Hi Thomas. We have been getting a number of emails marked as spam when they are not.
Looking at the logs I see lots of PTR missing errors. Eg: Jan-12-22 16:01:57 id-63717-09731 [Worker_1] 2001:8000:104:8f::3 <dwyf42geols9rfylid0yxn6y39xosrl...@email.camerahouse.com.au> to: myu...@bordo.com.au DKIM-Signature found Jan-12-22 16:01:57 id-63717-09731 [Worker_1] 2001:8000:104:8f::3 <dwyf42geols9rfylid0yxn6y39xosrl...@email.camerahouse.com.au> to: myu...@bordo.com.au info: detected IP's on the mail routing way: 216.27.63.96, 2001:8000:104:8f:0:0:0:3 Jan-12-22 16:01:57 id-63717-09731 [Worker_1] 2001:8000:104:8f::3 <dwyf42geols9rfylid0yxn6y39xosrl...@email.camerahouse.com.au> to: myu...@bordo.com.au info: detected source IP: 216.27.63.96 Jan-12-22 16:01:57 id-63717-09731 [Worker_1] 2001:8000:104:8f::3 <dwyf42geols9rfylid0yxn6y39xosrl...@email.camerahouse.com.au> to: myu...@bordo.com.au [scoring] DKIM signature verified-OK - header-passed - identity is: cameraho...@email.camerahouse.com.au - sender policy is: neutral - author policy is: neutral Jan-12-22 16:01:57 id-63717-09731 [Worker_1] 2001:8000:104:8f::3 <dwyf42geols9rfylid0yxn6y39xosrl...@email.camerahouse.com.au> to: myu...@bordo.com.au Message-Score: added -15 (dkimOkValencePB) for DKIM pass, total score for this message is now -15 Jan-12-22 16:01:59 id-63717-09731 [Worker_1] 2001:8000:104:8f::3 <dwyf42geols9rfylid0yxn6y39xosrl...@email.camerahouse.com.au> to: myu...@bordo.com.au [scoring] SPF: fail ip=2001:8000:104:8f::3 mailfrom=dwyf42geols9rfylid0yxn6y39xosrl...@email.camerahouse.com.au helo=astaro1.bordo.com.au Jan-12-22 16:01:59 id-63717-09731 [Worker_1] 2001:8000:104:8f::3 <dwyf42geols9rfylid0yxn6y39xosrl...@email.camerahouse.com.au> to: myu...@bordo.com.au Message-Score: added 25 (spfValencePB) for SPF fail, total score for this message is now 10 Jan-12-22 16:01:59 id-63717-09731 [Worker_1] 2001:8000:104:8f::3 <dwyf42geols9rfylid0yxn6y39xosrl...@email.camerahouse.com.au> to: myu...@bordo.com.au Message-Score: added 10 for DNSBL: neutral, 216.27.63.96 listed in dnsbl.ahbl.org, total score for this message is now 20 Jan-12-22 16:02:00 id-63717-09731 [Worker_1] [PTRmissing] 2001:8000:104:8f::3 <dwyf42geols9rfylid0yxn6y39xosrl...@email.camerahouse.com.au> to: myu...@bordo.com.au [scoring] (PTR missing) - Cache Jan-12-22 16:02:00 id-63717-09731 [Worker_1] 2001:8000:104:8f::3 <dwyf42geols9rfylid0yxn6y39xosrl...@email.camerahouse.com.au> to: myu...@bordo.com.au Message-Score: added 20 (ptmValencePB) for PTR missing, total score for this message is now 40 Which address is it referring to? 216.27.63.96 or 2001:8000:104:8f::3 ? dig -x 216.27.63.21 ;; ANSWER SECTION: 21.63.27.216.in-addr.arpa. 21600 IN PTR bm23.com. Or is it 2001:8000:104:8f::3 which is the internal interface on our Sophos UTM? (Which also does basic SMTP proxy). If so will I need to create a reverse DNS zone with this record: 3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.f.8.0.0.4.0.1.0.0.0.0.8.1.0.0.2.ip6.arpa. IN PTR mail.bordo.com.au. Have set DoReversed to Monitor for the moment. Shouldn’t it be doing the reverse DNS check on the detected source IP? Thanks, James.
_______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
