Somebody is trying to send email to your system, but the hostname that they are supplying in the HELO command, when resolved via DNS, is returning a different IP address. Your IDS is reporting the mismatch as an attempt by the sending machine to impersonate (spoof) the source email address. However, since the addresses are only 4 apart, odds are very good that no deceit is intended. You *might* ask the admins of that site to fix either the configuration of their outbound relay or their DNS mappings, but they may choose not to do either -- in which case, your remaining option is to disable/ignore this warning, or at least make it less sensitive. Dave Gillett On 9 Sep 2001, at 9:13, afdeling automatisering wrote: > Goodmorning, > > Can anyone help this keep up turning in my messagesfile > > Sep 9 08:05:52 mail netacl[28455]: permit host=unknown/133.72.52.16 > service=smtpd execute=/usr/local/sbin/smtpd > Sep 9 08:15:50 mail netacl[28462]: securityalert: possible spoof > /133.72.52.16 != 133.72.52.12 name lookup mismatch > Sep 9 08:15:50 mail netacl[28462]: permit host=unknown/133.72.52.16 > service=smtpd execute=/usr/local/sbin/smtpd > Sep 9 08:25:58 mail netacl[28467]: securityalert: possible spoof > /133.72.52.16 != 133.72.52.12 name lookup mismatch > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls > _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
