Mailing List Message #9561
From: Michael A. Pasek <>
Subject: Re: "your name is not...."
Date: Sat, 10 Nov 2001 08:25:56 -0600
To: <>
In SIMS Digest #1540, Bill Cole <> wrote:
[stuff deleted]
BUT IT IS!  The IP address in the packet ( resolves correctly
to that name.

But whoever owns that domain says that its address is

(I am guessing that might be you...)

Yes, it is.  Because I'm running a split DNS, for _you_ "lalonde" resolves
to  From where I -- and SIMS -- sit (internally), "lalonde"
resolves to

SIMS doesn't do reverse lookups, because reverse lookup are generally
meaningless. SIMS already knows that you are using that IP address, so there's
a reasonably good chance that you can make the reverse lookup say whatever you
want it to say. The HELO argument check is a forward lookup to verify whether
you MIGHT be lying about your name: if it checks out then it is certain that
whoever controls the name agrees with the user of the IP address on that

Ah, of course!  It is my current architecture that causes this......

Because I foresee a day when I will have more machines on "internal"
network, I wanted to set up the IP addressing such that when I _do_ stick
a router in place between my firewall and other "internal" network segments,
I won't have to go around and re-do the TCP/IP settings on all my Macs.
To accomplish this, the firewall itself (which is also my DNS server) is  I plan on having the interface of the (future) router on
the side that "faces" the firewall be, and the interface on
the side that "faces" the "internal" network be  So, in
TCP/IP settings, the DNS server is, and the gateway is

Since I don't have that router yet, is an alias IP address on
the "internal" interface of the firewall.  And that explains the why I'm
getting the message;  the internal DNS resolves ""
to (its _native_ address), while the SIMS box sees
(the firewall TCP/IP software, if there are multiple IP addresses for an
interface, will use the one most appropriate as the source -- since I'm
sending to SIMS at, it will use the address as the
source, rather that its native

[intervening stuff deleted]

Given your protected situation, SIMS 1.7 is not broken (since the only changes
I can recall are meaningless to a protected machine) but the upgrade takes
about 20 seconds longer than the download time. And it won't change this

Actually, I've already downloaded it, just haven't upgraded it yet.

Thanks for your on-the-mark response, Bill!

Michael A. Pasek
Pasek Consulting, Inc.
9741 Foley Boulevard NW
Coon Rapids, MN  55433-5616
(612) 597-5977

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster