Rossz Vamos-Wentworth Wrote
> > Rossz Vamos-Wentworth [8/15/2003 9:05 AM] :
> >
> > > My mail log has 482 entires like this since last week:
> > >
> > > Aug 8 10:04:08 vife exim: 2003-08-08 10:04:08 no IP
> address found
> > > for host link.dsl.xmission.com
> > >
> > > Checking xmission.com for a web page reveals antispam
> software, so I
> > > assume it's an attempt by a spammer to advertise his anti-spam
> > > software. I'd just block him at the firewall, but the
> error message
> > > doesn't include any ip number for the original connection. Is it
> > > possible to get the IP in the logged message? How?
> >
> > xmission.com is an ISP. A pretty clued one too.
> >
> > Where's that connection coming from? Can you grab and netstat it?
>
> I got lucky and was able to netstat them at the right moment
> (the hits come exactly every 20 minutes so I was able to
> narrow the time down faily well). The ip address is
> definitely xmission: 166.70.205.185. I'll email them and ask
> them to fix their mail server.
I'll Try this again...
166.70.205.185 resolves to link.dsl.xmission.com but there is no forward
dns for that hostname.
When I tried it with the new 4.21 version I basically ended up with:
550 Administrative prohibition
LOG: MAIN REJECT
H=(link.dsl.xmission.com) [166.70.205.185] F=<kreed@???> rejected
RCPT kreed@???: host lookup failed (166.70.205.185 does not match any
IP address for NULL)
Which is a bit confusing as it is the hostname that the IP resolves to that
doesn't have dns. Normally for me, it is the other way around, the IP
doesn't resolve.
It is quite possible that that IP is not supposed to be sending mail in the
first place. Their
Advertised mail server is mx.xmission.com and ns2.xmission.com.
Other IP's in the range of the first, look similar like perhaps a DSL
pool...
Name: neo.dsl.xmission.com
Address: 166.70.205.187
Name: morphous.dsl.xmission.com
Address: 166.70.205.188
Name: trinity.dsl.xmission.com
Address: 166.70.205.189
