You don't say what OS you're running or how you are running it. tcpd will do paranoia checks - forward/reverse DNS.
Also qpopper will do a reverse lookup. My view is that if you don't have reverse DNS set up, then you shouldn't be on the Internet. Much of that comes from dealing with MTAs a lot. Machines with IP addresses MUST have forward and reverse DNS entries. Failing to do that under the poor excuse of "it adds security" just further indicates that they don't know how the Internet works. If this (xx.xx.xx.xx) is a machine under your control, fix DNS. If not, well, grep is a lovely option. Most people do, I presume, periodically cull the log files and run reports on them. Quoting Richard Gration ([EMAIL PROTECTED]): > Hi all, > > My maillog is full of lines like the following > > Sep 2 10:22:56 myhost /usr/local/sbin/popper[8503]: (v4.0.3) Unable to get > canonical name of client xx.xx.xx.xx: Unknown host (1) > > These occur about 3 times a minute. They are making it difficult to see > genuine entries in the maillog. Is there any way of filtering them? I would > like to leave reverse DNS lookups on, but I would like to do one of the > following (in order of preference): > > a) turn off reverse for this host > b) log the messages elsewhere > c) stop logging errors for failed reverse lookups > d) attack with an axe the isp resonsible for providing reverse DNS for the IP > range in question > > Could anybody please help?
