Could the problem be related to the RFC 2317 type CNAME with a slash in it?
It looks like Spamdyke is checking this rDNS in two steps, and does not get a response when trying to resolve the interim CNAME with a slash in it. In this case, it is trying to check rDNS for 12.4.231.163. Via dig, it resolves to a CNAME with a slash, and then to a DNS name: [r...@rarebear smtp]# dig -x 12.4.231.163 +short 163.128/25.231.4.12.in-addr.arpa. mailout1.klgates.com. >From the "excessive" logging, Spamdyke finds the CNAME: 01-28 11:38:00 spamdyke[4307]: EXCESSIVE(nihdns_ptr_lookup()@dns.c:1232): found CNAME record for 163.231.4.12.in-addr.arpa: 163.128/25.231.4.12.in-addr.arpa .and then tries to resolve it: 01-28 11:38:00 spamdyke[4307]: EXCESSIVE(nihdns_query()@dns.c:752): sending 50 byte query (ID 128/154) for 163.128/25.231.4.12.in-addr.arpa(PTR) to DNS server 66.251.133.4:53 (attempt 1) 01-28 11:38:00 spamdyke[4307]: EXCESSIVE(nihdns_query()@dns.c:752): sending 50 byte query (ID 129/154) for 163.128/25.231.4.12.in-addr.arpa(CNAME) to DNS server 66.251.133.4:53 (attempt 1) 01-28 11:38:00 spamdyke[4307]: EXCESSIVE(nihdns_query()@dns.c:815): received DNS packet: 196 bytes, ID 126/154 01-28 11:38:10 spamdyke[4307]: EXCESSIVE(nihdns_query()@dns.c:752): sending 50 byte query (ID 128/154) for 163.128/25.231.4.12.in-addr.arpa(PTR) to DNS server 66.251.133.4:53 (attempt 2) 01-28 11:38:10 spamdyke[4307]: EXCESSIVE(nihdns_query()@dns.c:752): sending 50 byte query (ID 129/154) for 163.128/25.231.4.12.in-addr.arpa(CNAME) to DNS server 66.251.133.4:53 (attempt 2) 01-28 11:38:10 spamdyke[4307]: EXCESSIVE(nihdns_query()@dns.c:779): sending 50 byte query (ID 128/154) for 163.128/25.231.4.12.in-addr.arpa(PTR) to DNS server 66.251.133.128:53 (attempt 2) 01-28 11:38:10 spamdyke[4307]: EXCESSIVE(nihdns_query()@dns.c:779): sending 50 byte query (ID 129/154) for 163.128/25.231.4.12.in-addr.arpa(CNAME) to DNS server 66.251.133.128:53 (attempt 2) 01-28 11:38:20 spamdyke[4307]: EXCESSIVE(nihdns_query()@dns.c:752): sending 50 byte query (ID 128/154) for 163.128/25.231.4.12.in-addr.arpa(PTR) to DNS server 66.251.133.4:53 (attempt 3) 01-28 11:38:20 spamdyke[4307]: EXCESSIVE(nihdns_query()@dns.c:752): sending 50 byte query (ID 129/154) for 163.128/25.231.4.12.in-addr.arpa(CNAME) to DNS server 66.251.133.4:53 (attempt 3) 01-28 11:38:20 spamdyke[4307]: EXCESSIVE(nihdns_query()@dns.c:779): sending 50 byte query (ID 128/154) for 163.128/25.231.4.12.in-addr.arpa(PTR) to DNS server 66.251.133.128:53 (attempt 3) 01-28 11:38:20 spamdyke[4307]: EXCESSIVE(nihdns_query()@dns.c:779): sending 50 byte query (ID 129/154) for 163.128/25.231.4.12.in-addr.arpa(CNAME) to DNS server 66.251.133.128:53 (attempt 3) .and then gives up: 01-28 11:38:30 spamdyke[4307]: DEBUG(filter_rdns_missing()@filter.c:848): checking for missing rDNS; rdns: (unknown) 01-28 11:38:30 spamdyke[4307]: FILTER_RDNS_MISSING ip: 12.4.231.163 . . . 01-28 11:38:30 spamdyke[4307]: DENIED_RDNS_MISSING from: [[email protected] to: [[email protected] origin_ip: 12.4.231.163 origin_rdns: (unknown) auth:(unknown) In trying to debug this, I find that I can't dig or nslookup the cname either (although I can resolve the original IP address, as above): [r...@rarebear smtp]# dig -x 163.128/25.231.4.12.in-addr.arpa +short ;; connection timed out; no servers could be reached [r...@rarebear smtp]# nslookup 163.128/25.231.4.12.in-addr.arpa ;; connection timed out; no servers could be reached This symptom happens consistently on my server with this site, and also with other sites that have a CNAME with a slash in them, such as: [r...@rarebear smtp]# dig -x 63.241.239.24 +short 24.0/26.239.241.63.in-addr.arpa. mx02.e-hps.com. I can arrange to send an email to you from one of these sites, if that would help. Thanks, John _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
