I have strange entries in a Domino server’s log. I am inspecting that log because that server was a victim of spam last week.In the log, Mail Routing Events, I see the following lines leveral times:
08/23/2010 08:46:10 PM SMTP Server: Remote host 113.167.111.249 (SERVER..local) found in blacklist at zen.spamhaus.org
08/23/2010 08:46:10 PM SMTP Server: Message from 113.167.111.249 (SERVER..local) rejected by DNS blacklist filter.
The internal ip-address of that server is in the 192.168 range, the external address points to the SMTP-server on that host. I also see some entries with another (fake?) ip-address (113.191.255.78)
What is happening here? Why looks it like this host name resolves to a fake(?) ip-address?
I have configured the Server Configuration document:Perform Anti-Relay enforcement for these connecting hosts: all connecting hosts.
Additional infi: when I do a tracert to this IP-adres it ends at vdn.vn (vietnam)
Koos van Harmelen