[Mimedefang] HBEDV Reporting broken? - False Positives Reported
Ashley M. Kirchner
ashley at pcraft.com
Sun Dec 15 16:06:01 EST 2002
Albert E. Whale wrote:
>Looks more like Sendmail is doing the Lookup. Here's a sample of the logs.
>
>Dec 15 12:06:11 access2 sendmail[2953]: gBDJIOuj002074:
>to=<debra134 at kebi.com>, delay=1+21:23:24, xdelay=00:00:00,
>mailer=esmtp, pri=4262908, relay=kebi.com., dsn=4.0.0,
>stat=Deferred: Name server: kebi.com.: host name lookup failure
>Dec 15 13:09:17 access2 sendmail[5436]: gBDJIOui002074:
>to=<suzanne8004 at kebi.com>, delay=1+22:26:30, xdelay=00:00:56,
>mailer=esmtp, pri=4352763, relay=kebi.com., dsn=4.0.0,
>stat=Deferred: Name server: kebi.com.: host name lookup failure
>
>
This is sendmail (or the server it's on) not being able to resolve
kebi.com. What happened here (in order) is:
- someone at @kebi.com sent you a message with a virus attached.
- MD successfully identified this and blocked the message
- MD also attempted to notify the sender at kebi.com that their
message had a virus in it
- MD passed it's notification message back to sendmail for delivery
- sendmail was unable to resolve kebi.com and kept trying for a
while (couple of days)
- sendmail eventually gave up and dropped the message back in
postmaster at yourdomain (or root at yourdomain)
When I lookup kebi.com, I get a round robin answer containing 10
different IPs. If your mail server can't resolve the address, I'd say
you need to look at your DNS server and find out why it can't resolve
that address. It could be a simple case of it not allowing sendmail to
communicate with it...who knows.
More information about the MIMEDefang
mailing list