Ron Leach
2016-03-02 15:28:29 UTC
List, good afternoon,
I run an Exim4 system using Debian oldstable (Wheezy) and, in the
mainlog, *every* 27 minutes, is:
no host name found for IP address <ipv4>
(where <ipv4> is one, specific, IP address, every time).
whois indicates that the IP address is that of a commercial entity in
another continent, with whom we have no connection as far as we know.
There is no other type of log entry related to this IP address,
there is no log of either an attempted send to one of our users, nor
any attempt to relay elsewhere. The logged entry is every 27 minutes
irrespective of any other incoming messages, of which there are
relatively few; this is not a high volume MTA.
Archived comments on various exim lists suggest that this log entry is
merely a 'warning', and caused by the sender having no rDNS entry.
Nevertheless, despite the entry being only a warning, and despite the
- apparent - absence of any other attempt to send a message either to
us or to relay elsewhere or, even, to send a (detectedly) malformed
message, or attempt to authorise, its continuing, regular, appearance
is puzzling. I've decided to block that IP.
We use the single file of exim conf which includes a section for
defining a local list of IP addresses that should be blocked. The
list should be in the file
/etc/exim4/local_host_blacklist
which I've created and contains the single entry of that logged IP
address.
On updating the conf and restarting exim
# update-exim4.conf
- which did not report any config problems
# service exim restart
I was disappointed to see that the suspect IP is still being logged as
'no host name' every 27 minutes.
Is there any way I can prevent this IP address reaching exim?
I would be interested to understand better what type(s) of incoming
signal could trigger this log entry, and whether the entry can mean
anything other than absent rDNS.
Any insights would be much appreciated,
regards, Ron
I run an Exim4 system using Debian oldstable (Wheezy) and, in the
mainlog, *every* 27 minutes, is:
no host name found for IP address <ipv4>
(where <ipv4> is one, specific, IP address, every time).
whois indicates that the IP address is that of a commercial entity in
another continent, with whom we have no connection as far as we know.
There is no other type of log entry related to this IP address,
there is no log of either an attempted send to one of our users, nor
any attempt to relay elsewhere. The logged entry is every 27 minutes
irrespective of any other incoming messages, of which there are
relatively few; this is not a high volume MTA.
Archived comments on various exim lists suggest that this log entry is
merely a 'warning', and caused by the sender having no rDNS entry.
Nevertheless, despite the entry being only a warning, and despite the
- apparent - absence of any other attempt to send a message either to
us or to relay elsewhere or, even, to send a (detectedly) malformed
message, or attempt to authorise, its continuing, regular, appearance
is puzzling. I've decided to block that IP.
We use the single file of exim conf which includes a section for
defining a local list of IP addresses that should be blocked. The
list should be in the file
/etc/exim4/local_host_blacklist
which I've created and contains the single entry of that logged IP
address.
On updating the conf and restarting exim
# update-exim4.conf
- which did not report any config problems
# service exim restart
I was disappointed to see that the suspect IP is still being logged as
'no host name' every 27 minutes.
Is there any way I can prevent this IP address reaching exim?
I would be interested to understand better what type(s) of incoming
signal could trigger this log entry, and whether the entry can mean
anything other than absent rDNS.
Any insights would be much appreciated,
regards, Ron