[Mimedefang] Sendmail reverse DNS not making it to MIMEDefang

[Joseph Brennan]

--On Tuesday, May 13, 2008 14:58 -0400 Jeff Rife <mimedefang at nabs.net> 
wrote:

> A snippet from my maillog:
>
> May 13 14:47:25 saber sendmail[14816]: NOQUEUE: connect from
> host.lightcore.net [204.9.124.194] (may be forged)
> May 13 14:47:25 saber mimedefang.pl[8077]: filter_relay: 204.9.124.194;
> [204.9.124.194]
> May 13 14:47:25 saber mimedefang.pl[8077]: filter_relay:
> '204.9.124.194' is black-listed
> May 13 14:47:25 saber mimedefang.pl[8077]: filter_relay rejected host
> 204.9.124.194 ([204.9.124.194])
> May 13 14:47:25 saber sendmail[14816]: m4DIlPFi014816: Milter: connect:
> host=host.lightcore.net, addr=204.9.124.194, rejecting commands
>
> Sendmail obviously is looking up 204.9.124.194 and getting the name
> (host.lightcore.net), but my logging in filter_relay isn't picking it
> up:
>
> sub filter_relay
> {
> my ($ip, $hostname) = @_;
>
> md_syslog('info', "filter_relay: $ip; $hostname");
>
> ...
>
> }
>
> Has anyone else seen this, or am I doing something wrong?


The host has a PTR to a name that has no A record.  That's why
you see "(may be forged)".  Sendmail does not report that name to
milter.  Note,

$ host 204.9.124.194
194.124.9.204.in-addr.arpa domain name pointer host.lightcore.net.
$ host host.lightcore.net
Host host.lightcore.net not found: 3(NXDOMAIN)


Joseph Brennan
Lead Email Systems Engineer
Columbia University Information Technology