interesting. sounds a lot like: http://issues.apache.org/SpamAssassin/show_bug.cgi?id=3997
--j. Peter J. Holzer writes: > Yesterday I got a bounce because one of my servers was listed with > spamhaus. > > Except that it wasn't. The IP address in the error message was > completely different. Grepping back through my logs I found 4 more mails > in the last three months which were rejected where the IP-Address in the > error message doesn't match the IP address of the connection. > > Now, 5 false positives for 1.5 million connections (113000 of which were > rejected because of a listing in spamhaus) doesn't sound that bad, but > I'm worried because I have no idea how that could have happened. Some > wild hypotheses: > > * Sometimes forkserver gets confused when handling several parallel > connections and sets the wrong remote_ip. I don't see how this can > happen. Also, other messages from the same connection contain > the correct IP, so that doesn't seem to be the case. > > * dnsbl sometimes gets a response to a query sent by a different > forkserver child. I guess it would be possible that two forkserver > processes running after each other get the same UDP port and the > second gets a reply packet intended for the first. However, I would > expect that Net::DNS checks whether an answer matches the query it > sent ... > > * Sometimes spamhaus looks up the wrong record. Doesn't seem very likely > either. > > So, I'm kind of stumped. > > hp > > -- > _ | Peter J. Holzer | Ich sehe nun ein, dass Computer wenig > |_|_) | Sysadmin WSR | geeignet sind, um sich was zu merken. > | | | [EMAIL PROTECTED] | > __/ | http://www.hjp.at/ | -- Holger Lembke in dan-am
