All,
I run a set of public mail relays that have a pretty comprehensive
'email firewall' implementation that makes extensive use of ACLs and
perform a wide range of checks including RBLs, SMTP protocol, etc.
I run Exim 4.92 compiled from source on Ubuntu 16.04 LTS 64-bit.
All of my ACLs use 'warn' and I output messages with a single word
prefix like 'CONNECT', 'HELO', 'CRYPTO', 'MAIL', 'DKIM', 'CONTENT' so
that I can find out what's happening and debug things when they go
wrong. For the last could of years I have been seeing an odd log message:
no IP address found for host bazar2.conectiva.com.br
amongst the messages. I know its not one of mine as it doesn't have one
of my prefixes - I have highlightes in red:
2019-03-31 18:55:45 CONNECT: New connection from 195.169.149.119:33836
-> 195.171.43.32:25
2019-03-31 18:55:45 CONNECT: Host 195.169.149.119 whitelisted at
list.dnswl.org : 127.0.4.2
2019-03-31 18:55:45 HELO: Accepted HELO/EHLO vm6.ganeti.dyne.org from
remote host: 195.169.149.119 (vm6.ganeti.dyne.org)
2019-03-31 18:55:45 CRYPTO: Client 195.169.149.119:33836 issued STARTTLS
2019-03-31 18:55:45 HELO: Client 195.169.149.119:33836 using SSL/TLS
cipher: TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256
2019-03-31 18:55:45 HELO: Accepted HELO/EHLO vm6.ganeti.dyne.org from
remote host: 195.169.149.119 (vm6.ganeti.dyne.org)
2019-03-31 18:55:45 MAIL: Accept from: [email protected] host:
vm6.ganeti.dyne.org [195.169.149.119]
*2019-03-31 18:55:45 no IP address found for host
bazar2.conectiva.com.br (during SMTP connection from vm6.ganeti.dyne.org
[195.169.149.119])*
2019-03-31 18:55:45 1hAegL-0007cy-8z MIME: Type=multipart/mixed Size=2
2019-03-31 18:55:46 1hAegL-0007cy-8z MIME: Type=multipart/signed Size=2
2019-03-31 18:55:46 1hAegL-0007cy-8z MIME: Type=text/plain Size=1
2019-03-31 18:55:46 1hAegL-0007cy-8z MIME:
Type=application/pgp-signature Size=1 (Filename=signature.asc)
2019-03-31 18:55:46 1hAegL-0007cy-8z MIME: Type=text/plain Size=1
2019-03-31 18:55:46 1hAegL-0007cy-8z CONTENT: Start ACL with scan profile: 2
*2019-03-31 18:55:46 1hAegL-0007cy-8z no IP address found for host
bazar2.conectiva.com.br*
2019-03-31 18:55:46 1hAegL-0007cy-8z CONTENT: SPAM: Enabled in scan
profile (will test, reject at 5.0)
2019-03-31 18:55:46 1hAegL-0007cy-8z CONTENT: SPAM Score: -1.3 (-)
*2019-03-31 18:55:46 1hAegL-0007cy-8z no IP address found for host
bazar2.conectiva.com.br
2019-03-31 18:55:46 1hAegL-0007cy-8z no IP address found for host
bazar2.conectiva.com.br
2019-03-31 18:55:46 1hAegL-0007cy-8z no IP address found for host
bazar2.conectiva.com.br*
2019-03-31 18:55:46 1hAegL-0007cy-8z CONTENT: ClamAV: Enabled in scan
profile (will test)
2019-03-31 18:55:46 1hAegL-0007cy-8z CONTENT: Added custom header:
X-Scan-Signature: 7ab87d4d3ea1d9dcb73a78e83fe4d608
2019-03-31 18:55:46 1hAegL-0007cy-8z CONTENT: Checks completed, content
accepted
2019-03-31 18:55:46 1hAegL-0007cy-8z <= [email protected]
H=vm6.ganeti.dyne.org [195.169.149.119] P=esmtps
X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=5344
[email protected] T="Re: [DNG]
Kernel modules not found during Beowulf install"
The log message always refers to the hostname 'bazar2.conectiva.com.br'
irrespective of the actual host connected?
Has anyone else seen behaviour like this? or have an idea what it is or
where it is coming from?
Mike
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
