Re: [spamdyke-users] RDNS WhiteList Not Working
On 01/31/2014 03:32 PM, Denny Jones wrote: I'm using SpamDyke 4.3.1 I have whitelisted gfoxconsulting.com in whitelist_rdns (I simply added gfoxconsulting.com to that file) I have the whitelist_rdns file indicated correctly in the spamdyke.conf file: rdns-whitelist-file=/etc/spamdyke/whitelist_rdns ...but I still, this domain (gfoxconsulting.com) being rejected: Jan 31 09:58:04 michael spamdyke[13182]: DENIED_RDNS_MISSING from: l...@gfoxconsulting.com to: al...@texasalliance.org origin_ip: 208.123.81.4 origin_rdns: (unknown) auth: (unknown) encryption: TLS reason: (empty) However on the very next log line I get: Jan 31 10:08:35 michael spamdyke[15441]: ALLOWED from: l...@gfoxconsulting.com to: al...@texasalliance.org origin_ip: 208.123.81.4 origin_rdns: exch01.redglue.com auth: (unknown) encryption: TLS reason: 250_ok_1391184515_qp_15469 What is going on here? Thanks, Denny ___ I think you're perhaps missing how rdns whitelisting works. rDNS is a name which is associated with an ip address. In the first instance, the rDNS record is missing, so there's no name to match to (origin_rdns = (unknown)). There's no way to use rdns whitelisting to let this one through. You'd need to whitelist something else, like either the IP address (good choice) or the sender domain (not recommended). It's possible (even likely) that someone at redglue.com discovered that there was no rdns for this IP, and it was fixed sometime before 10:08 (the missing message could have resulted from a cached lookup). It's also possible that there's an obscure bug in spamdyke. This is unlikely, but it's been known to happen occasionally with odd DNS configurations. I'd call this an odd rDNS configuration: $ host 208.123.81.4 4.81.123.208.in-addr.arpa is an alias for 4.255-0.81.123.208.in-addr.arpa. 4.255-0.81.123.208.in-addr.arpa domain name pointer exch01.redglue.com. $ There's a cname record pointing to the ptr record. Usually the rdns name is a ptr record, not a cname (ttbomk). I'd wait to see if the problem recurs. If it doesn't, then the problem was likely with the sender's rDNS which is now fixed. If it reoccurs, then it's probably a bug. Sam will know the bottom line here. -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] RDNS WhiteList Not Working
Not to point directly to a bug but I have been working on this issue for quite some time so I'm pretty sure it'll keep on occurring. Also, I only pasted 2 lines from the log file. In reality there are many of DENIED_RDNS_MISSING entries with a few ALLOWED entries throughout. In other words, spamdyke will reject a bunch attempts and then allow one to come through and then go back to denying them only to allow another one later. There's no real pattern to speak of. To be clear, all the entries point to the same IP. I guess I could just add the IP to the whitelist_rdns file to fix this? My concern is that redglue might have many sending IP's and I'll have add everyone of them to the file. I'm not sure how to go about finding that information out. Thanks for the reply! -Original Message- From: Eric Shubert e...@shubes.net To: spamdyke-users spamdyke-users@spamdyke.org Sent: Fri, Jan 31, 2014 4:59 pm Subject: Re: [spamdyke-users] RDNS WhiteList Not Working On 01/31/2014 03:32 PM, Denny Jones wrote: I'm using SpamDyke 4.3.1 I have whitelisted gfoxconsulting.com in whitelist_rdns (I simply added gfoxconsulting.com to that file) I have the whitelist_rdns file indicated correctly in the spamdyke.conf file: rdns-whitelist-file=/etc/spamdyke/whitelist_rdns ...but I still, this domain (gfoxconsulting.com) being rejected: Jan 31 09:58:04 michael spamdyke[13182]: DENIED_RDNS_MISSING from: l...@gfoxconsulting.com to: al...@texasalliance.org origin_ip: 208.123.81.4 origin_rdns: (unknown) auth: (unknown) encryption: TLS reason: (empty) However on the very next log line I get: Jan 31 10:08:35 michael spamdyke[15441]: ALLOWED from: l...@gfoxconsulting.com to: al...@texasalliance.org origin_ip: 208.123.81.4 origin_rdns: exch01.redglue.com auth: (unknown) encryption: TLS reason: 250_ok_1391184515_qp_15469 What is going on here? Thanks, Denny ___ I think you're perhaps missing how rdns whitelisting works. rDNS is a name which is associated with an ip address. In the first instance, the rDNS record is missing, so there's no name to match to (origin_rdns = (unknown)). There's no way to use rdns whitelisting to let this one through. You'd need to whitelist something else, like either the IP address (good choice) or the sender domain (not recommended). It's possible (even likely) that someone at redglue.com discovered that there was no rdns for this IP, and it was fixed sometime before 10:08 (the missing message could have resulted from a cached lookup). It's also possible that there's an obscure bug in spamdyke. This is unlikely, but it's been known to happen occasionally with odd DNS configurations. I'd call this an odd rDNS configuration: $ host 208.123.81.4 4.81.123.208.in-addr.arpa is an alias for 4.255-0.81.123.208.in-addr.arpa. 4.255-0.81.123.208.in-addr.arpa domain name pointer exch01.redglue.com. $ There's a cname record pointing to the ptr record. Usually the rdns name is a ptr record, not a cname (ttbomk). Sam will know the bottom line here. -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] RDNS WhiteList Not Working
