Hello SuSE-Security, I'm receiving several SuSE mail lists, but it's interesting, that an access denied event for the destination 10.87.0.5 UDP:53 ist reported by our external Cisco (I'm blocking all IANA reserved and private IP networks), near the time an email from the SuSE-Security arrives. I'm having warnings from Postfix (MTA) that host1.Dyna.Oak.SuSE.com can't be verified. It seems, that SuSE.com is using an private IP address for DNS communication to the internet. Here is a small nslookup result:
nslookup -type=NS Oak.SuSE.com Server: localhost Address: 127.0.0.1
Non-authoritative answer: Oak.SuSE.com nameserver = ns.Oak.SuSE.com
Authoritative answers can be found from: ns.Oak.SuSE.com internet address = 10.87.0.5
I think that's not really conform to the internet standards, isn't it? >;->
Best regards,
Andreas Kisslinger
----------- Some extracts from the logs ------------
/var/log/cisco.log:
Feb 12 15:39:43 MY-EXTERNAL-ROUTER 35147: Feb 12 14:39:42.002:
%SEC-6-IPACCESSLOGP: list 110 denied udp MY-DNS-IP(1458) -> 10.87.0.5(53), 1
packet
/var/log/warn:
Feb 12 15:40:10 gw1 postfix/smtpd[13314]: warning: 202.58.118.3: hostname host1.
Dyna.Oak.SuSE.com verification failed: Host not found, try again
And the content of the mail arriving at this moment:
Received: from lists.suse.com (unknown [202.58.118.3]) by MY-MAIL-HOST
(Mailer) with SMTP id CBBEE1F89 for