asking ARP for an internal IP 169.254.140.241
in [Postfix]
|
Prev: email account bombarded with SPAM error bounces - what to do?
Next: Error between two postfix "Command not recognized", RCPT is cut intwo words
From: =?ISO-8859-1?Q?St=E9phane_MERLE?= on 9 Jul 2010 07:47 Hi, My ISP (ovh) is complaining about my postfix servers doing wrong ARP demand, do you have any idea of what can cause this in my postfix configuration ? 188.165.55.92 : is one of the server ip (ip failover) Thu Jul 8 02:03:32 2010 : arp who-has 169.254.140.241 tell 188.165.55.92 Thu Jul 8 03:27:22 2010 : arp who-has 169.254.140.241 tell 188.165.55.92 Thu Jul 8 09:34:55 2010 : arp who-has 169.254.140.241 tell 188.165.55.92 Thu Jul 8 10:07:53 2010 : arp who-has 169.254.140.241 tell 188.165.55.92 Thu Jul 8 10:57:22 2010 : arp who-has 169.254.140.241 tell 188.165.55.92 Thu Jul 8 12:20:14 2010 : arp who-has 169.254.140.241 tell 188.165.55.92 Thu Jul 8 13:44:34 2010 : arp who-has 169.254.140.241 tell 188.165.55.92 Thu Jul 8 13:44:34 2010 : arp who-has 169.254.140.241 tell 188.165.55.92 Thu Jul 8 15:07:53 2010 : arp who-has 169.254.140.241 tell 188.165.55.92 Thu Jul 8 16:30:14 2010 : arp who-has 169.254.140.241 tell 188.165.55.92 extract from tcpdump : 19:43:20.837829 IP cdns.ovh.net.domain > ovh63.bpreducer.com.60276: 49866 3/3/1 A 169.254.140.241,[|domain] 19:43:20.838443 arp who-has 169.254.140.241 tell ovh63.bpreducer.com 19:43:20.840082 arp reply 169.254.140.241 is-at 00:24:c3:84:04:00 (oui Unknown) 19:43:20.840087 IP ovh63.bpreducer.com.59549 > 169.254.140.241.smtp: S 1213354010:1213354010(0) win 5840 <mss 1460,sackOK,timestamp 759487196 0,nop,wscale 6> 19:43:29.834748 IP ovh63.bpreducer.com.59549 > 169.254.140.241.smtp: S 1213354010:1213354010(0) win 5840 <mss 1460,sackOK,timestamp 759489446 0,nop,wscale 6> 19:43:41.834247 IP ovh63.bpreducer.com.59549 > 169.254.140.241.smtp: S 1213354010:1213354010(0) win 5840 <mss 1460,sackOK,timestamp 759492446 0,nop,wscale 6> 21:06:28.352789 IP cdns.ovh.net.domain > ovh63.bpreducer.com.36382: 7517 3/3/1 A 169.254.140.241,[|domain] 21:06:58.386416 arp who-has 169.254.140.241 tell ovh63.bpreducer.com 21:06:58.387888 arp reply 169.254.140.241 is-at 00:24:c3:84:04:00 (oui Unknown) 21:06:58.387899 IP ovh63.bpreducer.com.36937 > 169.254.140.241.smtp: S 2588304519:2588304519(0) win 5840 <mss 1460,sackOK,timestamp 760741583 0,nop,wscale 6> 21:07:01.382251 IP ovh63.bpreducer.com.36937 > 169.254.140.241.smtp: S 2588304519:2588304519(0) win 5840 <mss 1460,sackOK,timestamp 760742333 0,nop,wscale 6> 21:07:07.382750 IP ovh63.bpreducer.com.36937 > 169.254.140.241.smtp: S 2588304519:2588304519(0) win 5840 <mss 1460,sackOK,timestamp 760743833 0,nop,wscale 6> 21:07:19.382236 IP ovh63.bpreducer.com.36937 > 169.254.140.241.smtp: S 2588304519:2588304519(0) win 5840 <mss 1460,sackOK,timestamp 760746833 0,nop,wscale 6> if you need the postfix conf files, I will send it in. Thanks for any help .... Stéphane
From: Ralf Hildebrandt on 9 Jul 2010 07:53 * "Stéphane MERLE" <stephane.merle(a)distrigame.com>: > Hi, > > My ISP (ovh) is complaining about my postfix servers doing wrong ARP > demand, do you have any idea of what can cause this in my postfix > configuration ? I'd think that's more because of the OS or failover. Postfix is several layers above that. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt(a)charite.de | http://www.charite.de
