On 01/31/2014 03:32 PM, Denny Jones wrote:
> I'm using SpamDyke 4.3.1
>
> I have whitelisted gfoxconsulting.com in whitelist_rdns (I simply added
> "gfoxconsulting.com" to that file)
>
> I have the whitelist_rdns file indicated correctly in the spamdyke.conf
> file:
>
> rdns-whitelist-file=/etc/spamdyke/whitelist_rdns
>
> ...but I still, this domain (gfoxconsulting.com) being rejected:
>
> Jan 31 09:58:04 michael spamdyke[13182]: DENIED_RDNS_MISSING from:
> l...@gfoxconsulting.com to:
> al...@texasalliance.org origin_ip:
> 208.123.81.4 origin_rdns: (unknown) auth: (unknown) encryption: TLS
> reason: (empty)
>
> However on the very next log line I get:
> Jan 31 10:08:35 michael spamdyke[15441]: ALLOWED from:
> l...@gfoxconsulting.com to:
> al...@texasalliance.org origin_ip:
> 208.123.81.4 origin_rdns: exch01.redglue.com auth: (unknown) encryption:
> TLS reason: 250_ok_1391184515_qp_15469
>
> What is going on here?
>
> Thanks,
> Denny
>
>
>
>
> _______________________________________________

I think you're perhaps missing how rdns whitelisting works. rDNS is a 
name which is associated with an ip address. In the first instance, the 
rDNS record is missing, so there's no name to match to (origin_rdns = 
(unknown)). There's no way to use rdns whitelisting to let this one 
through. You'd need to whitelist something else, like either the IP 
address (good choice) or the sender domain (not recommended).

It's possible (even likely) that someone at redglue.com discovered that 
there was no rdns for this IP, and it was fixed sometime before 10:08 
(the missing message could have resulted from a cached lookup).

It's also possible that there's an obscure bug in spamdyke. This is 
unlikely, but it's been known to happen occasionally with odd DNS 
configurations. I'd call this an odd rDNS configuration:
$ host 208.123.81.4
4.81.123.208.in-addr.arpa is an alias for 4.255-0.81.123.208.in-addr.arpa.
4.255-0.81.123.208.in-addr.arpa domain name pointer exch01.redglue.com.
$
There's a cname record pointing to the ptr record. Usually the rdns name 
is a ptr record, not a cname (ttbomk).

I'd wait to see if the problem recurs. If it doesn't, then the problem 
was likely with the sender's rDNS which is now fixed. If it reoccurs, 
then it's probably a bug.

Sam will know the bottom line here.

-- 
-Eric 'shubes'

_______________________________________________
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Reply via email to