I've just run into this same issue just now.
It was difficult to find the cause via google, so I’m summarizing the situation, my findings and a fix here, in the hope that it makes things easier:
A. When receiving mail, you will find headers with 'unknown' PTR lookups, e.g:
Received: from mail-pd0-f177.google.com (unknown [220.127.116.11])
by mx1.xxx.xxx.xxx (Postfix) with ESMTPS id BB3E3201395
for <firstname.lastname@example.org>; Sun, 10 Aug 2014 17:12:38 +0000 (UTC)
B. When messages are above the tag limit set for amavisd, you will see the RDNS_NONE raising scores on all incoming email, eg:
X-Spam-Status: No, score=xxx tagged_above=2 required=xxx
tests=[BAYES_50=0.8, HTML_MESSAGE=0.001, RDNS_NONE=0.793,
SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
The problem goes away when you disable chroot by:
Turning off the chroot by backing up and editing ‘/etc/postfix/master.cf’:
smtp inet n - - - - smtpd
smtp inet n - n - - smtpd
And then run ‘postfix reload’.
Symptoms A & B will no longer occur. But now chroot is disabled
Changes/test that can be made that will still produce the same results:
1. PTR lookups work, e.g. ‘host 18.104.22.168’ returns ‘mail-pd0-f177.google.com’ and vice-versa.
2. Using a compiled example that calls getaddrinfo() / getnameinfo() also returns valid PTRs.
3. Use a non-forwarding local nameserver such as dnscache from ndjbdns (and change /etc/resolv.conf & /var/spool/postfix/etc/resolv.conf to suit)
4. postconf will show the following are set correctly:
disable_dns_lookups = no
smtpd_peername_lookup = yes
A FIX (not necessarily the best one - YMMV):
Include the necessary libraries in the chroot jail (we use /lib64 here because this is a 64-bit system. You make need to use /lib)
chmod 555 /var/spool/postfix/lib64
cp -p /lib64/libnss* /var/spool/postfix/lib64/
cp -p /lib64/libresolv* /var/spool/postfix/lib64/
cp -p /etc/nsswitch.conf /var/spool/postfix/etc/
You will need to/should repeat this after you install any upgrade packages to ‘glibc’. If there is a cleaner way I should be doing this, please let me know :-)
Do a ‘postfix reload’ and you should have headers with lines more like this:
Received: from mail-pa0-f45.google.com (mail-pa0-f45.google.com [22.214.171.124])
by mx1.xxx.xxx.xxx (Postfix) with ESMTPS id 46852201732
for <email@example.com>; Sun, 10 Aug 2014 18:06:52 +0000 (UTC)
And RDNS_NONE should go away from amavisd tags unless there is an actual RDNS mismatch.
http://www.iredmail.org/forum/topic675- … -time.html
http://www.iredmail.org/forum/topic6085 … ution.html
http://www.iredmail.org/forum/topic5236 … verse.html
https://groups.google.com/forum/#!topic … SZcIw6GcJ0