From: Wietse Venema on 9 Jul 2010 08:53 St�phane MERLE: > My ISP (ovh) is complaining about my postfix servers doing wrong ARP > demand, do you have any idea of what can cause this in my postfix > configuration ? Postfix does not send ARP requests. Instead, look at your kernel's network configuration. Wietse
From: Victor Duchovni on 9 Jul 2010 09:21 On Fri, Jul 09, 2010 at 01:47:40PM +0200, St?phane MERLE wrote: > Hi, > > My ISP (ovh) is complaining about my postfix servers doing wrong ARP > demand, do you have any idea of what can cause this in my postfix > configuration ? > > 188.165.55.92 : is one of the server ip (ip failover) > > Thu Jul 8 02:03:32 2010 : arp who-has 169.254.140.241 tell 188.165.55.92 This IP address is a link-local IP address: http://tools.ietf.org/html/rfc3927 these support zero-configuration local networking, ... > 19:43:20.840082 arp reply 169.254.140.241 is-at 00:24:c3:84:04:00 Your ISP or router is proxy-arping for this IP, it should not. Link-local addresses should be exempt (if possible). > 19:43:20.840087 IP ovh63.bpreducer.com.59549 > 169.254.140.241.smtp: S > 1213354010:1213354010(0) win 5840 <mss 1460,sackOK,timestamp 759487196 > 0,nop,wscale 6> Why are are sending email to this IP address? Any Postfix logs that indicate attempts to connect to this relay? > if you need the postfix conf files, I will send it in. Mostly just logs that show the life-cycle of a message (all log entries for its queue-id) in which deliveries to this IP address were attempted and failed. -- Viktor.
From: =?ISO-8859-1?Q?St=E9phane_MERLE?= on 9 Jul 2010 09:48
Hi, Le 09/07/2010 15:21, Victor Duchovni a écrit : > On Fri, Jul 09, 2010 at 01:47:40PM +0200, St?phane MERLE wrote: > > >> Hi, >> >> My ISP (ovh) is complaining about my postfix servers doing wrong ARP >> demand, do you have any idea of what can cause this in my postfix >> configuration ? >> >> 188.165.55.92 : is one of the server ip (ip failover) >> >> Thu Jul 8 02:03:32 2010 : arp who-has 169.254.140.241 tell 188.165.55.92 >> > This IP address is a link-local IP address: > > http://tools.ietf.org/html/rfc3927 > > these support zero-configuration local networking, ... > > >> 19:43:20.840082 arp reply 169.254.140.241 is-at 00:24:c3:84:04:00 >> > Your ISP or router is proxy-arping for this IP, it should not. Link-local > addresses should be exempt (if possible). > > >> 19:43:20.840087 IP ovh63.bpreducer.com.59549> 169.254.140.241.smtp: S >> 1213354010:1213354010(0) win 5840<mss 1460,sackOK,timestamp 759487196 >> 0,nop,wscale 6> >> > Why are are sending email to this IP address? Any Postfix logs that > indicate attempts to connect to this relay? > > >> if you need the postfix conf files, I will send it in. >> > Mostly just logs that show the life-cycle of a message (all log entries > for its queue-id) in which deliveries to this IP address were attempted > and failed. > > Thank you, because of your post, I checked in the postfix logs and found : ahafid(a)elv.enic.fr Jul 9 01:18:33 ovh63 postfix/smtp[30687]: connect to elv.enic.fr[169.254.140.241]:25: Connection timed out Jul 9 01:18:33 ovh63 postfix/smtp[30687]: 138C92011CE6: to=<ahafid(a)elv.enic.fr>, relay=none, delay=45185, delays=45095/0/90/0, dsn=4.4.1, status=deferred (connect to elv.enic.fr[169.254.140.241]:25: Connection timed out) I first clean that domain from the database and then check my bot cleanner which missed this. Thank you !! Stéphane |