Well, don't add the IP to the rDNS whitelist file; that won't do any good. You want to add it to the IP whitelist file instead. :)
But overall, it looks like spamdyke is having trouble reversing that IP address and it's timing out most of the time. When it times out, you get the rejection (this is exactly why spamdyke sends a temporary rejection for rDNS failures, so the remote server will try again). I would suggest looking at your DNS setup. If you aren't running a caching nameserver on your mail server, you should definitely install one and change /etc/resolv.conf to use 127.0.0.1 as the only nameserver. If you are already running a caching nameserver, you might try using the "dns-timeout-secs" option to increase the DNS timeouts. The default is 30 seconds, maybe try 60 and see if this problem goes away? If all else fails, you can try recompiling spamdyke with "excessive" output and enabling full logging with the "full-log-dir" option. A full log file from one of these failed connections will show all the details of the DNS queries (packets sent, packets received), which would make it easy to figure out exactly where the failure is taking place. It easily could be a bug! -- Sam Clippinger On Jan 31, 2014, at 5:18 PM, Denny Jones <lhweb...@aol.com> wrote: > Not to point directly to a bug but I have been working on this issue for > quite some time so I'm pretty sure it'll keep on occurring. > > Also, I only pasted 2 lines from the log file. In reality there are many of > DENIED_RDNS_MISSING entries with a few ALLOWED entries throughout. In other > words, spamdyke will reject a bunch attempts and then allow one to come > through and then go back to denying them only to allow another one later. > There's no real pattern to speak of. > > To be clear, all the entries point to the same IP. I guess I could just add > the IP to the whitelist_rdns file to fix this? My concern is that redglue > might have many sending IP's and I'll have add everyone of them to the file. > I'm not sure how to go about finding that information out. > > Thanks for the reply! > > > -----Original Message----- > From: Eric Shubert <e...@shubes.net> > To: spamdyke-users <spamdyke-users@spamdyke.org> > Sent: Fri, Jan 31, 2014 4:59 pm > Subject: Re: [spamdyke-users] RDNS WhiteList Not Working > > On 01/31/2014 03:32 PM, Denny Jones wrote: > > I'm using SpamDyke 4.3.1 > > > > I have whitelisted gfoxconsulting.com in whitelist_rdns (I simply added > > "gfoxconsulting.com" to that file) > > > > I have the whitelist_rdns file indicated correctly in the spamdyke.conf > > file: > > > > rdns-whitelist-file=/etc/spamdyke/whitelist_rdns > > > > ...but I still, this domain (gfoxconsulting.com) being rejected: > > > > Jan 31 09:58:04 michael spamdyke[13182]: DENIED_RDNS_MISSING from: > > l...@gfoxconsulting.com to: > > al...@texasalliance.org origin_ip: > > 208.123.81.4 origin_rdns: (unknown) auth: (unknown) encryption: TLS > > reason: (empty) > > > > However on the very next log line I get: > > Jan 31 10:08:35 michael spamdyke[15441]: ALLOWED from: > > l...@gfoxconsulting.com to: > > al...@texasalliance.org origin_ip: > > 208.123.81.4 origin_rdns: exch01.redglue.com auth: (unknown) encryption: > > TLS reason: 250_ok_1391184515_qp_15469 > > > > What is going on here? > > > > Thanks, > > Denny > > > > > > > > > > _______________________________________________ > > I think you're perhaps missing how rdns whitelisting works. rDNS is a > name which is associated with an ip address. In the first instance, the > rDNS record is missing, so there's no name to match to (origin_rdns = > (unknown)). There's no way to use rdns whitelisting to let this one > through. You'd need to whitelist something else, like either the IP > address (good choice) or the sender domain (not recommended). > > It's possible (even likely) that someone at redglue.com discovered that > there was no rdns for this IP, and it was fixed sometime before 10:08 > (the missing message could have resulted from a cached lookup). > > It's also possible that there's an obscure bug in spamdyke. This is > unlikely, but it's been known to happen occasionally with odd DNS > configurations. I'd call this an odd rDNS configuration: > $ host 208.123.81.4 > 4.81.123.208.in-addr.arpa is an alias for 4.255-0.81.123.208.in-addr.arpa. > 4.255-0.81.123.208.in-addr.arpa domain name pointer exch01.redglue.com. > $ > There's a cname record pointing to the ptr record. Usually the rdns name > is a ptr record, not a cname (ttbomk). > > > Sam will know the bottom line here. > > -- > -Eric 'shubes' > > _______________________________________________ > spamdyke-users mailing list > spamdyke-users@spamdyke.org > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > _______________________________________________ > spamdyke-users mailing list > spamdyke-users@spamdyke.org > http://www.spamdyke.org/mailman/listinfo/spamdyke-users
_______________________________________________ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
