Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] multiple reverse entries

To: [email protected]
Subject: [FW-1] multiple reverse entries
From: Czeh Istvan <[email protected]>
Date: Thu, 18 Apr 2002 14:27:51 +0200
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>
User-agent: Mutt/1.3.27i

There are some problems with some incoming mails on my NG. The common
symptom at these mails is the multiple reverse DNS entry. Is it possible,
that NG doesn't support multiple reverse entries?

For example take a look at gene.com's MX servers' reverse entries:

gene.com.               5566    IN      MX      0 djinn.gene.com.
gene.com.               5566    IN      MX      0 genie.gene.com.
gene.com.               5566    IN      MX      0 efreet.gene.com.

djinn.gene.com.         81501   IN      A       djinn.gene.com
genie.gene.com.         15939   IN      A       128.137.1.1
efreet.gene.com.        5566    IN      A       128.137.1.77

# host djinn.gene.com
3.1.137.128.in-addr.arpa. domain name pointer djinn.gene.com.
3.1.137.128.in-addr.arpa. domain name pointer socks.gene.com.



If the NG receives a mail from a domain that has multiple entries on
its MX reverse address, the mail comes in, stays in the CP's spool for
20 minutes, and will be dropped with the "Message abandoned, being old"
error message.


I have found this in the logs:

A.B.D.C == my NG's public IP address

1;17Apr2002;18:38:53;A.B.C.D;log;accept;;daemon;inbound;VPN-1 & FireWall-1;genie-open.gene.com;12364;A.B.C.D;mail;tcp;;;7;;smtp;mail server;<[email protected]>(+)<[email protected]>(+)<[email protected]>(+)<[email protected]>;<[email protected]>(+)<[email protected]>(+)<[email protected]>(+)<[email protected]>;;;;;;;;
2;17Apr2002;18:58:57;A.B.C.D;log;accept;;eth0;outbound;VPN-1 & FireWall-1;A.B.C.D;1382;djinn.gene.com;mail;tcp;;;0;;;;;;;;;;;;
3;17Apr2002;18:58:57;A.B.C.D;log;reject;;daemon;inbound;VPN-1 & FireWall-1;genie-open.gene.com;12364;A.B.C.D;mail;tcp;;;7;smtp;mail dequeuer;;;<[email protected]>;Message abandoned, being old;;;;;;
4;17Apr2002;18:59:13;A.B.C.D;log;reject;;daemon;inbound;VPN-1 & FireWall-1;A.B.C.D;1000;djinn.gene.com;mail;tcp;;;7;smtp;;;<[email protected]>...;<[email protected]>;;originally;;;;;




Is it caused by the multiple reverse dns entries, or something else?

Additional infos:
OS: Linux RH 7.1
This is Check Point VPN-1(TM) & FireWall-1(R) NG Feature Pack 1 Build 51129


--
CZÉH, István                                           INFORNAX Computer
Tel: +36 88 591100       http://www.infornax.hu       Fax: +36 88 406489
GPG key fingerprint = 343F 0269 E30B EBC3 84AF  805A 7533 6F1F A32F 1A42

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: Re: [FW-1] malicious email - a humble suggestion submitted for your perusal
Next by Date: Re: [FW-1] Help - malicious email
Previous by thread: Re: [FW-1] malicious email - a humble suggestion submitted for your perusal
Next by thread: [FW-1] Mangement Console Migration
Index(es):
- Date
- Thread