nik600 hotmail wrote: > > I'm experiencing a strange problem with RDNS_NONE. > > On the same sender host, sometimes it is marked with RDNS_NONE, and > sometimes not. > > The host has a reverse dns! > > Example: > Received: from dadosoftware.com (dns2.dadosoftware.com [217.199.13.2]) -> > OK > > Received: from dadosoftware.com (unknown [217.199.13.2]) -> FALSE POSITIVE > > But 217.199.13.2 has a reverse dns! > 2.13.199.217.in-addr.arpa. 11894 IN PTR dns2.dadosoftware.com. > > Who decides the presence of RDNS_NONE ? > A real dns check or a parsing of the email headers? > > And, in case of parse who decides to write dns2.dadosoftware.com > [217.199.13.2] instead of unknown [217.199.13.2]? > >
Hello, I'm also experiencing some issues with RDNS_NONE, for example: Return-Path: <[EMAIL PROTECTED]> Delivered-To: [EMAIL PROTECTED] Received: from mail.telcel.com (mail.telcel.com [200.38.208.219]) by server.nekotec.com.mx (Postfix) with ESMTP id 8DE0DE42BD; Wed, 1 Oct 2008 13:10:42 -0500 (CDT) Received: from MXVIBOFICOR04 ([10.203.6.79]) by xiang.telcel.com (Sun Java System Messaging Server 6.2-7.05 (built Sep 5 2006)) with ESMTP id <[EMAIL PROTECTED]>; Wed, 01 Oct 2008 13:08:20 -0500 (CDT) Date: Wed, 01 Oct 2008 13:10:08 -0500 From: sender <[EMAIL PROTECTED]> Subject: =?iso-8859-1?Q?RE:_Reuni=F3n_con_Sergio_Ruelas?= In-reply-to: To: [EMAIL PROTECTED], 'A Person' <[EMAIL PROTECTED]> Cc: ='someone else' <[EMAIL PROTECTED]>, 'Another Person' <[EMAIL PROTECTED]> Reply-to: [EMAIL PROTECTED] Message-id: <[EMAIL PROTECTED]> Organization: Radiomovil DIPSA S.A. DE C.V. MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.3350 X-Mailer: Microsoft Office Outlook 11 Content-type: multipart/related; boundary="Boundary_(ID_qVeDaZ+jbYnMrmKcL4ak9w)" Thread-index: AckjH+1ELYTEgSMgStiE9TLFCGpJTwAER6RgAC/RkyA= X-TM-IMSS-Message-ID: <[EMAIL PROTECTED]> X-TM-AS-Product-Ver: IMSS-7.0.0.6219-5.5.0.1027-16192.001 X-TM-AS-Result: No--29.940-7.0-31-1 X-imss-scan-details: No--29.940-7.0-31-1;No--29.940-7.0-31-1 X-Virus-Scanned: ClamAV version 0.94, clamav-milter version 0.94 on server.nekotec.com.mx X-Virus-Status: Clean X-Spam-Status: No, score=-6.7 required=2.5 tests=BAYES_00,HTML_MESSAGE, RDNS_NONE,SHORT_HELO_AND_INLINE_IMAGE,SNS_FROM_TELCEL,SNS_HAM_KEYWORDS autolearn=ham version=3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on server.nekotec.com.mx The PTR: ; <<>> DiG 9.3.4 <<>> -x 200.38.208.219 ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8556 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3 ;; QUESTION SECTION: ;219.208.38.200.in-addr.arpa. IN PTR ;; ANSWER SECTION: 219.208.38.200.in-addr.arpa. 2797 IN PTR mail.telcel.com. ;; AUTHORITY SECTION: 208.38.200.in-addr.arpa. 2797 IN NS nsmex4.uninet.net.mx. 208.38.200.in-addr.arpa. 2797 IN NS dnsadm-interno.uninet.net.mx. 208.38.200.in-addr.arpa. 2797 IN NS nsmex3.uninet.net.mx. ;; ADDITIONAL SECTION: nsmex3.uninet.net.mx. 97 IN A 200.33.146.211 nsmex4.uninet.net.mx. 157 IN A 200.33.146.217 dnsadm-interno.uninet.net.mx. 157 IN A 200.33.150.193 The fwd record matches: ; <<>> DiG 9.3.4 <<>> mail.telcel.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26651 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;mail.telcel.com. IN A ;; ANSWER SECTION: mail.telcel.com. 11456 IN A 200.38.208.219 ;; AUTHORITY SECTION: telcel.com. 11456 IN NS dns1i.itelcel.com. telcel.com. 11456 IN NS dns01.amigokit.com. I have other hosts that trigger the RDNS_NONE rule as well. They are never enough to classify the message as spam, though. But it's kind of bothersome that SA fires up a false positive for rDNS. I'm really confused as to how SA parses the email to trigger (or not) the RDNS_NONE rule. Dan. -- View this message in context: http://www.nabble.com/problem-with-RDNS_NONE%3A-false-positive-tp19774673p19780402.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.