[exim] DNS lookups for inactive domain during SMTP message receipt

lists.exim.org--- via Exim-users Fri, 11 Mar 2022 09:23:06 -0800

I've had no success in trying to find out why the following is occurringduring every SMTP message delivery - extract from Exim log:

2022-03-11 12:58:02 no IP address found for hostpermission.impactdatastamp.com (during SMTP connection fromhh.schlittermann.de [213.128.132.49])2022-03-11 13:00:32 no IP address found for hostpermission.impactdatastamp.com (during SMTP connection fromhh.schlittermann.de [213.128.132.49])2022-03-11 13:03:26 no IP address found for hostpermission.impactdatastamp.com (during SMTP connection frommail135.sea101.rsgsv.net [148.105.15.135])2022-03-11 13:04:08 no IP address found for hostpermission.impactdatastamp.com (during SMTP connection frommail116.atl261.mcdlv.net [198.2.142.116])

Looking at the DNS name server logs, the lookup is being performed as aninternal lookup:

11-Mar-2022 13:00:32.420 client @0x7fb9840697a0 127.0.0.1#34558(permission.impactdatastamp.com): query: permission.impactdatastamp.comIN A + (127.0.0.1)11-Mar-2022 13:00:32.420 client @0x7fb97c090040 127.0.0.1#43036(permission.impactdatastamp.com.crorie.com): query:permission.impactdatastamp.com.crorie.com IN A + (127.0.0.1)11-Mar-2022 13:03:26.132 client @0x7fb97c040160 127.0.0.1#44920(permission.impactdatastamp.com): query: permission.impactdatastamp.comIN A + (127.0.0.1)11-Mar-2022 13:03:26.132 client @0x7fb9840697a0 127.0.0.1#57632(permission.impactdatastamp.com.crorie.com): query:permission.impactdatastamp.com.crorie.com IN A + (127.0.0.1)11-Mar-2022 13:04:08.438 client @0x7fb984021990 127.0.0.1#48885(permission.impactdatastamp.com): query: permission.impactdatastamp.comIN A + (127.0.0.1)11-Mar-2022 13:04:08.438 client @0x7fb984021990 127.0.0.1#59037(permission.impactdatastamp.com.crorie.com): query:permission.impactdatastamp.com.crorie.com IN A + (127.0.0.1)

That domain hasn't been active for some considerable while and as partof my investigation I am searching the entire server for this textstring with:


grep -rwl permission.impactdatastamp.com /

Interestingly, this has turned up old Exim log records of a bouncemessage from this server just over three years ago /(I'm a log filehoarder!)/:

2019-11-06 07:42:04 Received from [email protected]H=permission.impactdatastamp.com [51.254.178.113] P=esmtp S=16017id=2818260std2xt27d6f682602529bb459665e5a2d450472818...@permission.impactdatastamp.com2019-11-06 07:42:10 [redacted inbound e-mail address]: amavis transportsucceeded

2019-11-06 07:42:10 Received from [email protected]H=localhost [127.0.0.1] P=esmtp S=16555id=2818260std2xt27d6f682602529bb459665e5a2d450472818...@permission.impactdatastamp.com2019-11-06 07:42:10 [redacted inbound e-mail address]: local_deliverytransport succeeded

2019-11-06 07:42:10 [redacted inbound e-mail address]: children all complete

There are two message log entries because I use amavis to divert inboundmessages for scanning by clamd. I've no reason to believe that there hasbeen any compromise of the mail server.

--
footer

/NB - The e-mail address from which this message is sent has beencreated to detect the inadvertent leakage of the writer's personal datato third parties and to provide the opportunity to deal with thissituation if it occurs: *no adverse conclusion should be inferred fromits use for this purpose.*/


_________________________________________________________________

This communication is intended for the addressee only.
Please let the sender know by e-mail if you receive
this in error. Thank-you for your co-operation.

If you have not imported CAcert's root certificate, please go to here<https://www.cacert.org/index.php?id=3>

Root certificate fingerprint (SHA256) = 07ED BD82 4A49 88CF EF42 15DA20D4 8C2B 41D7 1529 D7C9 00F5 7092 6F27 7CC2 30C5Root certificate fingerprint (SHA1) = DDFC DA54 1E75 77AD DCA8 7E88 27A98A50 6032 52A5



--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

[exim] DNS lookups for inactive domain during SMTP message receipt

Reply via email to