On Tue, 18 May 2004, Jeffrey Laramie wrote: > Morning All, > > The last 2 days it appears my mail server has incorrectly forwarded (or at > least attempted to forward) a message to the wrong IP. This is on a system > that had been running for months without change. Some additional info: > > SuSE 8.2 fully updated > XMail 1.17 > > Contents of custdomain tab file ubaight.com.tab: > "smtprelay" "smtp.ubaight.com" > > Entry in smtp log file: > "" "Trans-Star.net" "81.215.123.23" "2004-05-17 20:38:06" > "dsl81-215-31511.adsl.ttnet.net.tr" "ubaight.com" "[EMAIL PROTECTED]" > "[EMAIL PROTECTED]" "SC214" "RCPT=OK" "" "0" > "dsl81-215-31511.adsl.ttnet.net.tr" > "" "Trans-Star.net" "81.215.123.23" "2004-05-17 20:38:07" > "dsl81-215-31511.adsl.ttnet.net.tr" "ubaight.com" "[EMAIL PROTECTED]" > "[EMAIL PROTECTED]" "SC214" "RECV=OK" "" "1839" > "dsl81-215-31511.adsl.ttnet.net.tr" > > First 3 entries in firewall log of receiving server: > May 17 20:38:10 LServer1 kernel: Lan-Host: IN=eth0 OUT= > MAC=00:c0:f0:57:af:cc:00:0c:76:3a:30:94:08:00 SRC=192.168.0.2 DST=192.168.0.1 > LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=4638 DF PROTO=TCP SPT=32861 DPT=25 > WINDOW=5840 RES=0x00 SYN URGP=0 > May 17 20:46:12 LServer1 kernel: Lan-Host: IN=eth0 OUT= > MAC=00:c0:f0:57:af:cc:00:0c:76:3a:30:94:08:00 SRC=192.168.0.2 DST=192.168.0.1 > LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=4909 DF PROTO=TCP SPT=32862 DPT=25 > WINDOW=5840 RES=0x00 SYN URGP=0 > May 17 20:54:47 LServer1 kernel: Lan-Host: IN=eth0 OUT= > MAC=00:c0:f0:57:af:cc:00:0c:76:3a:30:94:08:00 SRC=192.168.0.2 DST=192.168.0.1 > LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=5154 DF PROTO=TCP SPT=32863 DPT=25 > WINDOW=5840 RES=0x00 SYN URGP=0 > > This hasn't happened before and I probably wouldn't have even noticed except > that it tried to send to one of my internal firewalled servers and the > packets were logged and dropped. There shouldn't be a problem with DNS since > the box XMail is on is also the authoritative name server for ubaight.com. > The rest of the mail for this domain is forwarded without problems and has > been for months. Any ideas why this is happening or any other info I can > provide?
Well, the only thing XMail does with such smtprelay handling is to use a gethostbyname() (read *system* DNS lookup) of smtp.ubaight.com and relay the message to it. If you see it sending to places it shouldn't, it means the DNS or the routing infrastructure did something funny. - Davide - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]