You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Matthew Yette <my...@mvnhealth.com> on 2007/07/12 15:31:59 UTC

RDNS_NONE and Qmail?

Hey all,
 
This might end up being a qmail issue, but since the problem manifests itself in SA I figured I'd start here.
 
I'm currently running qmail 1.03, SA 3.20 with qmail-scanner 1.25st. Every single piece of mail that runs through the system gets hit with RDNS_NONE, which adds 0.1 points to the score. Not a major deal - and if there isn't a fix, it wouldn't be a problem - but I figured I'd try to make things perfect if possible. :)
 
I read somewhere that if SA has trouble parsing header information, it won't correctly pick up the RDNS name and therefore, fire that rule. I have included a header from an email I received on said server below for reference.
 
Thanks,
 
Matt
 
Email Header:

Received: (qmail 8261 invoked by uid 511); 12 Jul 2007 12:53:36 -0000
Received: from 204.202.242.57 by HOSTNAME (envelope-from <>, uid 509) with qmail-scanner-1.25st 
     (clamdscan: 0.90.2/3302. spamassassin: 3.2.0. perlscan: 1.25st. 
     Clear:RC:0(204.202.242.57):SA:1(4.1/4.0):. 
     Processed in 1.349677 secs); 12 Jul 2007 12:53:36 -0000
X-Spam-Status: Yes, hits=4.1 required=4.0
X-Spam-Level: ++++
X-Spam-Report: SA TESTS
     0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS
     2.1 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO
     0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
     [score: 0.5000]
     2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
     [Blocked - see <http://www.spamcop.net/bl.shtml?128.242.54.236>]
Received: from unknown (HELO mail19h.g19.rapidsite.net) (204.202.242.57)
     by 0 with SMTP; 12 Jul 2007 12:53:34 -0000
Received: from 128.242.54.236 (128.242.54.236)
     by mail19h.g19.rapidsite.net (RS ver 1.0.95vs) with SMTP id 1-12668214806
     for <edited out> Thu, 12 Jul 2007 08:53:33 -0400 (EDT)
 
 
 
 
Matt Yette
Network Analyst I
Faxton St. Lukes Healthcare
315-624-5843
myette@mvnhealth.com

<¤#/srv/gw/mvndom/wptemp/43ccc243.qm8

Re: RDNS_NONE and Qmail?

Posted by Jari Fredriksson <ja...@iki.fi>.



Well, there is no rDNS seen from either the 128.242.54.236 nor mail19h.g19.rapidsite.net (while is does have a valid rDNS your headers say "unknown" for some reason.

If mail19h.g19.rapidsite.net belongs to your ISP and is configured as "Trusted" then the SA message seems correct. But if mail19h.g19.rapidsite.net is not "Trusted", its missing rDNS is a valid concern (maybe it is a concern in any case).

Question is: why your QMail does not get mail19h.g19.rapidsite.net's rDNS and add it to the header?

Re: RDNS_NONE and Qmail?

Posted by Jason Haar <Ja...@trimble.co.nz>.

Matthew Yette wrote:
> I'm currently running qmail 1.03, SA 3.20 with qmail-scanner 1.25st.
> Every single piece of mail that runs through the system gets hit with
> RDNS_NONE, which adds 0.1 points to the score. Not a major deal - and
> if there isn't a fix, it wouldn't be a problem - but I figured I'd try
> to make things perfect if possible. :)
>  
There was a change in SA around 3.2.1 whereby it no longer relies on its
own code to do PTR lookups (rDNS) of the MTAs showing in the Received:
headers. Instead it relies on the local MTA to have done it and written
it into the header field.

By default Qmail doesn't do rDNS lookups (performance reasons), so you
need to change tcpserver to do them - which then makes SA happy again.

i.e. you want "tcpserver -h" instead of "tcpserver -H"


-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1