[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fwtk-users
Subject:    SMAP w/ NoSpam! drops mail if 'possible spoof' securityalert
From:       "Ross E. Bergman" <rbergman () vividusa ! com>
Date:       1999-12-16 17:18:48
[Download RAW message or body]

[To be removed from this list send the message "unsubscribe fwtk-users" in the
BODY of a mail message to majordomo@ex.tis.com.]

I've been noticing that emails haven't been being received from such
sites as evite.com who generate a securityalert because their hostname
and registered IP address do not match.  The log files look like the
following:

Dec 16 12:05:01 vividusa smap[17873]: securityalert: possible spoof
quicksender.evite.com/206.132.142.106 != 206.132.142.100 name lookup
mismatch 

Dec 16 12:05:01 vividusa smap[17873]: connect
host=unknown/206.132.142.106

I understand what causes the possible spoof alert, but why is the smap
connection being dropped (there are no xma or sma files created,
there's no messages regarding smap exiting, and there are no
coredumps).

We are using FWTK 2.1 with the NoSpam! modifications, and the patch
discussed earlier for handling the problem with SMAP timing out while
receiving incoming mail.  I have a suspicion that this problem is
related to the NoSpam! modifications, only because I believe it has
worked properly before, when using the Hagan/Ellis anti-spam
modifications (we had to cease using those due to an email attachment
corruption problem we were unable to trace).

Thank you.


-------------------------------------------------------------------------------
	      Ross E. Bergman         Information Systems Manager
	      rbergman@vividusa.com   Vivid Technologies, Inc.
-------------------------------------------------------------------------------

[prev in list] [next in list] [prev in thread] [next in thread]