Kevin Reed [8/15/2003 10:58 AM] :
>>I got lucky and was able to netstat them at the right moment
>>(the hits come exactly every 20 minutes so I was able to
>>narrow the time down faily well). The ip address is
>>definitely xmission: 166.70.205.185. I'll email them and ask
>>them to fix their mail server.
that's not one of their listed mxs - as kevin says it has a reverse but
no forward dns.
and ...
frodo# sendmail -d -bt root@???
Exim version 4.21 uid=0 gid=0 pid=86772 D=fbb95cfd
Probably Berkeley DB version 1.8x (native mode)
Support for: iconv() IPv6 PAM Perl OpenSSL
Authenticators: cram_md5 plaintext spa
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
changed uid/gid: forcing real = effective
uid=0 gid=0 pid=86772
auxiliary group list: 0
configuration file is /usr/local/etc/exim/configure
log selector = 0fbfffff
trusted user
admin user
finduser used cached passwd data for mailnull
finduser used cached passwd data for mailnull
originator: uid=0 gid=0 login=root name=Charlie Root
sender address = root@???
Address testing: uid=0 gid=6 euid=0 egid=6
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Testing root@???
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Considering root@???
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
routing root@???
--------> dnslookup router <--------
local_part=root domain=link.dsl.xmission.com
checking domains
search_open: lsearch "/usr/local/etc/exim/local_domains"
search_find: file="/usr/local/etc/exim/local_domains"
key="link.dsl.xmission.com" partial=-1 affix=NULL starflags=0
LRU list:
8/usr/local/etc/exim/local_domains
End
internal_search_find: file="/usr/local/etc/exim/local_domains"
type=lsearch key="link.dsl.xmission.com"
file lookup required for link.dsl.xmission.com
in /usr/local/etc/exim/local_domains
lookup failed
link.dsl.xmission.com in "lsearch;/usr/local/etc/exim/local_domains"? no
(end of list)
link.dsl.xmission.com in "! +local_domains"? yes (end of list)
calling dnslookup router
dnslookup router called for root@???
domain = link.dsl.xmission.com
DNS lookup of link.dsl.xmission.com (MX) gave HOST_NOT_FOUND
returning DNS_NOMATCH
dnslookup router declined for root@???
"more" is false: skipping remaining routers
no more routers
root@??? is undeliverable:
Unrouteable address
search_tidyup called
>>>>>>>>>>>>>>>> Exim pid=86772 terminating with rc=2 >>>>>>>>>>>>>>>>
frodo# dig link.dsl.xmission.com
; <<>> DiG 8.3 <<>> link.dsl.xmission.com
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 2
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;; link.dsl.xmission.com, type = A, class = IN
;; Total query time: 1 msec
;; FROM: frodo.hserus.net to SERVER: default -- 127.0.0.1
;; WHEN: Fri Aug 15 11:10:15 2003
;; MSG SIZE sent: 39 rcvd: 39
> Other IP's in the range of the first, look similar like perhaps a DSL
> pool...
>
> Name: neo.dsl.xmission.com
> Address: 166.70.205.187
>
> Name: morphous.dsl.xmission.com
> Address: 166.70.205.188
>
> Name: trinity.dsl.xmission.com
> Address: 166.70.205.189
but with the Matrix theme they are likely part of a /29 or something
similar a xmission dsl user has got for his home network.
