On Friday, 19 September 2003 at  3:20:21 +0000, Mark wrote:
> On  Friday, September 19, 2003 2:44 AM, Mark wrote:
>>
>>>> Thanks to Kris I found the new sendmail. :) But a slight anomaly occurs
>>>> in> 8.12.10:
>>>>
>>>> AUTH=server, relay=my-xp-machine.net [192.168.1.3] (may be forged),
>>>> authid=admin
>>>>
>>>> That is odd; why would it suddenly say "may be forged"?
>>>
>>> Hmm, this wouldn't, by any chance, have anything to do with Verisign's
>>> latest DNS crap, would it? Kinda like a preemptive caution that a "net"
>>> domain might be fake?
>>
>> No, this is the result of a failed reverse DNS lookup or a failed
>> consistency check between forward and reverse DNS. Given that the
>> address is in the non-routable RFC 1918 range, this is to be expected.
>
> Then why does it not occur in 8.12.9? If I start my 8.12.9 sendmail, it does
> NOT say "may be forged". Did something change in-between versions?

It would seem so.

> Here is why I think it seems related to Verisign somehow:
>
> asarian-host: {root} % nslookup my-xp-machine.net
> Name:    my-xp-machine.net
> Address:  64.94.110.11

Ah.  But this is an invalid domain.

> Maybe 8.12.10 picks up on the IP-mismatch?

But we're looking at the reverse lookup first.  There's no global
reverse lookup for that network, but that doesn't mean that there
aren't local name servers which handle it.

> But that still does not explain why my 8.12.9 sendmail does not say
> "may be forged". And if I change /etc/hosts to have 192.168.1.3
> called "my-xp-machine.ORG", then the error goes away, in 8.12.10
> too!

Yes, that's a feature, not a bug.

Greg
--
When replying to this message, please copy the original recipients.
If you don't, I may ignore the reply or reply to the original recipients.
For more information, see http://www.lemis.com/questions.html
See complete headers for address and phone numbers

Attachment: pgp00000.pgp
Description: PGP signature

Reply via email to