On Jan 07 17:06:52, skin...@britvault.co.uk wrote: > > If DNS_SOCK_MAX is defined in the config, > > greyscanner checks that the domain part of every sender > > has an A and an MX record, and blacklists everything else. > > That itself is surely a good thing, but: > > > > (2) I am getting a lot of false negatives, such as > > > > Jan 6 01:15:53 www greyscanner[10017]: Trapped 115.67.162.38: Mailed from > > sender google.com with no MX or A > > > > Needless to say, there is an MX and an A for google.com. > > > > The fact that 115.67.162.38 itself does not have an A > > and is not actually google's outgoing SMTP server does > > not come into it: this is not checked in greyscanner. > > Here's a sample of greyscanner trapped no MX lines from my logs > (most of it looks spamish, others not so.....): > > for line in $(fgrep greyscanner /var/log/maillog | awk '/ MX / { print $7$11 > }'); do print -n "$line\nPTR: "; dig -x $(print $line | cut -d: -f1) +short; > print; done > > 173.85.227.74:jaytronautomation.com > PTR: > 37.6.249.99:hol.gr > PTR: adsl-99.37.6.249.tellas.gr. > > 50.193.227.41:gmail.com > PTR: 50-193-227-41-static.hfc.comcastbusiness.net. > > 209.85.220.50:gmail.com > PTR: mail-pa0-f50.google.com.
This is what I'm talking about: there is an MX and A for 'gmail.com', plus this host resolves there and back, (and apparently is an outgoing smtp of google.com). Yet greyscanner blacklists it, with 'no MX or A for gmail.com'. > 110.175.80.66:gmail.com > PTR: 110-175-80-66.static.tpgi.com.au. This is a spammer alright, but still, there _is_ an MX and A for 'gmail.com', which is all that greyscanner checks for. Somehow those DNS lookups must be failing, but so far I haven't found time to look into Net::DNS Jan