Re: rDNS problem
On Sat, 2008-11-22 at 01:04 +0100, Benny Pedersen wrote: > On Sat, November 22, 2008 00:31, Daniel J McDonald wrote: > > > 74/8 was removed from the Bogon list in 2005, but maybe the recipient > > hasn't updated their bogon acl in bind... > > rdns have nothing to do with rbl But many people hard-code bogons into bind, and if they are clueless admins they don't update it... The bogon list is published at http://www.cymru.com/Documents/bogon-list.html The question is - what piece of gear inserted the header (from the small snippet we have seen, we don't know). Since this is someone from intersessions.com posting, my guess would be that he got a False positive spam report from someone, and they handed the headers they generated, and he's trying to figure out why it's unknown. If the other guys have their dns messed up because they haven't cleaned out bogons in 4 years, then it would show up as unknown. There have been some fairly major distros that were distributing stale bogon lists in the bind package. Mandriva, as an example, had a 6-year-old bogon list in their bind package until I opened a bug a year ago (and they tried to close it as a WON'TFIX, but cooler heads prevailed after a bit of thought...) > -- Daniel J McDonald, CCIE #2495, CISSP #78281, CNX Austin Energy http://www.austinenergy.com signature.asc Description: This is a digitally signed message part
Re: rDNS problem
Jeff Koch wrote: > > Hi All > > Hopefully another pair of eyes can help find the reason for this rDNS > error. Here's SA header message: > > * 1.0 RDNS_NONE Delivered to trusted network by a host with > no rDNS > Received: from unknown (HELO cronus.intersessions.com) (74.220.16.65) > > As far as I can tell 'cronus.intersessions.com' has reverse setup and > it matches 74.220.16.65. > > What am I missing? > AFAIK SA doesn't go out and do it's own RDNS lookup for this. It trusts your MTA's header (since it is a trusted host). The MTA's header says the reverse DNS is "unknown". So, SA assumes it failed lookup. Might want to fix that first.
Re: rDNS problem (SOLVED)
On Sat, November 22, 2008 02:23, mouss wrote: > Jeff Koch a écrit : >> As far as I can tell 'cronus.intersessions.com' has reverse setup and it >> matches 74.220.16.65. > there's no thing like "cronus.intersessions.com has reverse setup". > really. reverse is for an IP. >> What am I missing? > > a real MTA? sendmail ? PS: Jeff please dont CC me, you dont have a problem any longer http://moensted.dk/spam/?addr=74.220.16.65&Submit=Submit -- Benny Pedersen Need more webspace ? http://www.servage.net/?coupon=cust37098
Re: rDNS problem
Jeff Koch a écrit : > > Hi All > > Hopefully another pair of eyes can help find the reason for this rDNS > error. Here's SA header message: > > * 1.0 RDNS_NONE Delivered to trusted network by a host with no > rDNS > Received: from unknown (HELO cronus.intersessions.com) (74.220.16.65) > your _MTA_ decided to add a Received header with "unknown" as the reverse DNS. If uou don't like it, you can: - use another MTA - complain to the MTA vendor/developper/whomever don't tell me you're still running qmail ;-p > As far as I can tell 'cronus.intersessions.com' has reverse setup and it > matches 74.220.16.65. there's no thing like "cronus.intersessions.com has reverse setup". really. reverse is for an IP. > > What am I missing? a real MTA?
Re: rDNS problem
Hi Benny: Reverse DNS seems to work via dig and nslookup but the links, although indicating a problem, were not terribly helpful in explaining the cause. Apparently, you know more than I do. Perhaps you could reveal a little more info so we can get this straightened out. I would really appreciate it. Jeff At 07:53 PM 11/21/2008, you wrote: On Sat, November 22, 2008 01:41, Jeff Koch wrote: > How do I correct this problem? When I run 'nslookup 74.220.16.65' from > various machines it shows the correct answer. your computer, your problem :) i showed 2 links, should i show more ? -- Benny Pedersen Need more webspace ? http://www.servage.net/?coupon=cust37098 Best Regards, Jeff Koch, Intersessions
Re: rDNS problem
>How do I correct this problem? When I run 'nslookup 74.220.16.65' from various >machines it shows the correct answer. dig cronus.intersessions.com. @ns.intersessions.com. +short 74.220.16.65 dig -x 74.220.16.65 @ns.intersessions.com. +short cronus.intersessions.com. so there is PTR+A "match". delegation of the PTR is OK: dig -x 74.220.16.65 +trace ; <<>> DiG 9.2.3 <<>> -x 74.220.16.65 +trace ;; global options: printcmd . 16937 IN NS h.root-servers.net. . 16937 IN NS c.root-servers.net. . 16937 IN NS b.root-servers.net. . 16937 IN NS j.root-servers.net. . 16937 IN NS g.root-servers.net. . 16937 IN NS e.root-servers.net. . 16937 IN NS d.root-servers.net. . 16937 IN NS i.root-servers.net. . 16937 IN NS k.root-servers.net. . 16937 IN NS m.root-servers.net. . 16937 IN NS f.root-servers.net. . 16937 IN NS a.root-servers.net. . 