Jeff Potter writes:
>> Our spam filtering software is chocking on the brackets (SpamAssassin’s RDNS_NONE gets triggered).> > it's not triggered because of the brackets. It's triggered because your MTA > does not reverse-resolve sender.SpamAssassin looks up the DNS when it only finds the IP address — but only if the IP address isn’t bracketed. Based on observation. Looks like SpamAssassin will skip that DNS lookup if the header contains the value.
The common format of the Received: header is Received: from [HELO] (hostname [IP]) …If the IP address does not resolve via DNS, the hostname part is omitted, resulting in:
Received: from [HELO] ([IP]) …Some mail servers could be configured, for speed, to avoid doing a reverse DNS lookup, in which case their Received: header will look the same.
For example, Sourceforge's mail servers record this:
Received: from mx.atof.net ([208.118.232.39])
by sog-mx-1.v43.ch3.sourceforge.com with esmtp (Exim 4.76)
id 1Y8Bcy-0002uQ-Ni
for courier-users@lists.sourceforge.net; Mon, 05 Jan 2015 17:39:42 +0000
The IP address resolves perfectly. This could be a transient DNS resolution
failure, which certainly happens all the time on the intertubes. Or, it's
far more likely that Sourceforge simply turned off their reverse DNS lookup.
>> Admittedly, the true fix is getting SpamAssassin to be more tolerant in its parsing.> > Maybe you should remove -nodnslookup from TCPDOPTS in your esmtpd file?Ah ha! Yes! That makes the false positive for RDNS_NONE go away (at least, when courier is compiled --without-ipv6; I haven’t checked the other way).
No, there's nothing wrong with dropping reverse DNS lookup, if you are so inclined. And there's nothing wrong with the resulting Received: headers – this is a misunderstood SpamAssassin rule. RDNS_NONE, to me, simply says that SpamAssassin reports the reverse DNS resolution did not take place. Which is, of course, technically true.
It is true that the lack of reverse DNS resolution might be a factor in determining the legitimacy of a particular piece of email, but in this day and age it's quite a negligible factor and shouldn't, by itself, amount to much at all.
pgpQeipwYmI7z.pgp
Description: PGP signature
------------------------------------------------------------------------------ Dive into the World of Parallel Programming! The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net
_______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
