Am 10.11.2007 um 13:32 schrieb Gerald Waugh:
>>
>> hi,
>> i found the following log entry:
>>
>> Nov 10 02:05:01 gnom5 sendmail[3913]: lAA14tZ9003913:
>> from=<Sdunaycef (at mark) myfirstmail.com>, size=27676, class=0, nrcpts=1,
>> msgid=<2B34FADC.336B0E30 (at mark) myfirstmail.com>, proto=SMTP, daemon=MTA,
>> relay=localhost [222.255.31.214] (may be forged)
>> Nov 10 02:05:17 gnom5 sendmail[4450]: lAA14tZ9003913:
>> to=wburmester (at mark) textile-pressing.de, delay=00:00:19, xdelay=00:00:00,
>> mailer=esmtp, pri=58770, relay=mail.textile-pressing.de.
>> [85.182.255.114], dsn=5.7.1, stat=User unknown
>>
>> none of them is my ip or domain ... but 222.255.31.21 resolves to
>> localhost ...
>>
>> ;; ANSWER SECTION:
>> 214.31.255.222.in-addr.arpa. 78975 IN PTR localhost.
>>
>> is this the trick (together with "localhost RELAY" in sendmail
>> access)? I can't believe ...
>> how can i configure sendmail to stop that?
>
> These are your nameservers for IP 222.255.31.21
> vdc-hn01.vnn.vn. 86400 IN A 203.162.0.11
> hcm-server1.vnn.vn. 86400 IN A 203.162.4.1
>
> dig -x 222.255.31.21 resolves to
> ;; ANSWER SECTION:
> 21.31.255.222.in-addr.arpa. 86400 IN PTR localhost.
>
> This appears to be a DNS PTR record problem.
> Also check 'hostname' on the server and see how it is setup
>
> Gerald
The Problem is: those are NOT my nameservers! Those are the
nameserver of the spam-provider!
My question is: "Is this enough (let your in-addr zone point to
localhost) to use a default BQ-Server as an open relay?