IP name possibly forged

  • 306 views
  • Read

These days got a sendmail issue and fixed it after some research and tests, and I though it could be shared here.

The primary email server was 192.168.3.40 and was used as relay server to send email to the internet, and I was configuring another server 192.168.6.23 to send email through the relay server.

I added the network 192.168.6 to the access file and generated new access.db file, while when I did the test I got below error:

Apr 10 21:46:52 ServerA sendmail[12680]: w3ADkqYT012680: ruleset=check_rcpt, arg1=<xxxxxx@cn.ibm.com>, relay=212.215.xxnet [2XX.1XX.212.215] (may be forged), rej
ect=550 5.7.1 <xxxxxx@cn.ibm.com>... Relaying denied. IP name possibly forged [2XX.1XX.212.215]

I made sure the email address xxxxxx@cn.ibm.com could receive email without any issue, and I did not know where the ip address 2XX.1XX.212.215 came.

I searched and found one reason was that the A record of the DNS server was different, while for me I did not use DNS to lookup both hostnames but the /etc/hosts files, and of course they matched on both servers.

At the beginning I lost minds in the sendmail configurations and wasted much time in finding the issues in the config files, while eventually I found the reason with really simple traceroute command:

On ServerA(192.168.3.40):
traceroute 192.168.6.23
traceroute to 192.168.6.23 (192.168.6.23), 30 hops max, 38 byte packets
 1  192.168.3.2 (192.168.3.2)  0.987 ms  1.097 ms  0.960 ms
 2  212.215.xxnet (2XX.1XX.212.215)  1.276 ms  1.288 ms  1.519 ms

On ServerB(192.168.6.23):
traceroute 192.168.3.40
traceroute to 192.168.3.40 (192.168.3.40), 30 hops max, 60 byte packets
 1  192.168.6.1 (192.168.6.1)  5.874 ms  5.849 ms  5.836 ms
 2  192.168.6.1 (192.168.6.1)  5.873 ms  5.911 ms  5.938 ms

As I checked this issue remotely and had no idea about the network configurations, so I did not think public ip address was used in the network path.

To fix this issue, I added the ip address 2XX.1XX.212.215 to the access file and then I would still get below warning:

Apr 15 23:28:21 ServerA sendmail[16329]: w3FFSKEU016329: from=<xxxxxx@ServerB>, size=494, class=0, nrcpts=1, msgid=<20180415152821.511084122F@ServerB>, proto=ESMTP, daemon=MTA, relay=212.215.xxnet [2XX.1XX.212.215] (may be forged)

While the email would be sent out. IP name possibly forged

  • by Published on 16/04/2018 22:44:38
  • Repost please keep this link: https://www.dbcloudsvc.com/blogs/linux/ip-name-possibly-forged/
匿名

Comment

Anonymous Write

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

Decide