I am trying to figure out why the following is logged the way it is...it appears someone is tries to connect to relay and fails, but it logs as local..instead of THEIR IP...

Sep 25 04:04:35 server1 sendmail[18213]: j8P83x3N018213: ruleset=check_mail, arg1=<Lord@multimania.fr>, relay=localhost.localdomain [127.0.0.1], reject=451 4.1.8 Domain of sender address Lord@multimania.fr does not resolve
Sep 25 04:04:35 server1 sendmail[18213]: j8P83x3N018213: from=<Lord@multimania.fr>, size=2767, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]

How come Im not getting their IP...Also this is under

Unresolved sender domains:
Lord@multimania.fr: 1856 Time(s)

The first possibility is that someone tried to send that email from your machine and as sendmail can't resolve it, it can't be send. However if that is the case it isn't well configured as it shouldn't keep trying to send it in so small intervales of time and should discard it eventually.

Other possibility is that someone send you a spoofed smtp replay so that sendmail would get confused and kind of DoS you. You should check your load. It should be a bit high as sendmail must be working pretty hard.

This is a standard sendmail log message:
Nov 4 04:05:48 *** sendmail[4697]: EAA04697:
from=<user@host.com>, size=0, class=0, pri=0, nrcpts=0,
proto=ESMTP, relay=root@attacker.hostname[IPADDRESS]

So your connection either came from your localhost or you are getting spoofed packets.

Weird...I had localhost.localdomain in "Local Domains"...I took it out..and it stopped...I still have localhost...????