Thanks to Martin Mokrejs for this one.
Response:
This is most probably mail being sent by someone, who made a typo mistake
while setting up it's mailer (like Netscape mail or Eudora POP3 clients).
hugob_at_worenet.gen.oh.us versus worcnet.gen.oh.us.
Anyway, it's not your problem. Quite often, you will find these messages,
because someone while connectiong from worcnet.gen.oh.us claims that he's
for example someone_at_somewhere.else.edu
You can safely ignore these messages. I've hundreds of them per day.
Martin
Original question:
> We recently got a large number of repeated mail.log entries identical to
> the following (except for message numbers and times). If you look below
> you will see from the "whois" that the ISP 206.21.110 is resolvable though
> the name of the sender domain worenet.gen.oh.us does not appear to be.
>
> My questions are:
> 1.) It would be useful for us to distinguish these messages as purposeful
> or unintentional incorrect domains. Is the fact that there are a
> large number of log entries meaningful?
> 2.) Because of our configuration "Sender domain unresolvable" results. Is
> there a way (without reconfiguring and restarting mail) to discern whether
> they are unintentionalal- e.g. should the original message appear
> somewhere in our logs, such as root mail? Should a record of these
> messages also appear in daemon.log?
> <mail log record is below>
> # cat mail.log |grep 22819
> Mar 27 12:52:38 castle sendmail[22819]: MAA0000022819:ruleset=check_mail,
> arg1= <hugob_at_worenet.gen.oh.us>,relay=nala.worcnet.gen.oh.us [206.21.110.2],
> reject=451<hugob_at_worenet.gen.oh.us>... Sender domain unresolvable
> Mar 27 12:52:38 castle sendmail[22819]: MAA0000022819:
> from=<hugob_at_worenet.gen.oh.us>, size=0, class=0, pri=0, nrcpts=0, proto=ESMTP,
> relay=nala.worcnet.gen.oh.us [206.21.110.2]
>
> # whois -h whois.arin.net 206.21.110 Netname: OARNET-CBLK5
> Netblock: 206.21.0.0 - 206.21.255.0
Received on Mon Mar 30 1998 - 16:53:35 NZST