[spamdyke-users] also getting DENIED_RDNS_MISSING with valid rDNS

[Roland Moelle]

I'm running Spamdyke 4.0.8 at my Ubuntu-Server:
 
Distributor ID: Ubuntu
Description:    Ubuntu 6.06.2 LTS
Release:        6.06
Codename:       dapper

Everything worked fine so far and it's doing a good job, but lately I saw
that some Mails I was waiting for were rejected as "DENIED_RDNS_MISSING",
although the sender is supposed to know how to configure his mail server.
 
The rejected mail came from IP 62.175.163.179. Manually testing the reverse
DNS entries at the server console showed proper entries:
 
****************************************************************
dig -t ptr 179.163.157.62.in-addr.arpa
;; Warning: Message parser reports malformed message packet.
;; Truncated, retrying in TCP mode.
 
; <<>> DiG 9.3.2 <<>> -t ptr 179.163.157.62.in-addr.arpa
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54169
;; flags: qr rd ra; QUERY: 1, ANSWER: 20, AUTHORITY: 0, ADDITIONAL: 0
 
;; QUESTION SECTION:
;179.163.157.62.in-addr.arpa.   IN      PTR
 
;; ANSWER SECTION:
179.163.157.62.in-addr.arpa. 172800 IN  PTR     mail.fachmedien.it.
179.163.157.62.in-addr.arpa. 172800 IN  PTR     mail.fachmedien.biz.
179.163.157.62.in-addr.arpa. 172800 IN  PTR     mail.fachinformation.biz.
179.163.157.62.in-addr.arpa. 172800 IN  PTR     mail.fachinformation.net.
179.163.157.62.in-addr.arpa. 172800 IN  PTR     mail.fachwerbung.de.
179.163.157.62.in-addr.arpa. 172800 IN  PTR     mail.info-at-click.de.
179.163.157.62.in-addr.arpa. 172800 IN  PTR     mail.vu-abo.de.
179.163.157.62.in-addr.arpa. 172800 IN  PTR
mail.fachpresseklimaindex.de.
179.163.157.62.in-addr.arpa. 172800 IN  PTR
mail.fachpresse-klimaindex.de.
179.163.157.62.in-addr.arpa. 172800 IN  PTR     mail.mediaskop.net.
179.163.157.62.in-addr.arpa. 172800 IN  PTR
mail.rheingauer-verlegertag.de.
179.163.157.62.in-addr.arpa. 172800 IN  PTR     mail.vertriebsunion.de.
179.163.157.62.in-addr.arpa. 172800 IN  PTR     mail.fachmedien.net.
179.163.157.62.in-addr.arpa. 172800 IN  PTR
mail.ja-zur-fachzeitschrift.de.
179.163.157.62.in-addr.arpa. 172800 IN  PTR     mail.mediaservice-plauen.de.
179.163.157.62.in-addr.arpa. 172800 IN  PTR     mail.vushop.de.
179.163.157.62.in-addr.arpa. 172800 IN  PTR     mail.vuabo.de.
179.163.157.62.in-addr.arpa. 172800 IN  PTR     mail.vu-shop.de.
179.163.157.62.in-addr.arpa. 172800 IN  PTR     mail.info-at-klick.de.
179.163.157.62.in-addr.arpa. 172800 IN  PTR     mail.fachmedien.eu.
 
;; Query time: 71 msec
;; SERVER: 80.237.128.144#53(80.237.128.144)
;; WHEN: Sat Feb 21 12:38:42 2009
;; MSG SIZE  rcvd: 715
****************************************************************
 
The syslog entries while the mail was blocked are as follows: 
 
****************************************************************
Feb 16 16:00:01 lvpsMyServerIpHere /USR/SBIN/CRON[12119]: (www-data) CMD ([
-x /usr/lib/cgi-bin/awstats.pl -a -f /etc/awstats/awstats.conf -a -r
/var/log/apache/access.log ] && /usr/lib/cgi-bin/awstats.pl -config=awstats
-update >/dev/null)
Feb 16 16:00:34 lvpsMyServerIpHere relaylock: /var/qmail/bin/relaylock: mail
from 62.157.163.179:45408 (mail.rheingauer-verlegertag.de)
Feb 16 16:01:04 lvpsMyServerIpHere spamdyke[15764]: DENIED_RDNS_MISSING
from:  <mailto:leserserv...@it-administrator.de>
leserserv...@it-administrator.de to: x...@y.biz origin_ip: 62.157.163.179
origin_rdns: (unknown) auth: (unknown)

 
****************************************************************
 
So as far as I can see at 16:00:34 the server is able to resolve the rDNS
entry, but 30 seconds later spamdykes claims that there wasn't a correct
rDNS entry for the same IP. The only thing that looks special to me is that
there are 20 domains hosted at the source server and therefore the answer
section is rather long (too long for UDP mode, but in TCP mode everything is
fine).
I was forced to add the sender to the white list in order to receive its
mail.
Any help to solve the problem is strongly appreciated.
 
Roland

_______________________________________________
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users