Spam email by-pass because dkim adsp timeout

Wed, 20 Oct 2021 07:35:20 -0700 

Hi,
some of our users have received spam/phishing email in INBOX. Investigating I found that the cause is the time that spamassassin spent to returna result, 30 seconds in the dkim adsp: 

[...]

Reply-To: [email protected]

From: "MEssage Center -  companyname.it" 
<[email protected]>

To: [email protected]

[...]


Oct 20 16:22:41.142 [27900] dbg: FreeMail: RULE (FREEMAIL_FROM) 
check_freemail_from
Oct 20 16:22:41.142 [27900] dbg: FreeMail: all from-addresses: 
[email protected], [email protected]
Oct 20 16:22:41.142 [27900] dbg: FreeMail: HIT! [email protected] 
is freemail

Oct 20 16:22:41.153 [27900] dbg: dkim: using Mail::DKIM version 0.39

Oct 20 16:22:41.154 [27900] dbg: dkim: performing public key lookup and 
signature verification
Oct 20 16:22:51.155 [27900] dbg: dkim: FAILED DKIM, 
[email protected], d=serverupgrader.xyz, s=default, a=rsa-sha1, 
c=relaxed/relaxed, unknown key size, invalid, does not match author domain
Oct 20 16:22:51.155 [27900] dbg: dkim: signature verification result: 
INVALID (PUBLIC KEY: DNS QUERY TIMEOUT FOR 
DEFAULT._DOMAINKEY.SERVERUPGRADER.XYZ)
Oct 20 16:22:51.155 [27900] dbg: dkim: adsp: performing lookup on 
_adsp._domainkey.mailserverupgrader.xyz


[ NOTE 30 seconds here ]


Oct 20 16:23:11.155 [27900] dbg: dkim: adsp: fetch or parse on domain 
mailserverupgrader.xyz failed: DNS query timeout for mailserverupgrader.xyz
Oct 20 16:23:11.156 [27900] dbg: dkim: signing practices on 
mailserverupgrader.xyz unavailable
Oct 20 16:23:11.156 [27900] dbg: dkim: adsp result: U/unknown (dns: no 
result), author domain 'mailserverupgrader.xyz'
Oct 20 16:23:11.156 [27900] dbg: rules: uri host enlisted 
(SUSP_URI_NTLD): serverupgrader.xyz (xyz)
Oct 20 16:23:11.156 [27900] dbg: rules: ran eval rule PDS_OTHER_BAD_TLD 
======> got hit (1)
Oct 20 16:23:11.157 [27900] dbg: eval: From 2nd level domain: 
mailserverupgrader.xyz, EnvelopeFrom 2nd level domain: gmail.com
Oct 20 16:23:11.157 [27900] dbg: rules: ran eval rule 
HEADER_FROM_DIFFERENT_DOMAINS ======> got hit (1)
Oct 20 16:23:11.157 [27900] dbg: spf: already checked for Received-SPF 
headers, proceeding with DNS based checks
Oct 20 16:23:11.157 [27900] dbg: spf: found Envelope-From in first 
external Received header


Can it be a tactic?

How can I configure this timeout to 5 seconds or similar?

Thanks

--
Alessio Cecchi
Postmaster @ http://www.qboxmail.it
https://www.linkedin.com/in/alessice























					Reply via email to