Re: [Declude.JunkMail] DNS server returned server failure for
I see "server failures" on a bunch of obviously fake hostnames: WARNING: DNS server 216.12.134.208 returned a SERVER FAILURE error for MX or A for Me. WARNING: DNS server 216.12.134.208 returned a SERVER FAILURE error for MX or A for host3. WARNING: DNS server 216.12.134.208 returned a SERVER FAILURE error for MX or A for mailer1. WARNING: DNS server 216.12.134.208 returned a SERVER FAILURE error for MX or A for jinge. ...Anything we can do to add a weight to these? We do also see server failures on some hostnames were do have an A record, so I see the delema. But it would be nice to at least add a weighting to the obvious fakes. That's definitely a problem with the DNS server -- the "server failure" indicates "a problem with the nameserver". For hosts that are not fully qualified (such as "Me"), the DNS server should be reporting that the host does not exist. In fact, it's possible for "Me" to have an MX record someday (unlikely, as there would need to be a country that used the .me ccTLD, and it would need to be set up to accept mail, but it could happen), so your DNS server technically should be contacting the root servers for these. Although it is understandable that your DNS server does not look them up (the root servers get overwhelmed by these bogus lookups, whether caused by a spammer, or someone typing "www.microsoft.cmo" into their web browser), it should not be returning a server failure message. For the non-fully-qualified host names, we might be able to automatically check for that, which would get around this problem. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] DNS server returned server failure for
I see "server failures" on a bunch of obviously fake hostnames: WARNING: DNS server 216.12.134.208 returned a SERVER FAILURE error for MX or A for Me. WARNING: DNS server 216.12.134.208 returned a SERVER FAILURE error for MX or A for host3. WARNING: DNS server 216.12.134.208 returned a SERVER FAILURE error for MX or A for mailer1. WARNING: DNS server 216.12.134.208 returned a SERVER FAILURE error for MX or A for jinge. ...Anything we can do to add a weight to these? We do also see server failures on some hostnames were do have an A record, so I see the delema. But it would be nice to at least add a weighting to the obvious fakes. Bill -Original Message- From: "R. Scott Perry" Sent: Wed, 12 Mar 2003 09:00:14 -0500 Subject: RE: [Declude.JunkMail] DNS server returned server failure for >I have suffered from this also, so much so that I have even explored the use >of SimpleDNS without success thinking that this was a external DNS problem. >I was hoping that by bringing the DNS (as a DNS cache) locally to the mail >server did infact reduce the frequency of this error, unfortunately it did >not solve the occurance of this error. Just to clarify why this is happening. When Declude JunkMail is looking up the MX or A record for a hostname (such as for the HELOBOGUS test, or checking the domain of the return address), it will record this message if the local DNS server reports a "server failure" message. Technically, this message indicates a problem with the local DNS server. However, it seems that the RFCs do not cover what a caching DNS server is supposed to do if it receives a "server failure" message from a remote DNS server. When this happens, some DNS servers will pass on the "server failure" message. Declude JunkMail treats the "server failure" as a temporary error, and makes the assumption that the E-mail is not spam. If that was changed, more spam could get caught (as a server failure almost always indicates that the DNS record doesn't exist). But, if there was a real server failure on the local DNS server (if the Internet connection went out, for example, or if there was a DDoS attack on the root servers), then all E-mail would fail the spam tests. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] DNS server returned server failure for
I have suffered from this also, so much so that I have even explored the use of SimpleDNS without success thinking that this was a external DNS problem. I was hoping that by bringing the DNS (as a DNS cache) locally to the mail server did infact reduce the frequency of this error, unfortunately it did not solve the occurance of this error. Just to clarify why this is happening. When Declude JunkMail is looking up the MX or A record for a hostname (such as for the HELOBOGUS test, or checking the domain of the return address), it will record this message if the local DNS server reports a "server failure" message. Technically, this message indicates a problem with the local DNS server. However, it seems that the RFCs do not cover what a caching DNS server is supposed to do if it receives a "server failure" message from a remote DNS server. When this happens, some DNS servers will pass on the "server failure" message. Declude JunkMail treats the "server failure" as a temporary error, and makes the assumption that the E-mail is not spam. If that was changed, more spam could get caught (as a server failure almost always indicates that the DNS record doesn't exist). But, if there was a real server failure on the local DNS server (if the Internet connection went out, for example, or if there was a DDoS attack on the root servers), then all E-mail would fail the spam tests. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] DNS server returned server failure for
