This may be nothing but I was looking over my /var/log/messages file and noticed the below
entry appearing hundreds of times just in the past 6 hours. I know the 'lame server' message is somewhat normal, but is it normal for that same entry (and IP address) to appear so much? Or could it be some type of attack. The IP addresses
appear to be directly from Microsoft, which seems a little strange.

Apr 5 00:04:27 mercury named[405]: Lame server on 'htomail.com' (in 'htomail.com'?):
[207.46.138.11].53 'DNS4.CP.MSFT.NET'

Apr 5 00:04:27 mercury named[405]: Lame server on 'htomail.com' (in 'htomail.com'?):
[207.46.138.12].53 'DNS5.CP.MSFT.NET'

Apr 5 00:04:27 mercury named[405]: Lame server on 'hotamil.com' (in 'hotamil.com'?):
[207.46.138.12].53 'DNS5.CP.MSFT.NET'

Apr 5 00:04:27 mercury named[405]: Lame server on 'hotamil.com' (in 'hotamil.com'?):
[207.46.138.11].53 'DNS5.CP.MSFT.NET'

As you probably know, lame delegation is when the name server that a domain has been delegated to is not authoritative (does not have a SOA record) for the domain.

In this case, it appears that microsoft has registered htomail.com to keep one step ahead of hotmail.com pretenders. They have directed NSI to delegate htomail.com to their name servers dns4.cp.msft.net and dns5.cp.msft.net, but these name servers don't even have any records for htomail.com (they probably aren't simply forwarding it automatically to hotmail.com because they don't want people to accidentally bookmark htomail.com or something).

As you say, the presence of the entries is in itself nothing to worry about.

Perhaps the reason why the entries are there is because someone using your mailserver has typo'ed an e-mail address and spelled it as htomail.com? If so, you can look forward to seeing that message at various intervals over the next five days (or however long you configured sendmail to keep trying for) after which it will bounce. Alternatively, type mailq to see the list of queued messages and delete the culprit.