Well, don't add the IP to the rDNS whitelist file; that won't do any good. You want to add it to the IP whitelist file instead. :) But overall, it looks like spamdyke is having trouble reversing that IP address and it's timing out most of the time. When it times out, you get the rejection (this is exactly why spamdyke sends a temporary rejection for rDNS failures, so the remote server will try again). I would suggest looking at your DNS setup. If you aren't running a caching nameserver on your mail server, you should definitely install one and change /etc/resolv.conf to use 127.0.0.1 as the only nameserver. If you are already running a caching nameserver, you might try using the dns-timeout-secs option to increase the DNS timeouts. The default is 30 seconds, maybe try 60 and see if this problem goes away? If all else fails, you can try recompiling spamdyke with excessive output and enabling full logging with the full-log-dir option. A full log file from one of these failed connections will show all the details of the DNS queries (packets sent, packets received), which would make it easy to figure out exactly where the failure is taking place. It easily could be a bug! -- Sam Clippinger On Jan 31, 2014, at 5:18 PM, Denny Jones lhweb...@aol.com wrote: Not to point directly to a bug but I have been working on this issue for quite some time so I'm pretty sure it'll keep on occurring. Also, I only pasted 2 lines from the log file. In reality there are many of DENIED_RDNS_MISSING entries with a few ALLOWED entries throughout. In other words, spamdyke will reject a bunch attempts and then allow one to come through and then go back to denying them only to allow another one later. There's no real pattern to speak of. To be clear, all the entries point to the same IP. I guess I could just add the IP to the whitelist_rdns file to fix this? My concern is that redglue might have many sending IP's and I'll have add everyone of them to the file. I'm not sure how to go about finding that information out. Thanks for the reply! -Original Message- From: Eric Shubert e...@shubes.net To: spamdyke-users spamdyke-users@spamdyke.org Sent: Fri, Jan 31, 2014 4:59 pm Subject: Re: [spamdyke-users] RDNS WhiteList Not Working On 01/31/2014 03:32 PM, Denny Jones wrote: I'm using SpamDyke 4.3.1 I have whitelisted gfoxconsulting.com in whitelist_rdns (I simply added gfoxconsulting.com to that file) I have the whitelist_rdns file indicated correctly in the spamdyke.conf file: rdns-whitelist-file=/etc/spamdyke/whitelist_rdns ...but I still, this domain (gfoxconsulting.com) being rejected: Jan 31 09:58:04 michael spamdyke[13182]: DENIED_RDNS_MISSING from: l...@gfoxconsulting.com to: al...@texasalliance.org origin_ip: 208.123.81.4 origin_rdns: (unknown) auth: (unknown) encryption: TLS reason: (empty) However on the very next log line I get: Jan 31 10:08:35 michael spamdyke[15441]: ALLOWED from: l...@gfoxconsulting.com to: al...@texasalliance.org origin_ip: 208.123.81.4 origin_rdns: exch01.redglue.com auth: (unknown) encryption: TLS reason: 250_ok_1391184515_qp_15469 What is going on here? Thanks, Denny ___ I think you're perhaps missing how rdns whitelisting works. rDNS is a name which is associated with an ip address. In the first instance, the rDNS record is missing, so there's no name to match to (origin_rdns = (unknown)). There's no way to use rdns whitelisting to let this one through. You'd need to whitelist something else, like either the IP address (good choice) or the sender domain (not recommended). It's possible (even likely) that someone at redglue.com discovered that there was no rdns for this IP, and it was fixed sometime before 10:08 (the missing message could have resulted from a cached lookup). It's also possible that there's an obscure bug in spamdyke. This is unlikely, but it's been known to happen occasionally with odd DNS configurations. I'd call this an odd rDNS configuration: $ host 208.123.81.4 4.81.123.208.in-addr.arpa is an alias for 4.255-0.81.123.208.in-addr.arpa. 4.255-0.81.123.208.in-addr.arpa domain name pointer exch01.redglue.com. $ There's a cname record pointing to the ptr record. Usually the rdns name is a ptr record, not a cname (ttbomk). Sam will know the bottom line here. -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
