You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by a....@ldexgroup.co.uk on 2016/01/04 11:40:23 UTC
RDNS_NONE always being triggered
Hi,
I'm using Spamassassin 3.4.1 on FreeBSD 9.3, called via a pipe from
Exim. Today I created a meta rule to give additional points to FREEMAIL
where also there is no RDNS. What I've noticed is that many emails are
triggering RDNS_NONE when I don't think they should. DNS lookups are
working normally on the host server.
Here is the header from a sample I sent from Yahoo webmail:
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on
mx0.ldex.co.uk
X-Spam-Level: ***
X-Spam-Status: No, score=3.3 required=5.0 tests=BAYES_20,
FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,FREEMAIL_NORDNS,
FREEMAIL_REPLYTO_END_DIGIT,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H2,
RDNS_NONE autolearn=no autolearn_force=no version=3.4.1
Received: from [98.138.229.47] (port=49947
helo=nm31-vm7.bullet.mail.ne1.yahoo.com)
by mx0.ldex.co.uk with esmtps (Exim 4.86; FreeBSD;
TLSv1:RC4-SHA:128)
envelope-from smithacs99-9 at yahoo.co.uk
envelope-to a.smith at ldexgroup.co.uk
id 1aG2l0-000H3E-5O; Mon, 04 Jan 2016 10:52:58 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.co.uk;
s=s2048; t=1451904781; bh=ymt+hiijroygXfLWWaa7Na6ZpWmHmnAPJBYOj95L728=;
h=Date:From:Reply-To:To:Subject:References:From:Subject;
b=uHu+ErCJz+GJMm7uXkp654a16FdZgN2LOPzHDZc0epf/3OLIbr7T4V+Cj3dq7m6PrOTrWqzElwpZIk23RiRYWCRiTRqsNaPkZZlbm4304KejMFtYlByzhpNwsIzqsgZjYJTFJQEONnxtnGmcdgcqTMuCF7yECp+7Tch6GWjyg4e3uLrqEcmPOI04qSM3HAI9zFS692RPESBiaS2OrWjXksVYrHh4owP6mNp9B0+gXCeEdktJbtO1RauzaQrtPlDaVFeqnoPviEOZeqflZmYGFVECu5LFAL/ssuOHK+ZblnaREQqX0Rs6CG5IwOu0m8mVGsWgVlIbV66EZb9lhNBcUA==
Received: from [127.0.0.1] by nm31.bullet.mail.ne1.yahoo.com with NNFMP;
04 Jan 2016 10:53:01 -0000
Received: from [98.138.100.112] by nm31.bullet.mail.ne1.yahoo.com with
NNFMP; 04 Jan 2016 10:50:05 -0000
Received: from [212.82.98.51] by tm103.bullet.mail.ne1.yahoo.com with
NNFMP; 04 Jan 2016 10:50:05 -0000
Received: from [212.82.98.97] by tm4.bullet.mail.ir2.yahoo.com with
NNFMP; 04 Jan 2016 10:50:05 -0000
Received: from [127.0.0.1] by omp1034.mail.ir2.yahoo.com with NNFMP; 04
Jan 2016 10:50:05 -0000
X-Yahoo-Newman-Property: ymail-4
X-Yahoo-Newman-Id: 458845.8640.bm@omp1034.mail.ir2.yahoo.com
X-YMail-OSG:
E532nb8VM1kuGdNbXrO1mJ0SAzE4q8uo1Lukth0Oa3aA1qIIv0xC2yizI0YcBuE
EtOhtZaC2qlek5XbEL1zIvmGFdFh1ulVa1i3Y_jpLYHtBu4VBoCzFJipWgggAHGh3GzFu7F.MRp.
RwP_vkFEYW8_ku9C_Zi_IcA6cYSHbto2ANs2h2t9wTfb3kFQ5MMq3rXAMMfAZHAqCalp_hJD45Xu
8Mc2vi.X.AlYiprxQ4hNrfbKM5KmL.FU3IYo5aQhaPo7l.q3uilngZ8Lo3xkD6PRtS9PrnXn33tV
ZCRrZZ_lw7ceYd0mzeFe3pi8MfLK_L5QGi65WmPRBtPo8lE6cupVI1fch4fA1rTZ2hhlU2n22r0y
.yGjd2KbxLKJFLbVzz0kN8DKmUBU5hVWY3U4gC_ubNJBFPjRfBosPeISgsQpV7A1Slv49SYWgId1
_OFz1h_rIFQSenGakPUzVt3lYhzixUBo6zRWjpyq8nQF6fA6U1S4tpmd_2HI5gsQKs4ZUhIhrsIR
SXlFZ.gW7iWWqIEvpj0CBvjs-
Received: by 217.12.9.10; Mon, 04 Jan 2016 10:50:04 +0000
Can anyone help me out? I'd have thought the rule should just check
98.138.229.47 and trigger if there is no PTR but that doesn't seem to be
the case,
thanks in advance, Andy.
Re: RDNS_NONE always being triggered
Posted by a....@ldexgroup.co.uk.
On 2016-01-04 14:31, Kevin A. McGrail wrote:
> I'm guessing this might be the trick you need: https://www.ssisg.com/galaxy/knowledgebase.php?action=displayarticle&id=24
Thanks Kevin, I'd taken a look at this already but I'd misunderstood
the original reply, I thought I was looking for something that would add
an additional header with some info about having a valid PTR.
Now scoring correctly for these emails!
thanks both! Andy.
Re: RDNS_NONE always being triggered
Posted by "Kevin A. McGrail" <KM...@PCCC.com>.
