1

Topic: address not listed for hostname

Hello,

I get the following connections in mail.log today (hundreds of connections). It is probably a spammer trying to send an email. But what is the reason for the warning ? Is it because of the wrong DNS configuration of the sender: multacom ? Or a DNS Spoofing ? When I did "nslookup 74-115-52-198-dedicated.multacom.com", I got a different IP address: 204.13.152.7.

Jun 23 22:11:50 mx postfix/smtpd[20166]: connect from unknown[198.52.115.74]
Jun 23 22:11:50 mx postfix/smtpd[20166]: lost connection after UNKNOWN from unknown[198.52.115.74]
Jun 23 22:11:50 mx postfix/smtpd[20166]: disconnect from unknown[198.52.115.74]
Jun 23 22:11:50 mx postfix/smtpd[20166]: warning: 198.52.115.74: address not listed for hostname 74-115-52-198-dedicated.multacom.com

2

Re: address not listed for hostname

Caused by incorrect reverse DNS:

$ host 198.52.115.74
74.115.52.198.in-addr.arpa domain name pointer 74-115-52-198-dedicated.multacom.com.

$ host 74-115-52-198-dedicated.multacom.com
74-115-52-198-dedicated.multacom.com has address 204.13.152.7

Reference: http://tech.groups.yahoo.com/group/post … age/274279 (Wietse wrote this post, he is author of Postfix)

Wietse wrote:

FYI,

I have changed the warnings from the code that implements
forward-confirmed reverse DNS (FCRDNS).

When the "reverse" name has no IP address:

hostname foo.example.com does not resolve to address 1.2.3.4:
host not found, try again

When the "reverse" has some address but not the expected address:

hostname foo.example.com does not resolve to address 1.2.3.4

The old warnings were very different.

1.2.3.4: hostname foo.example.com verification failed: host
not found, try again

1.2.3.4: address not listed for hostname foo.example.com

That's in both smtpd(8) and qmqpd(8).

Wietse