Re: [exim] strange log entries: no IP address found for host…

Top Page
Delete this message
Reply to this message
Author: Bill
Date:  
To: Exim users list
Subject: Re: [exim] strange log entries: no IP address found for host smtp05.host.com (during SMTP connection from NULL)
On 12/29/05, Alan J. Flavell <a.flavell@???> wrote:
> Something is provoking your exim into attempting to look up
> the name smtp05.dc2.safesecureweb.com in the early stages of
> the transaction from IP 81.161.250.78.
>
> Could it be that these abusers are trying to present that domain in
> the HELO/EHLO, and your exim configuration causes it to be verified?
>

Thanks for the reply Alan. Good question. I can't tell where my
config would allow it to get this far, but I'm no exim pro either.
Maybe I'm missing something. I only modified the default config
enough to make it work in it's capacity as our SMTP gateway server,
only relaying mail for our domains. I used the exim doc/specs and
Phil Hazel's latest book to configure it. Should I post my config,
minus the comments?

> so the report seems to be correct; the specific puzzle is what's
> prompting exim to attempt the lookup.
>

That's exactly what I've been wondering.

As we can see in the log entries (in my previous post) immediately
following the "NULL" entry, it seems that this connection attempt from
81.161.250.78 goes thru 3 separate "phases", and is finally rejected
in the 3rd phase as an attempt to exploit an "open relay". So what
exactly did exim think the first two "phases" were?

I finally removed the troublesome smpt05 entry from my
"relay_from_hosts" list in my exim config. This has eliminated those
NULL entries in the log, but now I'm wondering what I'm not seeing.
:(

> good luck
>

Thanks!