>
> hi,
> i found the following log entry:
>
> Nov 10 02:05:01 gnom5 sendmail[3913]: lAA14tZ9003913:
> from=<Sdunaycef (at mark) myfirstmail.com>, size=27676, class=0, nrcpts=1,
> msgid=<2B34FADC.336B0E30 (at mark) myfirstmail.com>, proto=SMTP, daemon=MTA,
> relay=localhost [222.255.31.214] (may be forged)
> Nov 10 02:05:17 gnom5 sendmail[4450]: lAA14tZ9003913:
> to=wburmester (at mark) textile-pressing.de, delay=00:00:19, xdelay=00:00:00,
> mailer=esmtp, pri=58770, relay=mail.textile-pressing.de.
> [85.182.255.114], dsn=5.7.1, stat=User unknown
>
> none of them is my ip or domain ... but 222.255.31.21 resolves to
> localhost ...
>
> ;; ANSWER SECTION:
> 214.31.255.222.in-addr.arpa. 78975 IN PTR localhost.
>
> is this the trick (together with "localhost RELAY" in sendmail
> access)? I can't believe ...
> how can i configure sendmail to stop that?
These are your nameservers for IP 222.255.31.21
vdc-hn01.vnn.vn. 86400 IN A 203.162.0.11
hcm-server1.vnn.vn. 86400 IN A 203.162.4.1
dig -x 222.255.31.21 resolves to
;; ANSWER SECTION:
21.31.255.222.in-addr.arpa. 86400 IN PTR localhost.
This appears to be a DNS PTR record problem.
Also check 'hostname' on the server and see how it is setup
Gerald
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.