[exim] strange log entries: no IP address found for host smt…

Top Page
Delete this message
Reply to this message
Author: Bill
Date:  
To: exim-users
Subject: [exim] strange log entries: no IP address found for host smtp05.host.com (during SMTP connection from NULL)
Hi all,
I recently had to add 8 internet SMTP servers (smtp01.host.com -
smtp08.host.com) to my "relay_from_hosts" list in my exim config in
order to accommodate email from our hosted web servers. Ever since
then, I've been getting numerous errors in the exim_mainlog file --
more than 30,000/day (out of a total of ~220,000 entries/day) -- from
one of these hosts (smtp05.host.com).

Here's what one of these entries looks like:
2005-12-21 03:52:02 no IP address found for host smtp05.host.com
(during SMTP connection from NULL)

But I'm even more puzzled by this:
The log occasionally contains the same error with a different twist:

2005-12-22 07:14:02 no IP address found for host smtp05.host.com
(during SMTP connection from
(pc-200-74-52-7.megavia.pc.metropolis-inter.com) [200.74.52.7])
2005-12-22 07:17:52 no IP address found for host smtp05.host.com
(during SMTP connection from (ourdomain.com) [24.63.139.240])
2005-12-22 07:17:52 no IP address found for host smtp05.host.com
(during SMTP connection from (ourdomain.com) [24.63.139.240])
2005-12-22 07:17:53 no IP address found for host smtp05.host.com
(during SMTP connection from (ourdomain.com) [24.63.139.240])
2005-12-22 07:24:19 no IP address found for host smtp05.host.com
(during SMTP connection from (a-iqtw7xc0af1mj) [222.35.79.177])
2005-12-22 07:31:03 no IP address found for host
smtp05.dc2.safesecureweb.com (during SMTP connection from
(ctx.ourdomain.com) [192.168.2.204])


These "abnormal" entries occur less ~300 times per day, but often have
various IP addresses and "hostnames". The most common IP
(24.63.139.240) from today's log resolves to what appears to be a
DHCP-assigned address:

;; ANSWER SECTION:
240.139.63.24.in-addr.arpa. 1D IN PTR c-24-63-139-240.hsd1.nh.comcast.net.


What does all this mean? I'm concerned that we've opened a hole that
we shouldn't have.
Any help/info would be appreciated.

Here's my exim version info (running on Solaris 9):
$ exim -bV
Exim version 4.30 #6 built 08-Feb-2004 22:32:43
Copyright (c) University of Cambridge 2003
Probably ndbm
Support for: iconv()
Lookups: lsearch wildlsearch nwildlsearch dbm dmbnz
Authenticators:
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile autoreply pipe smtp
Fixed never_users: 0
Configuration file is /opt/exim/etc/configure

Regards,
Bill