16937 IN NS l.root-servers.net. ;; Received 321 bytes from 207.203.133.65#53(207.203.133.65) in 3 ms 74.in-addr.arpa.86400 IN NS DILL.ARIN.NET. 74.in-addr.arpa.86400 IN NS BASIL.ARIN.NET. 74.in-addr.arpa.86400 IN NS Y.ARIN.NET. 74.in-addr.arpa.86400 IN NS Z.ARIN.NET. 74.in-addr.arpa.86400 IN NS INDIGO.ARIN.NET. 74.in-addr.arpa.86400 IN NS HENNA.ARIN.NET. 74.in-addr.arpa.86400 IN NS EPAZOTE.ARIN.NET. 74.in-addr.arpa.86400 IN NS CHIA.ARIN.NET. ;; Received 204 bytes from 192.33.4.12#53(c.root-servers.net) in 23 ms 16.220.74.in-addr.arpa. 86400 IN NS NS2.INTERSESSIONS.COM. 16.220.74.in-addr.arpa. 86400 IN NS NS.INTERSESSIONS.COM. ;; Received 95 bytes from 192.35.51.32#53(DILL.ARIN.NET) in 75 ms 65.16.220.74.in-addr.arpa. 10800 IN PTR cronus.intersessions.com. 16.220.74.in-addr.arpa. 10800 IN NS ns.intersessions.com. 16.220.74.in-addr.arpa. 10800 IN NS ns2.intersessions.com. ;; Received 148 bytes from 216.235.79.235#53(NS2.INTERSESSIONS.COM) in 38 ms and delegation is also OK for the intersessions.com zone. If there is a problem somewhere resolving the PTR, it's not with your NSs. Len __ IMGate OpenSource Mail Firewall www.IMGate.net
Re: rDNS problem
On Sat, November 22, 2008 01:41, Jeff Koch wrote: > How do I correct this problem? When I run 'nslookup 74.220.16.65' from > various machines it shows the correct answer. your computer, your problem :) i showed 2 links, should i show more ? -- Benny Pedersen Need more webspace ? http://www.servage.net/?coupon=cust37098
Re: rDNS problem
> RDNS_NONE is defined by the following rules: > > meta RDNS_NONE (__RDNS_NONE && !__CGATE_RCVD) > header __RDNS_NONEX-Spam-Relays-Untrusted =~ /^[^\]]+ rdns= / > header __CGATE_RCVD Received =~ /by \S+ \(CommuniGate Pro/ OK, I'm going to have one more go. The RDNS_NONE rule is triggered by the __RDNS_NONE rule above which is a regular expression. The header you posted didn't match this rule so it's quite possible it has nothing to do with the RDNS_NONE rule being triggered whatsoever. Please post the full message headers. Francis
Re: rDNS problem
Hi Benny: How do I correct this problem? When I run 'nslookup 74.220.16.65' from various machines it shows the correct answer. At 07:02 PM 11/21/2008, you wrote: On Sat, November 22, 2008 00:22, Jeff Koch wrote: > As far as I can tell 'cronus.intersessions.com' has reverse setup and it > matches 74.220.16.65. > > What am I missing? http://www.robtex.com/ip/74.220.16.65.html see the graph, no PTR, and no A there http://www.robtex.com/dns/cronus.intersessions.com.html see graph :) PTR and A works -- Benny Pedersen Need more webspace ? http://www.servage.net/?coupon=cust37098 Best Regards, Jeff Koch, Intersessions
Re: rDNS problem
On Sat, November 22, 2008 00:31, Daniel J McDonald wrote: > 74/8 was removed from the Bogon list in 2005, but maybe the recipient > hasn't updated their bogon acl in bind... rdns have nothing to do with rbl -- Benny Pedersen Need more webspace ? http://www.servage.net/?coupon=cust37098
Re: rDNS problem
On Sat, November 22, 2008 00:22, Jeff Koch wrote: > As far as I can tell 'cronus.intersessions.com' has reverse setup and it > matches 74.220.16.65. > > What am I missing? http://www.robtex.com/ip/74.220.16.65.html see the graph, no PTR, and no A there http://www.robtex.com/dns/cronus.intersessions.com.html see graph :) PTR and A works -- Benny Pedersen Need more webspace ? http://www.servage.net/?coupon=cust37098
Re: rDNS problem
Jeff Koch wrote: > Hopefully another pair of eyes can help find the reason for this rDNS > error. Here's SA header message: > > * 1.0 RDNS_NONE Delivered to trusted network by a host with no > rDNS > Received: from unknown (HELO cronus.intersessions.com) (74.220.16.65) > > As far as I can tell 'cronus.intersessions.com' has reverse setup and it > matches 74.220.16.65. > > What am I missing? Hi, RDNS_NONE is defined by the following rules: meta RDNS_NONE (__RDNS_NONE && !__CGATE_RCVD) header __RDNS_NONEX-Spam-Relays-Untrusted =~ /^[^\]]+ rdns= / header __CGATE_RCVD Received =~ /by \S+ \(CommuniGate Pro/ which means it was probably triggered by one of the headers you didn't include. Francis
Re: rDNS problem
On Fri, 2008-11-21 at 18:22 -0500, Jeff Koch wrote: > Hi All > > Hopefully another pair of eyes can help find the reason for this rDNS > error. Here's SA header message: > > * 1.0 RDNS_NONE Delivered to trusted network by a host with no rDNS > Received: from unknown (HELO cronus.intersessions.com) (74.220.16.65) > > As far as I can tell 'cronus.intersessions.com' has reverse setup and it > matches 74.220.16.65. > > What am I missing? 74/8 was removed from the Bogon list in 2005, but maybe the recipient hasn't updated their bogon acl in bind... -- Daniel J McDonald, CCIE #2495, CISSP #78281, CNX Austin Energy http://www.austinenergy.com
rDNS problem
Hi All Hopefully another pair of eyes can help find the reason for this rDNS error. Here's SA header message: * 1.0 RDNS_NONE Delivered to trusted network by a host with no rDNS Received: from unknown (HELO cronus.intersessions.com) (74.220.16.65) As far as I can tell 'cronus.intersessions.com' has reverse setup and it matches 74.220.16.65. What am I missing? Best Regards, Jeff Koch, Intersessions