I have suffered from this also, so much so that I have even explored the use of SimpleDNS without success thinking that this was a external DNS problem. I was hoping that by bringing the DNS (as a DNS cache) locally to the mail server did infact reduce the frequency of this error, unfortunately it did not solve the occurance of this error. Although this may not help, I am just laying out on the table my observations for all to pounder over.. Eddie :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of John Tolmachoff Sent: Tuesday, March 11, 2003 9:07 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] DNS server returned server failure for What is the best way to diagnose/investigate these: 03/11/2003 11:04:05 Q33230c6100e83de9 WARNING: DNS server 67.94.227.35 returned a SERVER FAILURE error for MX or A for John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
NONE RE: [Declude.JunkMail] DNS server returned server failure for
I am getting this same problem showing in my log files. Has any solution or suggestions been thought of yet? Or even if this is something I need to worry about? Thanks, Jeffrey Di Gregorio Systems Administrator Pacific School of Religion -Original Message- From: John Tolmachoff [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 11, 2003 11:55 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] DNS server returned server failure for Well, I guess I could always run netmon. It is just that it has been such a long time since I did that I will have to relearn how to filter and rename and such. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com > -Original Message- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED] On Behalf Of Dan Patnode > Sent: Tuesday, March 11, 2003 11:23 AM > To: [EMAIL PROTECTED] > Subject: Re: [Declude.JunkMail] DNS server returned server failure for > > John, > > I've been running around in circles chasing this problem. Basically its an error that > your DNS server doesn't understand well enough to give the correct code for. The > problem then is that Declude misses out on any kind of DNS test opportunity > because as Scott explains it, reacting to the failure itself would mean that a genuine > failure would cause FPs. > > I would love a solution. > > Dan > > > > On Tuesday, March 11, 2003 11:06, John Tolmachoff > <[EMAIL PROTECTED]> wrote: > >What is the best way to diagnose/investigate these: > > > >03/11/2003 11:04:05 Q33230c6100e83de9 WARNING: DNS server 67.94.227.35 > >returned a SERVER FAILURE error for MX or A for > > > >John Tolmachoff MCSE, CSSA > >IT Manager, Network Engineer > >RelianceSoft, Inc. > >Fullerton, CA 92835 > >www.reliancesoft.com > > > > > >--- > >[This E-mail was scanned for viruses by Declude Virus > >(http://www.declude.com)] > > > >--- > >This E-mail came from the Declude.JunkMail mailing list. To > >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > >type "unsubscribe Declude.JunkMail". The archives can be found > >at http://www.mail-archive.com. > > > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] DNS server returned server failure for
Well, I guess I could always run netmon. It is just that it has been such a long time since I did that I will have to relearn how to filter and rename and such. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com > -Original Message- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED] On Behalf Of Dan Patnode > Sent: Tuesday, March 11, 2003 11:23 AM > To: [EMAIL PROTECTED] > Subject: Re: [Declude.JunkMail] DNS server returned server failure for > > John, > > I've been running around in circles chasing this problem. Basically its an error that > your DNS server doesn't understand well enough to give the correct code for. The > problem then is that Declude misses out on any kind of DNS test opportunity > because as Scott explains it, reacting to the failure itself would mean that a genuine > failure would cause FPs. > > I would love a solution. > > Dan > > > > On Tuesday, March 11, 2003 11:06, John Tolmachoff > <[EMAIL PROTECTED]> wrote: > >What is the best way to diagnose/investigate these: > > > >03/11/2003 11:04:05 Q33230c6100e83de9 WARNING: DNS server 67.94.227.35 > >returned a SERVER FAILURE error for MX or A for > > > >John Tolmachoff MCSE, CSSA > >IT Manager, Network Engineer > >RelianceSoft, Inc. > >Fullerton, CA 92835 > >www.reliancesoft.com > > > > > >--- > >[This E-mail was scanned for viruses by Declude Virus > >(http://www.declude.com)] > > > >--- > >This E-mail came from the Declude.JunkMail mailing list. To > >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > >type "unsubscribe Declude.JunkMail". The archives can be found > >at http://www.mail-archive.com. > > > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] DNS server returned server failure for
John, I've been running around in circles chasing this problem. Basically its an error that your DNS server doesn't understand well enough to give the correct code for. The problem then is that Declude misses out on any kind of DNS test opportunity because as Scott explains it, reacting to the failure itself would mean that a genuine failure would cause FPs. I would love a solution. Dan On Tuesday, March 11, 2003 11:06, John Tolmachoff <[EMAIL PROTECTED]> wrote: >What is the best way to diagnose/investigate these: > >03/11/2003 11:04:05 Q33230c6100e83de9 WARNING: DNS server 67.94.227.35 >returned a SERVER FAILURE error for MX or A for > >John Tolmachoff MCSE, CSSA >IT Manager, Network Engineer >RelianceSoft, Inc. >Fullerton, CA 92835 >www.reliancesoft.com > > >--- >[This E-mail was scanned for viruses by Declude Virus >(http://www.declude.com)] > >--- >This E-mail came from the Declude.JunkMail mailing list. To >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >type "unsubscribe Declude.JunkMail". The archives can be found >at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.