Problem with reject_rbl_client when a wildcard entry for mydomain exists

Thu, 04 Dec 2014 09:51:02 -0800 

Hi,
We experience problems when using reject_rbl_client if a wildcard entry for mydomain exists. It appears that a DNS lookup is first made with [ip].[rbl] and than with [ip].[rbl].[mydomain] if no entry has been found. This leads to false positives if a DNS wildcard entry for xxx.[mydomain] exists. 

Example:


18:19:10.976007 mail.mydomain.com.17363 > postfix.local-prod.local.domain: 
9896+ PTR? 21.17.227.212.in-addr.arpa. (44)
18:19:11.004248 postfix.local-prod.local.domain > mail.mydomain.com.17363: 
9896 1/0/0 PTR mout.gmx.net. (70)
18:19:11.004394 mail.mydomain.com.20184 > postfix.local-prod.local.domain: 
58856+ A? mout.gmx.net. (30)
18:19:11.004725 postfix.local-prod.local.domain > mail.mydomain.com.20184: 
58856 6/0/0 A mout.gmx.net, A mout.gmx.net, A[|domain] (DF)
18:19:11.354892 mail.mydomain.com.35558 > postfix.local-prod.local.domain: 
50868+ A? 21.17.227.212.zen.spamhaus.org. (48)
18:19:11.542972 postfix.local-prod.local.domain > mail.mydomain.com.35558: 
50868 NXDomain 0/1/0 (112) (DF)
18:19:11.543002 mail.mydomain.com.2259 > postfix.local-prod.local.domain: 
11912+ A? 21.17.227.212.zen.spamhaus.org.mydomain.com. (60)  -----> If a A 
record for *.mydomain.com exists this leads to a false positive
18:19:11.643002 postfix.local-prod.local.domain > mail.mydomain.com.2259: 
11912 NXDomain 0/1/0 (121) (DF)
18:19:11.643030 mail.mydomain.com.35352 > postfix.local-prod.local.domain: 
32908+ A? 21.17.227.212.zen.spamhaus.org. (48)
18:19:11.643385 postfix.local-prod.local.domain > mail.mydomain.com.35352: 
32908 NXDomain 0/1/0 (112) (DF)
18:19:11.643475 mail.mydomain.com.44535 > postfix.local-prod.local.domain: 
10940+ MX? gmx.ch. (24)
18:19:11.673154 postfix.local-prod.local.domain > mail.mydomain.com.44535: 
10940 2/0/4 MX mx00.emig.gmx.net. 10, MX[|domain] (DF)
18:19:11.904275 mail.mydomain.com.5803 > postfix.local-prod.local.domain: 
29132+ PTR? 100.10.168.192.in-addr.arpa. (45)
18:19:11.904731 postfix.local-prod.local.domain > mail.mydomain.com.5803: 
29132* 1/0/0 PTR[|domain] (DF)
18:19:11.905085 mail.mydomain.com.39746 > postfix.local-prod.local.domain: 
36015+ PTR? 18.15.227.212.in-addr.arpa. (44)
18:19:11.949389 postfix.local-prod.local.domain > mail.mydomain.com.39746: 
36015 1/0/0 PTR mout.gmx.net. (70) (DF)
18:19:11.949511 mail.mydomain.com.40551 > postfix.local-prod.local.domain: 
57004+ PTR? 22.17.227.212.in-addr.arpa. (44)
18:19:11.949858 postfix.local-prod.local.domain > mail.mydomain.com.40551: 
57004 1/0/0 PTR mout.gmx.net. (70) (DF)


cheers,

Stefan 






















					Reply via email to