Hi, I've been getting some complaints from users about mails received being flagged with the HDR_ORDER_FTSDMCXX_NORDNS rule where the sender appears to have correct RDNS. While trying to figure this out I found that it seems like the SpamAssassin version I have doesn't actually do any PTR check, and thus all mails will hit the RDNS_NONE rule.
To verify I've installed a clean version of SpamAssassin 3.4.1 on a VPS running Ubuntu 18.04. I sent myself an email from gmail, who definitely does have correct RDNS, and then ran the source (https://pastebin.com/gE0qauf1) through SpamAssassin with a user_prefs score set for RDNS_NONE The debug info show no RDNS for any relay: Sep 26 07:16:07.890 [21117] dbg: metadata: X-Spam-Relays-Internal: [ ip=10.27.26.11 rdns= helo=mx1.pub.mailpod3-cph3.one.com by=mailstorage0.cst.mailpod3-cph3.one.com ident= envfrom= intl=1 id=SNkcMEAqq1uBjAAAhMrzvA auth= msa=0 ] Sep 26 07:16:07.891 [21117] dbg: metadata: X-Spam-Relays-External: [ ip=209.85.166.170 rdns= helo=mail-it1-f170.google.com by=mx1.pub.mailpod3-cph3.one.com ident= envfrom= intl=0 id=49846d91-c157-11e8-afca-e0d84894a001 auth= msa=0 ] A tcpdump (udp port 53) shows no attempt to do a query for PTR: https://pastebin.com/DDwdW9gu As a reference, if I do a dig -x 209.85.166.170 I get this while doing the same tcpdump: IP 188.166.16.195.54095 > 67.207.67.3.53: 17606+ [1au] PTR? 170.166.85.209.in-addr.arpa. (56) IP 188.166.16.195.48750 > 67.207.67.2.53: 23774+ [1au] PTR? 170.166.85.209.in-addr.arpa. (56) IP 67.207.67.2.53 > 188.166.16.195.48750: 23774 1/0/1 PTR mail-it1-f170.google.com. (94) IP 67.207.67.3.53 > 188.166.16.195.54095: 17606 1/0/1 PTR mail-it1-f170.google.com. (94) And it does hit the RDNS_NONE rule Is anyone else seeing the same, or have I missed something? -- BR/Mvh. Dan Malm, Systems Engineer, One.com
signature.asc
Description: OpenPGP digital signature