Re: All Mail server admins...

In article <Czt0b.77012$>,
says...
> Howdy
>
> Starting last night according to my mail logs, I've been getting alot of the
> following:
>
> Tue 2003-08-19 06:07:35: [444:6889] Accepting SMTP connection from
> [164.229.2.93]
> Tue 2003-08-19 06:07:35: [444:6889] Looking up PTR record for 164.229.2.93
> (93.2.229.164.IN-ADDR.ARPA)
> Tue 2003-08-19 06:07:37: [444:6889] D=93.2.229.164.IN-ADDR.ARPA TTL=(1440)
> PTR=[navgw.hq.cnrf.navy.mil]
> Tue 2003-08-19 06:07:37: [444:6889] Gathering A-records for PTR hosts
> Tue 2003-08-19 06:07:37: [444:6889] A-record resolution of
> [navgw.hq.cnrf.navy.mil] in progress (DNS Server: 209.53.4.130)...
> Tue 2003-08-19 06:07:37: [444:6889] D=navgw.hq.cnrf.navy.mil TTL=(360)
> A=[164.229.16.230]
> Tue 2003-08-19 06:07:38: [444:6889] Reverse lookup configured to drop
> connection on PTR record miss-match.
> Tue 2003-08-19 06:07:38: [444:6889] 501 Domain must resolve
> Tue 2003-08-19 06:07:38: [444:6889] SMTP session abnormally terminated, 0
> bytes transferred.
>
> Normally I would get probes like this from parts of Asia and some parts of
> Europe. This is a little abnormal, coming from a navy military IP. What
> gives?
>

That's not a probe, it's a mail server trying to send you e-mail but
your MTA is configured to drop the connection if forward and reverse dns
do not match. Many configure their mail gates like this in an attempt
to dump spam, which it does. However it will have a very high false
positive rate due to how some MTA's are set up in larger environments.
This means that in addition to blocking spam, it will block lots of
legit mail too. My guess on this particular mail was a bounce from an
antivirus gateway rejecting a worm mail that had forged your address.
Not spam, not quite legit mail, but does demonstrate that no one from
that mil server can e-mail you.

/steve
--
Check out Cotse's Privacy Watch.
A comprehensive information resource.
http://www.cotse.net/privacy/

Stephen K. Gielda