Think I have worked it out. I put that IPv6 address in ‘ISP/Secondary MX Servers (ispip)’ and it seems to be working now.
Sorry for the noise. James. > On 12 Jan 2022, at 4:51 pm, James Brown via Assp-test > <assp-test@lists.sourceforge.net> wrote: > > Hi Thomas. > > We have been getting a number of emails marked as spam when they are not. > > Looking at the logs I see lots of PTR missing errors. > > Eg: > > Jan-12-22 16:01:57 id-63717-09731 [Worker_1] 2001:8000:104:8f::3 > <dwyf42geols9rfylid0yxn6y39xosrl...@email.camerahouse.com.au > <mailto:dwyf42geols9rfylid0yxn6y39xosrl...@email.camerahouse.com.au>> to: > myu...@bordo.com.au <mailto:myu...@bordo.com.au> DKIM-Signature found > Jan-12-22 16:01:57 id-63717-09731 [Worker_1] 2001:8000:104:8f::3 > <dwyf42geols9rfylid0yxn6y39xosrl...@email.camerahouse.com.au > <mailto:dwyf42geols9rfylid0yxn6y39xosrl...@email.camerahouse.com.au>> to: > myu...@bordo.com.au <mailto:myu...@bordo.com.au> info: detected IP's on the > mail routing way: 216.27.63.96, 2001:8000:104:8f:0:0:0:3 > Jan-12-22 16:01:57 id-63717-09731 [Worker_1] 2001:8000:104:8f::3 > <dwyf42geols9rfylid0yxn6y39xosrl...@email.camerahouse.com.au > <mailto:dwyf42geols9rfylid0yxn6y39xosrl...@email.camerahouse.com.au>> to: > myu...@bordo.com.au <mailto:myu...@bordo.com.au> info: detected source IP: > 216.27.63.96 > Jan-12-22 16:01:57 id-63717-09731 [Worker_1] 2001:8000:104:8f::3 > <dwyf42geols9rfylid0yxn6y39xosrl...@email.camerahouse.com.au > <mailto:dwyf42geols9rfylid0yxn6y39xosrl...@email.camerahouse.com.au>> to: > myu...@bordo.com.au <mailto:myu...@bordo.com.au> [scoring] DKIM signature > verified-OK - header-passed - identity is: > cameraho...@email.camerahouse.com.au > <mailto:cameraho...@email.camerahouse.com.au> - sender policy is: neutral - > author policy is: neutral > Jan-12-22 16:01:57 id-63717-09731 [Worker_1] 2001:8000:104:8f::3 > <dwyf42geols9rfylid0yxn6y39xosrl...@email.camerahouse.com.au > <mailto:dwyf42geols9rfylid0yxn6y39xosrl...@email.camerahouse.com.au>> to: > myu...@bordo.com.au <mailto:myu...@bordo.com.au> Message-Score: added -15 > (dkimOkValencePB) for DKIM pass, total score for this message is now -15 > Jan-12-22 16:01:59 id-63717-09731 [Worker_1] 2001:8000:104:8f::3 > <dwyf42geols9rfylid0yxn6y39xosrl...@email.camerahouse.com.au > <mailto:dwyf42geols9rfylid0yxn6y39xosrl...@email.camerahouse.com.au>> to: > myu...@bordo.com.au <mailto:myu...@bordo.com.au> [scoring] SPF: fail > ip=2001:8000:104:8f::3 > mailfrom=dwyf42geols9rfylid0yxn6y39xosrl...@email.camerahouse.com.au > <mailto:mailfrom=dwyf42geols9rfylid0yxn6y39xosrl...@email.camerahouse.com.au> > helo=astaro1.bordo.com.au <http://astaro1.bordo.com.au/> > Jan-12-22 16:01:59 id-63717-09731 [Worker_1] 2001:8000:104:8f::3 > <dwyf42geols9rfylid0yxn6y39xosrl...@email.camerahouse.com.au > <mailto:dwyf42geols9rfylid0yxn6y39xosrl...@email.camerahouse.com.au>> to: > myu...@bordo.com.au <mailto:myu...@bordo.com.au> Message-Score: added 25 > (spfValencePB) for SPF fail, total score for this message is now 10 > Jan-12-22 16:01:59 id-63717-09731 [Worker_1] 2001:8000:104:8f::3 > <dwyf42geols9rfylid0yxn6y39xosrl...@email.camerahouse.com.au > <mailto:dwyf42geols9rfylid0yxn6y39xosrl...@email.camerahouse.com.au>> to: > myu...@bordo.com.au <mailto:myu...@bordo.com.au> Message-Score: added 10 for > DNSBL: neutral, 216.27.63.96 listed in dnsbl.ahbl.org > <http://dnsbl.ahbl.org/>, total score for this message is now 20 > Jan-12-22 16:02:00 id-63717-09731 [Worker_1] [PTRmissing] 2001:8000:104:8f::3 > <dwyf42geols9rfylid0yxn6y39xosrl...@email.camerahouse.com.au > <mailto:dwyf42geols9rfylid0yxn6y39xosrl...@email.camerahouse.com.au>> to: > myu...@bordo.com.au <mailto:myu...@bordo.com.au> [scoring] (PTR missing) - > Cache > Jan-12-22 16:02:00 id-63717-09731 [Worker_1] 2001:8000:104:8f::3 > <dwyf42geols9rfylid0yxn6y39xosrl...@email.camerahouse.com.au > <mailto:dwyf42geols9rfylid0yxn6y39xosrl...@email.camerahouse.com.au>> to: > myu...@bordo.com.au <mailto:myu...@bordo.com.au> Message-Score: added 20 > (ptmValencePB) for PTR missing, total score for this message is now 40 > > Which address is it referring to? 216.27.63.96 or 2001:8000:104:8f::3 ? > > dig -x 216.27.63.21 > ;; ANSWER SECTION: > 21.63.27.216.in-addr.arpa. 21600 IN PTR bm23.com <http://bm23.com/>. > > Or is it 2001:8000:104:8f::3 which is the internal interface on our Sophos > UTM? (Which also does basic SMTP proxy). If so will I need to create a > reverse DNS zone with this record: > > 3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.f.8.0.0.4.0.1.0.0.0.0.8.1.0.0.2.ip6.arpa. > IN PTR mail.bordo.com.au <http://mail.bordo.com.au/>. > Have set DoReversed to Monitor for the moment. > > Shouldn’t it be doing the reverse DNS check on the detected source IP? > > Thanks, > > James. > > > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test
_______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
