Gents. I have also been troubleshooting a couple of legitimate hosts that are being blocked.
Just to clarify my process can I test the following with the group? Scenario A I think this is a valid denied. LOG section: Jan 28 12:01:35 flobix spamdyke[1841]: FILTER_RDNS_RESOLVE ip: 164.177.131.207 rdns: 398878-prod-batch01.oyster.tfl.gov.uk Jan 28 12:01:35 flobix spamdyke[1841]: DENIED_RDNS_RESOLVE from: autorespo...@tfl.gov.uk to: xxxremove...@freeman.me.uk origin_ip: 164.177.131.207 origin_rdns: 398878-prod-batch01.oyster.tfl.gov.uk auth: (unknown) encryption: (none) reason: (empty) Here are the results of the test done manually; Reverse test >nslookup 164.177.131.207 RESULT 207.131.177.164.in-addr.arpa name = 398878-prod-batch01.Oyster.tfl.gov.uk. OKAY Forward test >nslookup 398878-prod-batch01.Oyster.tfl.gov.uk RESULT ** server can't find >398878-prod-batch01.Oyster.tfl.gov.uk: NXDOMAIN FAILED So I assume the denied was the follup forward after reverse? (I have email tfl and rackspace about their missing a records) I have temporarily whitelisted the server to receive this mail.... Scenario B I think this is a false positive. Log Section: Jan 28 21:46:05 flobix spamdyke[8024]: DENIED_RDNS_MISSING from: www-d...@lastpass.com to: xxxremove...@freeman.me.uk origin_ip: 38.127.167.2 origin_rdns: (unknown) auth: (unknown) encryption: (none) reason: (empty) Results of manual testing; >nslookup 38.127.167.2 RESULT Non-authoritative answer: 2.167.127.38.in-addr.arpa canonical name = 38.127.167.2.LastPass.com. 38.127.167.2.LastPass.com name = rodan.LastPass.com. >nslookup rodan.LastPass.com RESULT Non-authoritative answer: Name: rodan.LastPass.com Address: 38.127.167.2 Now this dies resolve but to a cname record but that is quite common these days for telplate based dns services and might also be the case if you have a load balance mail server setup that has 2 nodes but uses a cnmae of mail.blablabla.com So why is this failing? My Config: filter-level=normal greeting-delay-secs=2 max-recipients=5 reject-empty-rdns reject-ip-in-cc-rdns reject-sender=no-mx reject-unresolvable-rdns dns-level=normal log-level=verbose #config-dir=/etc/spamdyke.d idle-timeout-secs=120 reject-recipient=same-as-sender ip-blacklist-file=/etc/spamdyke/blacklist_ip recipient-blacklist-file=/etc/spamdyke/recipient_blacklist sender-blacklist-file=/etc/spamdyke/sender_blacklist ip-in-rdns-keyword-blacklist-entry=dynamic ip-whitelist-entry=80.177.27.115 ip-whitelist-entry=83.244.151.218 ip-whitelist-file=/etc/spamdyke/whitelist_ip dns-blacklist-entry=zen.spamhaus.org dns-blacklist-entry=bl.spamcop.net qmail-rcpthosts-file=/var/qmail/control/rcpthosts dns-max-retries-primary=5 ip-relay-entry=80.177.27.115 p.s. I have a new addition of tailling the maillog, is this normal, will it pass? :) Regards Lawrence
_______________________________________________ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
