Re: Reason for rejected message ?

Tue, 27 Feb 2007 15:19:44 -0800 

Vernon Schryver wrote:
From: Daniel Gehriger 


I just upgraded to the latest DCC and found this entry in the log. I 
can't figure out why the message has been rejected, even though 
zen.spamhaus.org doesn't list any of the IPs contained in the e-mail.


I was wrong about Spamhaus' PBL.  Because zen.spamhaus.org includes
pbl.spamhaus.org, and pbl.spamhaus.org includes IP addresses that are
known to not send spam but are MX or DNS servers (e.g. Comcast's NS
RRs), it is probably not a good idea to use -Bzen.spamhaus.org,
at least not without -Bset:no-MX and -Bset:no-NS.


Ok, I'll have a look at this.



The complaints about DNS timeouts are not good.  Is something wrong
with your DNS system?  Dccifd should have at least received NXDOMAIN
for 86.59.190.206.zen.spamhaus.org from your local caching DNS server.
(I trust you have sufficient reasons for marking a Yahoo IP address
in /var/dcc/whiteclnt as one of your MX servers.)



[ Yep, Yahoo should be in there. ] There shouldn't be any issues with 
the DNS system. Most of the time, dccifd doesn't complain about timeouts 
but then I get waves of those messages until a new DCC DNS helper is 
started.




However, none of that is not relevant to this case, because dccifd says
that it got no answers from your DNS resolver.  Besides, "DCC-->spam"
claims that the message was rejected because its checksum counts were
above the local definition of "bulk".  If a DNSBL result were involved,
there would have been a "DNSBL-->spam" string.  The strangeness is that
all of the checksums for the message except IP address of the SMTP
client, 206.190.59.86, were unique to this message.  The only way that
makes sense is if DCCIFD_REJECT_AT=0 in /var/dcc/dcc_conf to cause
dccifd to have a -t bulkd threshold of 0.  With what -t value is dccifd
running?



Here is the output of ps:


/var/dcc/libexec/dccifd -Ivscan -tREP,10 -tCMN,50,50 -Bset:debug=5 
-Brelays.ordb.org,any -Bzen.spamhaus.org,any -llog -wwhiteclnt 
-Uuserdirs -GIPmask/24 -p 127.0.0.1,10023 127.0.0.1/32 -o 
127.0.0.1,10026 -SHELO -Smail_host -SSender -SList-ID


Regards,

Daniel
_______________________________________________
DCC mailing list      [email protected]
http://www.rhyolite.com/mailman/listinfo/dcc






















					Reply via email to