.b=KHGfwHtd;
 dmarc=none;
 spf=pass (mx1.freebsd.org: domain of herbert@gojira.at designates
 2a01:4f8:13b:240c::25 as permitted sender) smtp.mailfrom=herbert@gojira.at
X-Spamd-Result: default: False [-2.32 / 15.00]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0];
 R_DKIM_ALLOW(-0.20)[gojira.at:s=mail201809];
 FROM_HAS_DN(0.00)[];
 R_SPF_ALLOW(-0.20)[+ip6:2a01:4f8:13b:240c::25];
 TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain];
 TO_DN_NONE(0.00)[]; DMARC_NA(0.00)[gojira.at];
 RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0];
 DKIM_TRACE(0.00)[gojira.at:+]; RCVD_COUNT_ZERO(0.00)[0];
 FROM_EQ_ENVFROM(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[];
 MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:24940, ipnet:2a01:4f8::/29, country:DE];
 IP_SCORE(-0.82)[ipnet: 2a01:4f8::/29(-2.54), asn: 24940(-1.55),
 country: DE(-0.02)]
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Feb 2020 15:57:07 -0000

On Thu, Feb 27, 2020 at 10:31:59AM +0100, Kurt Jaeger wrote:
> Hi!
> 
> > The problem has been resolved but I still sometimes see "connect from
> > unknown[2610:1c1:1:606c::19:2]" in the maillog (today: 6 of 131
> > connections). Local unbound issue?
> 
> That IPv6 has a valid reverse DNS record, so please try to investigate.

Yes, I know. Otherwise it would fail permanently.

- Postfix sends two standard queries (PTR) to local unbound within 5
seconds (05:51:23 and 05:51:28)
- Unbound sends multiple queries to 2610:1c0::1104 and 2610:1c0::1204
without receiving a reply (05:51:23 - 05:51:41)
- Unbound replies twice with Server failure (05:51:53)

I have this issue only with [2610:1c1:1:606c::19:2]:

# grep " connect from unknown" /var/log/maillog
Feb 27 03:37:53 mail postfix/smtpd[93921]: connect from unknown[2610:1c1:1:606c::19:2]
Feb 27 08:40:27 mail postfix/smtpd[33354]: connect from unknown[2610:1c1:1:606c::19:2]
Feb 27 09:43:39 mail postfix/smtpd[41982]: connect from unknown[2610:1c1:1:606c::19:2]
Feb 27 10:53:38 mail postfix/smtpd[4960]: connect from unknown[2610:1c1:1:606c::19:2]
Feb 27 15:30:28 mail postfix/smtpd[87816]: connect from unknown[2610:1c1:1:606c::19:2]
Feb 27 15:50:30 mail postfix/smtpd[98816]: connect from unknown[2610:1c1:1:606c::19:2]

I've already set cache-min-ttl to 3600. FreeBSD.org uses ttl=60. Why?
I'll try to set do-ip6=no. Meanwhile I've whitelisted the IPv6 address
in postfix. 

-- 
Herbert