sendmail log question?
in [Sendmail]
|
From: Knute Johnson on 20 Jul 2008 20:53 I'm running Fedora 9 with sendmail-8.14.2-1.fc8. I'm also running denyhosts which puts SSH hacker's IPs in deny.hosts. I'm getting a log entry I don't understand; **Unmatched Entries** warning: /etc/hosts.deny, line 2305: can't verify hostname: getaddrinfo(196-201-135-143.iwayafrica.com, AF_INET) failed: 3 Time(s) and I'm getting a lot of them. Line 2305 of hosts.deny is; ALL: 83.72.199.48.ip.tele2adsl.dk I don't understand what exactly the error message means and I'm not even sure it is being generated directly by sendmail. Can anybody explain this a little so maybe I can solve the fault. Thanks, -- Knute Johnson email s/nospam/knute2008/ -- Posted via NewsDemon.com - Premium Uncensored Newsgroup Service ------->>>>>>http://www.NewsDemon.com<<<<<<------ Unlimited Access, Anonymous Accounts, Uncensored Broadband Access
From: Andrzej Adam Filip on 21 Jul 2008 03:41 Knute Johnson <nospam(a)rabbitbrush.frazmtn.com> wrote: > I'm running Fedora 9 with sendmail-8.14.2-1.fc8. I'm also running > denyhosts which puts SSH hacker's IPs in deny.hosts. I'm getting a > log entry I don't understand; > > **Unmatched Entries** > warning: /etc/hosts.deny, line 2305: can't verify hostname: > getaddrinfo(196-201-135-143.iwayafrica.com, AF_INET) failed: 3 Time(s) > > and I'm getting a lot of them. Line 2305 of hosts.deny is; > > ALL: 83.72.199.48.ip.tele2adsl.dk > > I don't understand what exactly the error message means and I'm not > even sure it is being generated directly by sendmail. Can anybody > explain this a little so maybe I can solve the fault. Have you considered using IP addresses instead of RDNS names? I guess the link below may be also relevant: http://bad.debian.net/list/2001-December/001733.html -- [pl>en Andrew] Andrzej Adam Filip : anfi(a)priv.onet.pl : anfi(a)xl.wp.pl "But this one goes to eleven." -- Nigel Tufnel
From: Knute Johnson on 21 Jul 2008 11:48 Andrzej Adam Filip wrote: > Knute Johnson <nospam(a)rabbitbrush.frazmtn.com> wrote: > >> I'm running Fedora 9 with sendmail-8.14.2-1.fc8. I'm also running >> denyhosts which puts SSH hacker's IPs in deny.hosts. I'm getting a >> log entry I don't understand; >> >> **Unmatched Entries** >> warning: /etc/hosts.deny, line 2305: can't verify hostname: >> getaddrinfo(196-201-135-143.iwayafrica.com, AF_INET) failed: 3 Time(s) >> >> and I'm getting a lot of them. Line 2305 of hosts.deny is; >> >> ALL: 83.72.199.48.ip.tele2adsl.dk >> >> I don't understand what exactly the error message means and I'm not >> even sure it is being generated directly by sendmail. Can anybody >> explain this a little so maybe I can solve the fault. > > Have you considered using IP addresses instead of RDNS names? Somebody else mentioned that they had a problem with names in deny.hosts. I'm not sure how to get denyhosts to put IP addresses instead of the name. I'll have to ask on the denyhosts list. > I guess the link below may be also relevant: > http://bad.debian.net/list/2001-December/001733.html Thanks, I'll look at that. -- Knute Johnson email s/nospam/knute2008/ -- Posted via NewsDemon.com - Premium Uncensored Newsgroup Service ------->>>>>>http://www.NewsDemon.com<<<<<<------ Unlimited Access, Anonymous Accounts, Uncensored Broadband Access
From: Moe Trin on 21 Jul 2008 20:39 On Sun, 20 Jul 2008, in the Usenet newsgroup comp.mail.sendmail, in article <4883de0a$0$4033$b9f67a60(a)news.newsdemon.com>, Knute Johnson wrote: >I'm running Fedora 9 with sendmail-8.14.2-1.fc8. I'm curious why the mix. FC9 came out of the box two months ago with sendmail-8.14.2-4.fc9, while that sendmail-8.14.2-1.fc8 is an errata or update to FC8 that came out about 8 months ago. >I'm also running denyhosts which puts SSH hacker's IPs in deny.hosts. Are you a world traveler, or do you have users authorized to log into your system from every IP address in the world? You'll find you will waste less CPU cycles by configuring your firewall to only allow connections to your SSH server from IP addresses you actually expect may have a legitimate reason to connect. For me, that means allowing just 1536 IP addresses (a /22 and two /24s) out of the 2676890800 IPv4 addresses in current use in the entire world. Or would you rather continue until your /etc/hosts.deny has two and a half billion lines? > **Unmatched Entries** > warning: /etc/hosts.deny, line 2305: can't verify hostname: >getaddrinfo(196-201-135-143.iwayafrica.com, AF_INET) failed: 3 Time(s) [compton ~]$ host 196.201.135.143 143.135.201.196.IN-ADDR.ARPA domain name pointer 196-201-135-143.iwayafrica.com [compton ~]$ host 196-201-135-143.iwayafrica.com Host not found. [compton ~]$ Hey - you're lucky they've figured out how to create a PTR record in their DNS. Just because it doesn't point to a name with an A record... >and I'm getting a lot of them. Line 2305 of hosts.deny is; > >ALL: 83.72.199.48.ip.tele2adsl.dk You may want to read the documentation that comes with tcp_wrappers, specifically the man page (man 5 hosts_access). Read specifically the section "ACCESS CONTROL FILES". I find it useful to keep 'names' out of these files - because you're assuming that everyone has properly set up A and PTR records in their DNS that match (as you see here, this isn't always the case). As regards the line number, I can't recall if tcp_wrappers/libwrap starts counting from line zero or one. Old guy
From: Knute Johnson on 21 Jul 2008 21:27 Moe Trin wrote: > On Sun, 20 Jul 2008, in the Usenet newsgroup comp.mail.sendmail, in article > <4883de0a$0$4033$b9f67a60(a)news.newsdemon.com>, Knute Johnson wrote: > >> I'm running Fedora 9 with sendmail-8.14.2-1.fc8. > > I'm curious why the mix. FC9 came out of the box two months ago with > sendmail-8.14.2-4.fc9, while that sendmail-8.14.2-1.fc8 is an errata > or update to FC8 that came out about 8 months ago. My mistake, the server box is still running F8, so I think that is the correct sendmail. >> I'm also running denyhosts which puts SSH hacker's IPs in deny.hosts. > > Are you a world traveler, or do you have users authorized to log into > your system from every IP address in the world? You'll find you will > waste less CPU cycles by configuring your firewall to only allow > connections to your SSH server from IP addresses you actually expect > may have a legitimate reason to connect. For me, that means allowing > just 1536 IP addresses (a /22 and two /24s) out of the 2676890800 IPv4 > addresses in current use in the entire world. Or would you rather > continue until your /etc/hosts.deny has two and a half billion lines? That's why I have the denyhosts running, because I need to ssh into the box from IPs that I don't know before I leave. >> **Unmatched Entries** >> warning: /etc/hosts.deny, line 2305: can't verify hostname: >> getaddrinfo(196-201-135-143.iwayafrica.com, AF_INET) failed: 3 Time(s) > > [compton ~]$ host 196.201.135.143 > 143.135.201.196.IN-ADDR.ARPA domain name pointer 196-201-135-143.iwayafrica.com > [compton ~]$ host 196-201-135-143.iwayafrica.com > Host not found. > [compton ~]$ > > Hey - you're lucky they've figured out how to create a PTR record in > their DNS. Just because it doesn't point to a name with an A record... > >> and I'm getting a lot of them. Line 2305 of hosts.deny is; >> >> ALL: 83.72.199.48.ip.tele2adsl.dk > > You may want to read the documentation that comes with tcp_wrappers, > specifically the man page (man 5 hosts_access). Read specifically > the section "ACCESS CONTROL FILES". I find it useful to keep 'names' > out of these files - because you're assuming that everyone has properly > set up A and PTR records in their DNS that match (as you see here, this > isn't always the case). As regards the line number, I can't recall > if tcp_wrappers/libwrap starts counting from line zero or one. > > Old guy Thanks, that name problem is coming from denyhosts. I think I'm going to have to talk to them about that. Thanks for the response. -- Knute Johnson email s/nospam/knute2008/ -- Posted via NewsDemon.com - Premium Uncensored Newsgroup Service ------->>>>>>http://www.NewsDemon.com<<<<<<------ Unlimited Access, Anonymous Accounts, Uncensored Broadband Access
|
Next
|
Last
Pages: 1 2 Prev: daemon MTA-IPv4: Problem creating SMTP socket? Next: DSN: Service unavailable |