[PLUG] Sendmail and DNS checks
Keith Nasman
keith at ahapala.net
Wed Mar 17 15:31:02 UTC 2004
On Wed, Mar 17, 2004 at 03:10:02PM -0800, Paul Heinlein wrote:
> On Wed, 17 Mar 2004, Keith Nasman wrote:
>
> > > > Mar 17 12:06:22 server sendmail[19557]: i2HK6LfR019557:
> > > > ruleset=check_rcpt, arg1=,
> > > > relay=gw.domain.com.zzz.yyy.xxx.www.in-addr.arpa [www.xxx.yyy.zzz]
> > > > (may be forged), reject=550 5.7.1 ... Relaying denied. IP name
> > > > possibly forged [www.xxx.yyy.zzz]
> > >
> > > This looks like DNS isn't setup properly for your LAN. How do you
> > > manage name lookups internally (e.g., /etc/hosts, DNS)?
> > >
> >
> > The server is running bind, so the server itself is the DNS
> > server. LAN clients are resolving Internet sites itself. [....]
> >
> > From the server and externally I can dig gw.domain.com,
> > mail.domain.com, and domain.com and they all point back to the
> > correct public IP address.
>
> What does dig or host turn up when you feed it the IP address you
> masked out in your original message ("www.xxx.yyy.zzz")?
>
> Also, I'm a bit suspicious of the name sendmail gets for the relay:
>
> relay=gw.domain.com.zzz.yyy.xxx.www.in-addr.arpa
>
> That's just bizarre. I grepped through some sendmail logs for similar
> error messages, and never once found sendmail reporting a hostname
> ending in in-addr.arpa (the reverse-pointer faux domain).
>
when I run host www.xxx.yyy.zzz on the server I get:
zzz.yyy.xxx.www.in-addr.arpa domain name pointer gw.domain.com.zzz.yyy.xxx.www.in-addr.arpa.
and on another machine I get:
zzz.yyy.xxx.www.in-addr.arpa domain name pointer name.dsl.pdx.spiretech.com.
(spiretech is the ISP)
also, if I telnet to port 25 it shows:
Connected to name.dsl.pdx.spiretech.com.
I would think it would report the real domain name.
thanks,
Keith
More information about the PLUG
mailing list