nik600 hotmail wrote:
>
> I'm experiencing a strange problem with RDNS_NONE.
>
> On the same sender host, sometimes it is marked with RDNS_NONE, and
> sometimes not.
>
> The host has a reverse dns!
>
> Example:
> Received: from dadosoftware.com (dns2.dadosoftware.com [217.199.13.2]) ->
> OK
>
> Received: from dadosoftware.com (unknown [217.199.13.2]) -> FALSE POSITIVE
>
> But 217.199.13.2 has a reverse dns!
> 2.13.199.217.in-addr.arpa. 11894 IN PTR dns2.dadosoftware.com.
>
> Who decides the presence of RDNS_NONE ?
> A real dns check or a parsing of the email headers?
>
> And, in case of parse who decides to write dns2.dadosoftware.com
> [217.199.13.2] instead of unknown [217.199.13.2]?
>
>
Hello,
I'm also experiencing some issues with RDNS_NONE, for example:
Return-Path: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
Received: from mail.telcel.com (mail.telcel.com [200.38.208.219])
by server.nekotec.com.mx (Postfix) with ESMTP id 8DE0DE42BD;
Wed, 1 Oct 2008 13:10:42 -0500 (CDT)
Received: from MXVIBOFICOR04 ([10.203.6.79])
by xiang.telcel.com (Sun Java System Messaging Server 6.2-7.05 (built Sep
5
2006)) with ESMTP id <[EMAIL PROTECTED]>; Wed,
01 Oct 2008 13:08:20 -0500 (CDT)
Date: Wed, 01 Oct 2008 13:10:08 -0500
From: sender <[EMAIL PROTECTED]>
Subject: =?iso-8859-1?Q?RE:_Reuni=F3n_con_Sergio_Ruelas?=
In-reply-to:
To: [EMAIL PROTECTED], 'A Person' <[EMAIL PROTECTED]>
Cc: ='someone else' <[EMAIL PROTECTED]>,
'Another Person' <[EMAIL PROTECTED]>
Reply-to: [EMAIL PROTECTED]
Message-id: <[EMAIL PROTECTED]>
Organization: Radiomovil DIPSA S.A. DE C.V.
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.3350
X-Mailer: Microsoft Office Outlook 11
Content-type: multipart/related;
boundary="Boundary_(ID_qVeDaZ+jbYnMrmKcL4ak9w)"
Thread-index: AckjH+1ELYTEgSMgStiE9TLFCGpJTwAER6RgAC/RkyA=
X-TM-IMSS-Message-ID: <[EMAIL PROTECTED]>
X-TM-AS-Product-Ver: IMSS-7.0.0.6219-5.5.0.1027-16192.001
X-TM-AS-Result: No--29.940-7.0-31-1
X-imss-scan-details: No--29.940-7.0-31-1;No--29.940-7.0-31-1
X-Virus-Scanned: ClamAV version 0.94, clamav-milter version 0.94 on
server.nekotec.com.mx
X-Virus-Status: Clean
X-Spam-Status: No, score=-6.7 required=2.5 tests=BAYES_00,HTML_MESSAGE,
RDNS_NONE,SHORT_HELO_AND_INLINE_IMAGE,SNS_FROM_TELCEL,SNS_HAM_KEYWORDS
autolearn=ham version=3.2.5
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
server.nekotec.com.mx
The PTR:
; <<>> DiG 9.3.4 <<>> -x 200.38.208.219
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8556
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
;; QUESTION SECTION:
;219.208.38.200.in-addr.arpa. IN PTR
;; ANSWER SECTION:
219.208.38.200.in-addr.arpa. 2797 IN PTR mail.telcel.com.
;; AUTHORITY SECTION:
208.38.200.in-addr.arpa. 2797 IN NS nsmex4.uninet.net.mx.
208.38.200.in-addr.arpa. 2797 IN NS
dnsadm-interno.uninet.net.mx.
208.38.200.in-addr.arpa. 2797 IN NS nsmex3.uninet.net.mx.
;; ADDITIONAL SECTION:
nsmex3.uninet.net.mx. 97 IN A 200.33.146.211
nsmex4.uninet.net.mx. 157 IN A 200.33.146.217
dnsadm-interno.uninet.net.mx. 157 IN A 200.33.150.193
The fwd record matches:
; <<>> DiG 9.3.4 <<>> mail.telcel.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26651
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;mail.telcel.com. IN A
;; ANSWER SECTION:
mail.telcel.com. 11456 IN A 200.38.208.219
;; AUTHORITY SECTION:
telcel.com. 11456 IN NS dns1i.itelcel.com.
telcel.com. 11456 IN NS dns01.amigokit.com.
I have other hosts that trigger the RDNS_NONE rule as well. They are never
enough to classify the message as spam, though. But it's kind of bothersome
that SA fires up a false positive for rDNS.
I'm really confused as to how SA parses the email to trigger (or not) the
RDNS_NONE rule.
Dan.
--
View this message in context:
http://www.nabble.com/problem-with-RDNS_NONE%3A-false-positive-tp19774673p19780402.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
