Nigel Metheringham edited this page Nov 29, 2012 · 2 revisions

Q0045

Question

I see entries in the log that mention two different IP addresses for the same connection. Why is this? For example:

H=tip-mp8-ncs-13.stanford.edu ([36.173.0.189]) [36.173.0.156]

Answer

The actual IP address from which the call came is the final one. Whenever there's something in parentheses in a host name, it is what the host quoted as the domain part of an SMTP HELO or EHLO command. So in this case, the client, despite being 36.173.0.156, issued the command

EHLO [36.173.0.189]

when it sent your server the message. This is, of course, very misleading.


Clone this wiki locally
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.