Hi,
I never noticed this scenario before, so I figured I ask: One of the emails I investigated was had a "null string" RevDNS in the XINHEADER: X-Declude: Version 4.4.20; Code 0xe from [38.108.41.55] The global config defines the following: XINHEADER X-Declude: Version %VERSION%; Code 0x%HEADERCODE% from %REVDNS% [%REMOTEIP%] I can't remember ever seeing a header without a RevDNS - and without any RevDNS tests failing? Here the SMTP and Declude log snippet, as well as the CURRENT Reverse DNS lookup (which matches the HELO string). Of course, we don't know what the DNS information was at the time that Declude saw it - but if it resulted in a null string, then I wonder if we shouldn't see any DNS timeout errors, or similar indication in the Declude log? 11:01 16:18 SMTPD(b9ad01c200001fc9) [63.107.174.78] connect 38.108.41.55 port 9176 11:01 16:18 SMTPD(b9ad01c200001fc9) [38.108.41.55] EHLO mail.cashcosmetics.info 11/01/2008 16:18:56.820 qb9ad01c200001fc9.smd XXXXStart: doprewhitelist 11/01/2008 16:18:56.820 qb9ad01c200001fc9.smd XXXXEND: doprewhitelist 11/01/2008 16:19:00.242 qb9ad01c200001fc9.smd nIPNOTINMX:-2 SPFPASS:-2 . Total weight = -4. 11/01/2008 16:19:00.242 qb9ad01c200001fc9.smd NOT bypassing whitelisting of E-mail with weight >=19 (-4) and at least 1 recipients (1). 11/01/2008 16:19:00.242 qb9ad01c200001fc9.smd NOT bypassing whitelisting of E-mail with weight >=14 (-4) and at least 4 recipients (1). 11/01/2008 16:19:00.242 qb9ad01c200001fc9.smd NOT bypassing whitelisting of E-mail with weight >=12 (-4) and at least 6 recipients (1). 11/01/2008 16:19:00.367 qb9ad01c200001fc9.smd Did not find [ [EMAIL PROTECTED] ] in [EMAIL PROTECTED] address book 11/01/2008 16:19:00.367 qb9ad01c200001fc9.smd Finish Address Book WhiteList 11/01/2008 16:19:00.367 qb9ad01c200001fc9.smd Tests failed [weight=-4]: NOLEGITCONTENT=IGNORE[0] SPFPASS=IGNORE[-2] 11/01/2008 16:19:00.367 qb9ad01c200001fc9.smd L1 Message OK 11/01/2008 16:19:00.367 qb9ad01c200001fc9.smd Subject: Mineral Makeup 11/01/2008 16:19:00.367 qb9ad01c200001fc9.smd From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] IP: 38.108.41.55 ID: h1isqe01g74o 11/01/2008 16:19:00.367 qb9ad01c200001fc9.smd Action(s) taken for [EMAIL PROTECTED] = IGNORE [LAST ACTION=IGNORE] 11/01/2008 16:19:00.367 qb9ad01c200001fc9.smd Cumulative action(s) on this email = IGNORE [LAST ACTION=IGNORE] > set type=ptr > 38.108.41.55 Non-authoritative answer: 55.41.108.38.in-addr.arpa canonical name = 55.0-63.41.108.38.in-addr.arpa 55.0-63.41.108.38.in-addr.arpa name = mail.cashcosmetics.info > Best Regards, Andy --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
