LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-10-2011, 11:31 AM   #1
cnmoore
Member
 
Registered: Sep 2010
Location: Sunnyvale, CA
Distribution: CentOS 5.5
Posts: 89

Rep: Reputation: 0
[SOLVED] Admin Policy Blocking --- Invalid local domain. How to interpret?


My logwatch daily report frequently has a section like this:
Code:
-------------------- EXIM Begin ------------------------


 --- Queue Runners ---

 --- Refused Relays 3 times

 --- Admin Policy Blocking ---
  Invalid local domain
    2011-03-09 04:50:18 :
    2011-03-09 04:50:18 :
    2011-03-09 04:50:18 :
    2011-03-09 04:50:18 :
etc.
I understand what local domain is, but what was someone trying to do? and which log if any would have the details?

I'm just curious.

Last edited by cnmoore; 03-10-2011 at 01:58 PM.
 
Old 03-10-2011, 01:15 PM   #2
business_kid
LQ Guru
 
Registered: Jan 2006
Location: Ireland
Distribution: Slackware & Android
Posts: 8,135

Rep: Reputation: 815Reputation: 815Reputation: 815Reputation: 815Reputation: 815Reputation: 815Reputation: 815
I think it means that exim has rejected (outgoing?) mail because it didn't come from the local domain.

Exim will take mail from port 25 (or whatever port it is) and post it on for you. Mail appeared on port 25 and exim refused it, because it wasn't incoming, and wasn't outgoing. Someone tried to relay through your box.
 
Old 03-10-2011, 01:56 PM   #3
cnmoore
Member
 
Registered: Sep 2010
Location: Sunnyvale, CA
Distribution: CentOS 5.5
Posts: 89

Original Poster
Rep: Reputation: 0
Actually I just found this in the EXIM main log for that time (2011-03-09 04:50:18)
Code:
2011-03-09 04:50:18 1PxGyA-0004LC-Hl <= swicom@spywareinfoforum.info U=apache P=local S=929 T="SWI Webform" from <swicom@spywareinfoforum.info> for cfo@spywareinfoforum.info
2011-03-09 04:50:18 1PxGyA-0004LC-Hl remote host address is the local host: spywareinfoforum.info
2011-03-09 04:50:18 1PxGyA-0004LC-Hl == cfo@spywareinfoforum.info R=lookuphost defer (-1): remote host address is the local host
2011-03-09 04:50:18 1PxGyA-0004LC-Hl ** cfo@spywareinfoforum.info: retry timeout exceeded
2011-03-09 04:50:18 1PxGyA-0004LE-JC <= <> R=1PxGyA-0004LC-Hl U=mail P=local S=1803 T="Mail delivery failed: returning message to sender" from <> for swicom@spywareinfoforum.info
2011-03-09 04:50:18 1PxGyA-0004LC-Hl Completed
2011-03-09 04:50:18 1PxGyA-0004LE-JC remote host address is the local host: spywareinfoforum.info
2011-03-09 04:50:18 1PxGyA-0004LE-JC == swicom@spywareinfoforum.info R=lookuphost defer (-1): remote host address is the local host
2011-03-09 04:50:18 1PxGyA-0004LE-JC ** swicom@spywareinfoforum.info: retry timeout exceeded
2011-03-09 04:50:18 1PxGyA-0004LE-JC swicom@spywareinfoforum.info: error ignored
2011-03-09 04:50:18 1PxGyA-0004LE-JC Completed
So that tells us what the event was. There is just that one sequence but I guess the retries acccount for the large number of 'Invalid local domain' items in the logwatch report (there were around 20 of them, all for the same timestamp).

Someone browsing old domain spywareinfoforum.info was trying to send mail to a mail box in that domain. New mystery! There shouldn't be any 'send email' buttons there - must investigate.

Thanks very much for taking an interest!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Windows 7 local admin rights using a samba 3 domain controller Jacem84 Linux - Server 1 07-24-2010 12:14 AM
DNSMasq - dnslookup build.domain.local works but ping build.domain.local doesnt mustaghattack Linux - Server 2 03-01-2010 09:00 PM
Local admin blocking all ports to my SSH server? Jeroen1000 Linux - Networking 11 09-07-2009 01:05 AM
How do I give windows domain users local admin rights - WINBIND basilwt Linux - Networking 1 03-16-2007 11:53 PM
passwd: can't get local yp domain: Local domain name not set powah Linux - Security 4 06-08-2006 09:59 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 09:32 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration