On Thu, 5 Jan 2006, Bill wrote: > On 12/29/05, Alan J. Flavell <[EMAIL PROTECTED]> wrote: > > Something is provoking your exim into attempting to look up > > the name smtp05.dc2.safesecureweb.com in the early stages of > > the transaction from IP 81.161.250.78. > > > > Could it be that these abusers are trying to present that domain in > > the HELO/EHLO, and your exim configuration causes it to be verified? > > > Thanks for the reply Alan.
Unfortunately, I now think it's rubbish. If the remote MTA had been trying to present that in its HELO, I think that would have been evident from the log line, as in: 2005-12-28 16:51:08 H=(81.161.250.78) [81.161.250.78] F=<xddukiakwlat[at]yahoo.com> rejected RCPT <asqctqzmrewfgafaije[at]artis.com.pl>: Unrestricted relaying not permitted but there's mo sign of it there. So I withdraw that misleading suggestion... I now think that exim is trying to look up either *your* IP address or *your* DNS name. For whatever reason. I've looked back on the thread, and you don't seem to have stated what your own IP address is for this smtp05 host. As was already said in other postings on the thread: one possibility is that there's a reference to this FQDN in your configuration file, in such a context that exim is trying to look it up. The only other possibility I could think of is that exim has some reason to look up the IP in question (i.e your *own* IP, not the IP of the calling MTA), and *that* IP's PTR record really does look up to smtp05.dc2.safesecureweb.com, and then exim is trying to confirm that for its bothways lookup. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
