Sendmail IP DNS Mismatch

[MASTERARIES]

Dear All

This Problem has happened recently as we have been sending email to DSA for years, and even with the new mail server on fedora 4 using sendmail for the past 6 months without incident.

nslookup resolves ip 196.x.x.x ok of late the emails are being sent to this unknown adsl ip 41.x.x.x Why now all of a sudden, and changing dns servers has not helped

As the email disappears there is no receipt of errors at all so for a week we assumed they were still getting mail.

According to DSA they have changed nothing so I am at a loss, any ideas would be greatly appreciated.

Sincerely

Master-Aries

(MA)

 

[elgrandeperro]

Check the MX record for DSA, on your mail server.
Check that you aren't subverting this with a mailertable.
Check that the messages aren't queued on your server.
Check to see if the "spoofer" is accepting the mail in your logs.
Does all your mail go to 41.X.X.X or only DSA?

I always check things using telnet to spoof some mail.

 

[MASTERARIES]

In the mean time I have upgraded sendmail to Sendmail version 8.13.1, config V10/Berkeley on fedora core 2, hoping in vain that this would change things but no it does not.

Another strange thing is that I get two verifications of this mail and yes only dsa seems to have this problem all other mail works fine.

Jul 27 09:52:56 mail sendmail[21935]: m6R7qXf2021933: to=<xxxxx@dsa>, ctladdr=<xxx@xxx> (500/500), delay=00:00:22, xdelay=00:00:22, mailer=esmtp, pri=30418, relay=mail.dsaxxx[41.204.200.5], dsn=2.0.0, stat=Sent (OK id=1KN1BB-0000S2-Be)
Jul 27 09:52:56 mail sendmail[21935]: m6R7qXf2021933: to=<xxxxx@dsa>, ctladdr=<xxxx@xxxx> (500/500), delay=00:00:22, xdelay=00:00:22, mailer=esmtp, pri=30418, relay=mail.dsaxxxx [41.204.200.5], dsn=2.0.0, stat=Sent (OK id=1KN1BB-0000S2-Be)


In reply to your other questions I do not have a mailertable, yes my spooler is accepting logs, and yes check MX record.


What is strange is that it is only dsa.

Sincerely

MASTER-ARIES
(MA)

 

[elgrandeperro]

Is the right hand side of the TO fully qualified?

 

[MASTERARIES]

I killed -9 process 7842 which was an LF error repeated ad Nauseaum.

dsa-arch.com ip is 196.31.48.202 yet with available attempts it still resolves to 41.x.x.200 dsa changed nothing, changing dns changed nothing, using nslooup resolves as 41 set type=mx changed to dsa mail server send mail it goes back to 41.

Tried adding mailertable unsuccessful changed nsswitch.conf by hosts added following line ... hosts: files dns if you take dns away it resolves to 196 put dns back it resolves 41 only problem you then can only resolve to dsa and no one else.

 

[elgrandeperro]

That is why I ask. The mail address is @dsa, not @dsa-arch.com, which is different. The resolver will try to add different domains (from your searchpath in /etc/resolv.conf) to dsa, and it probably is getting some match. (This goes with the assumption that the logfile posted is approximately what I see).

 

[MASTERARIES]

Dear all

Apologies upfront for not following your instructions:

The chain of events are as follows:

1: in the first week of this month past I had an LF error repeated some 5003400 times hence killed that process.
2: DSA did not receive any mail from us sending on ip 41
3: pure-cons.com had same problem the only difference is that the host could not be resolved, noticing that they both resolved ips on 196.7.147.235 but sent of different ip's I also noticed that when flushing the queued messages which only contained pure-cons.com it went through on the correct ip according to mx-toolbox.com.
3: On further examination we found the entry in the mailertable that we tried to create after this problem occurred was in error we then noticed in nslookup that dsa was finding dns as in resolv.conf 168.210.2.2 as opposed to the address 196.7.147.235 but was still sending on 41.x.x.200 after restarting sendmail did it finally send to DSA.
4: Now here is where I almost lost it with Linux and sendmail, to test my theory that this had nothing to do with the addition of a mailertable we removed the entry DSA and looki looki it still sent email on the correct address, assuming my hypothesis that somehow dns and sendmail were not communicating properly, but what caused the mismatch is unclear.

I thank All those responding to this post and for their insights,

Sincerely

MASTER-ARIES