I'm not exactly sure what's happening here, but I don't think it's the
slash. I've seen a lot of PTR delegation done this way and it's never
caused problems before.
I think something is wrong with this specific IP's reverse DNS setup.
When I try to manually follow the delegation, I get as far as
4.12.in-addr.arpa, hosted on AT&T's nameservers. But those servers
return "no such domain" for 231.4.12.in-addr.arpa, which shouldn't
happen. My own nameservers were unable to find
163.128/25.231.4.12.in-addr.arpa when I first started but now they can,
as though the response just took a long time to come back.
Also remember that your nslookup command line for
163.128/25.231.4.12.in-addr.arpa is incorrect -- it will never return
results because nslookup searches for A, CNAME, SOA, NS and TXT records
by default but not PTR. Ping will never work either, for the same
reason. Try this instead:
$ nslookup
> set type=ptr
> 163.128/25.231.4.12.in-addr.arpa
OR:
dig -t ptr 163.128/25.231.4.12.in-addr.arpa
-- Sam Clippinger
John Kagan wrote:
> Could the problem be related to the RFC 2317 type CNAME with a slash in it?
>
> It looks like Spamdyke is checking this rDNS in two steps, and does not get
> a response when trying to resolve the interim CNAME with a slash in it.
>
> In this case, it is trying to check rDNS for 12.4.231.163. Via dig, it
> resolves to a CNAME with a slash, and then to a DNS name:
>
> [r...@rarebear smtp]# dig -x 12.4.231.163 +short
> 163.128/25.231.4.12.in-addr.arpa.
> mailout1.klgates.com.
>
> >From the "excessive" logging, Spamdyke finds the CNAME:
>
> 01-28 11:38:00 spamdyke[4307]: EXCESSIVE(nihdns_ptr_lookup()@dns.c:1232):
> found CNAME record for 163.231.4.12.in-addr.arpa:
> 163.128/25.231.4.12.in-addr.arpa
>
> .and then tries to resolve it:
>
> 01-28 11:38:00 spamdyke[4307]: EXCESSIVE(nihdns_query()@dns.c:752): sending
> 50 byte query (ID 128/154) for 163.128/25.231.4.12.in-addr.arpa(PTR) to DNS
> server 66.251.133.4:53 (attempt 1)
> 01-28 11:38:00 spamdyke[4307]: EXCESSIVE(nihdns_query()@dns.c:752): sending
> 50 byte query (ID 129/154) for 163.128/25.231.4.12.in-addr.arpa(CNAME) to
> DNS server 66.251.133.4:53 (attempt 1)
> 01-28 11:38:00 spamdyke[4307]: EXCESSIVE(nihdns_query()@dns.c:815): received
> DNS packet: 196 bytes, ID 126/154
> 01-28 11:38:10 spamdyke[4307]: EXCESSIVE(nihdns_query()@dns.c:752): sending
> 50 byte query (ID 128/154) for 163.128/25.231.4.12.in-addr.arpa(PTR) to DNS
> server 66.251.133.4:53 (attempt 2)
> 01-28 11:38:10 spamdyke[4307]: EXCESSIVE(nihdns_query()@dns.c:752): sending
> 50 byte query (ID 129/154) for 163.128/25.231.4.12.in-addr.arpa(CNAME) to
> DNS server 66.251.133.4:53 (attempt 2)
> 01-28 11:38:10 spamdyke[4307]: EXCESSIVE(nihdns_query()@dns.c:779): sending
> 50 byte query (ID 128/154) for 163.128/25.231.4.12.in-addr.arpa(PTR) to DNS
> server 66.251.133.128:53 (attempt 2)
> 01-28 11:38:10 spamdyke[4307]: EXCESSIVE(nihdns_query()@dns.c:779): sending
> 50 byte query (ID 129/154) for 163.128/25.231.4.12.in-addr.arpa(CNAME) to
> DNS server 66.251.133.128:53 (attempt 2)
> 01-28 11:38:20 spamdyke[4307]: EXCESSIVE(nihdns_query()@dns.c:752): sending
> 50 byte query (ID 128/154) for 163.128/25.231.4.12.in-addr.arpa(PTR) to DNS
> server 66.251.133.4:53 (attempt 3)
> 01-28 11:38:20 spamdyke[4307]: EXCESSIVE(nihdns_query()@dns.c:752): sending
> 50 byte query (ID 129/154) for 163.128/25.231.4.12.in-addr.arpa(CNAME) to
> DNS server 66.251.133.4:53 (attempt 3)
> 01-28 11:38:20 spamdyke[4307]: EXCESSIVE(nihdns_query()@dns.c:779): sending
> 50 byte query (ID 128/154) for 163.128/25.231.4.12.in-addr.arpa(PTR) to DNS
> server 66.251.133.128:53 (attempt 3)
> 01-28 11:38:20 spamdyke[4307]: EXCESSIVE(nihdns_query()@dns.c:779): sending
> 50 byte query (ID 129/154) for 163.128/25.231.4.12.in-addr.arpa(CNAME) to
> DNS server 66.251.133.128:53 (attempt 3)
>
> .and then gives up:
>
> 01-28 11:38:30 spamdyke[4307]: DEBUG(filter_rdns_missing()@filter.c:848):
> checking for missing rDNS; rdns: (unknown)
> 01-28 11:38:30 spamdyke[4307]: FILTER_RDNS_MISSING ip: 12.4.231.163
> .
> .
> .
> 01-28 11:38:30 spamdyke[4307]: DENIED_RDNS_MISSING from: [[email protected]
> to: [[email protected] origin_ip: 12.4.231.163 origin_rdns: (unknown)
> auth:(unknown)
>
> In trying to debug this, I find that I can't dig or nslookup the cname
> either (although I can resolve the original IP address, as above):
>
> [r...@rarebear smtp]# dig -x 163.128/25.231.4.12.in-addr.arpa +short
> ;; connection timed out; no servers could be reached
> [r...@rarebear smtp]# nslookup 163.128/25.231.4.12.in-addr.arpa
> ;; connection timed out; no servers could be reached
>
> This symptom happens consistently on my server with this site, and also with
> other sites that have a CNAME with a slash in them, such as:
>
> [r...@rarebear smtp]# dig -x 63.241.239.24 +short
> 24.0/26.239.241.63.in-addr.arpa.
> mx02.e-hps.com.
>
> I can arrange to send an email to you from one of these sites, if that would
> help.
>
> Thanks,
> John
>
> _______________________________________________
> spamdyke-users mailing list
> [email protected]
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>
_______________________________________________
spamdyke-users mailing list
[email protected]
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
