Not to point directly to a bug but I have been working on this issue for quite some time so I'm pretty sure it'll keep on occurring.
Also, I only pasted 2 lines from the log file. In reality there are many of DENIED_RDNS_MISSING entries with a few ALLOWED entries throughout. In other words, spamdyke will reject a bunch attempts and then allow one to come through and then go back to denying them only to allow another one later. There's no real pattern to speak of. To be clear, all the entries point to the same IP. I guess I could just add the IP to the whitelist_rdns file to fix this? My concern is that redglue might have many sending IP's and I'll have add everyone of them to the file. I'm not sure how to go about finding that information out. Thanks for the reply! -----Original Message----- From: Eric Shubert <e...@shubes.net> To: spamdyke-users <spamdyke-users@spamdyke.org> Sent: Fri, Jan 31, 2014 4:59 pm Subject: Re: [spamdyke-users] RDNS WhiteList Not Working On 01/31/2014 03:32 PM, Denny Jones wrote: > I'm using SpamDyke 4.3.1 > > I have whitelisted gfoxconsulting.com in whitelist_rdns (I simply added > "gfoxconsulting.com" to that file) > > I have the whitelist_rdns file indicated correctly in the spamdyke.conf > file: > > rdns-whitelist-file=/etc/spamdyke/whitelist_rdns > > ...but I still, this domain (gfoxconsulting.com) being rejected: > > Jan 31 09:58:04 michael spamdyke[13182]: DENIED_RDNS_MISSING from: > l...@gfoxconsulting.com to: > al...@texasalliance.org origin_ip: > 208.123.81.4 origin_rdns: (unknown) auth: (unknown) encryption: TLS > reason: (empty) > > However on the very next log line I get: > Jan 31 10:08:35 michael spamdyke[15441]: ALLOWED from: > l...@gfoxconsulting.com to: > al...@texasalliance.org origin_ip: > 208.123.81.4 origin_rdns: exch01.redglue.com auth: (unknown) encryption: > TLS reason: 250_ok_1391184515_qp_15469 > > What is going on here? > > Thanks, > Denny > > > > > _______________________________________________ I think you're perhaps missing how rdns whitelisting works. rDNS is a name which is associated with an ip address. In the first instance, the rDNS record is missing, so there's no name to match to (origin_rdns = (unknown)). There's no way to use rdns whitelisting to let this one through. You'd need to whitelist something else, like either the IP address (good choice) or the sender domain (not recommended). It's possible (even likely) that someone at redglue.com discovered that there was no rdns for this IP, and it was fixed sometime before 10:08 (the missing message could have resulted from a cached lookup). It's also possible that there's an obscure bug in spamdyke. This is unlikely, but it's been known to happen occasionally with odd DNS configurations. I'd call this an odd rDNS configuration: $ host 208.123.81.4 4.81.123.208.in-addr.arpa is an alias for 4.255-0.81.123.208.in-addr.arpa. 4.255-0.81.123.208.in-addr.arpa domain name pointer exch01.redglue.com. $ There's a cname record pointing to the ptr record. Usually the rdns name is a ptr record, not a cname (ttbomk). Sam will know the bottom line here. -- -Eric 'shubes' _______________________________________________ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
_______________________________________________ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