On 1/4/2016 7:53 AM, a.smith@ldexgroup.co.uk wrote:
>
> On Jan 4, 2016, 3:42 AM, rwmaillists at googlemail wrote:
>
>>
>> No look-up is done. RDNS_NONE tests whether rdns is recorded in the
>> received header. You need either to turn it on or turn the rule off.
>>
> Hi, Thanks for the reply. Ok so I assume you mean its a header that
> has to haven been put in the mail by the receiving MTA (ie my Exim
> server)? Would you mind elaborating, I've googled for RDNS header but
> haven't worked out what exactly you are referring to.
>
I'm guessing this might be the trick you need:
https://www.ssisg.com/galaxy/knowledgebase.php?action=displayarticle&id=24
Re: RDNS_NONE always being triggered
Posted by Richard Doyle <li...@islandnetworks.com>.
On 01/04/2016 05:46 AM, Reindl Harald wrote:
>
>
> Am 04.01.2016 um 13:53 schrieb a.smith@ldexgroup.co.uk:
>> On Jan 4, 2016, 3:42 AM, rwmaillists at googlemail wrote:
>>>
>>> No look-up is done. RDNS_NONE tests whether rdns is recorded in the
>>> received header. You need either to turn it on or turn the rule off.
>>>
>> Hi, Thanks for the reply. Ok so I assume you mean its a header that has
>> to haven been put in the mail by the receiving MTA (ie my Exim server)?
>> Would you mind elaborating, I've googled for RDNS header but haven't
>> worked out what exactly you are referring to.
>
> Postfix does the right thing by default
>
> Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
> by mail-gw.thelounge.net (THELOUNGE GATEWAY) with SMTP id 3pYyM21T4fz28
> for <h....@thelounge.net>; Mon, 4 Jan 2016 14:23:10 +0100 (CET)
> _______________________________
>
> this sounds like Exim has unuseable defaults for SA
>
> https://www.ssisg.com/galaxy/knowledgebase.php?action=displayarticle&id=24
>
>
> To enable reverse DNS lookups in Exim, you would edit your exim
> configuration file (usually /etc/exim.conf) and add the following
> towards the top of the file:
>
> host_lookup = 0.0.0.0/0
>
Exim's default configuration file contains:
host_lookup = *
Re: RDNS_NONE always being triggered
Posted by Reindl Harald <h....@thelounge.net>.
Am 04.01.2016 um 13:53 schrieb a.smith@ldexgroup.co.uk:
> On Jan 4, 2016, 3:42 AM, rwmaillists at googlemail wrote:
>>
>> No look-up is done. RDNS_NONE tests whether rdns is recorded in the
>> received header. You need either to turn it on or turn the rule off.
>>
> Hi, Thanks for the reply. Ok so I assume you mean its a header that has
> to haven been put in the mail by the receiving MTA (ie my Exim server)?
> Would you mind elaborating, I've googled for RDNS header but haven't
> worked out what exactly you are referring to.
Postfix does the right thing by default
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
by mail-gw.thelounge.net (THELOUNGE GATEWAY) with SMTP id 3pYyM21T4fz28
for <h....@thelounge.net>; Mon, 4 Jan 2016 14:23:10 +0100 (CET)
_______________________________
this sounds like Exim has unuseable defaults for SA
https://www.ssisg.com/galaxy/knowledgebase.php?action=displayarticle&id=24
To enable reverse DNS lookups in Exim, you would edit your exim
configuration file (usually /etc/exim.conf) and add the following
towards the top of the file:
host_lookup = 0.0.0.0/0
Re: what is triggering NO_DNS_FOR_FROM
Posted by Andy Smith <a....@ldexgroup.co.uk>.
Thanks all who replied to my question, sorry for the late reply.
It seems this was a temporary error on the senders DNS servers (I assume
as I've only seen this issue on their email). Rerunning spamassassin on
the same message now doesn't trigger NO_DNS_FOR_FROM.
Thanks Matus, yes I know the MX isn't the same as the senders IP, in
Exim if the sending IP PTR doesn't match a subsequent lookup of the
returned FQDN in the PTR then Exim marks the mail as being sent from a
server without rDNS (even though a PTR exists) and therefore triggers
RDNS_NONE in spamassassin. Not sure if this behaviour is typical in
other SMTP servers.
Thanks also RW for the tips about "-D" and envelope_sender_header
documentation. Noted for future reference!
many thanks, Andy.
Re: what is triggering NO_DNS_FOR_FROM
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
>On Mon, 2017-03-13 at 17:49 +0100, Andy Smith wrote:
>> I can see that the domain in question does have A and MX records,
>> possibly issues are that the A record doesn't match the PTR for the
>> IP returned by the A record and that one of the MX records doesn't
>> have a PTR. I'd be keen to know if one or both of these are the
>> issue, and what the situation WRT RFCs on email DNS says about what
>> are required for proper operation of email.
Martin,
On 13.03.17 18:08, Martin Gregorie wrote:
>Does the domain have a PTR record for every A record and, by extension,
>for every MX record? You should be able to check this with 'dig' or
>simply use 'host' to verify that the relevant reverse lookups work OK.
no, he shoult not check that for any MX records.
No sane software does resolve MX and A/AAAA records to check their PTRs.
There's no sane reason one should have reverse DNS records on incoming mail
servers.
SA does not (and should not) do that.
PTR records (and matching A records) are required for outgoing mail, that's
all.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
A day without sunshine is like, night.
Re: what is triggering NO_DNS_FOR_FROM
Posted by Martin Gregorie <ma...@gregorie.org>.
On Mon, 2017-03-13 at 17:49 +0100, Andy Smith wrote:
> I can see that the domain in question does have A and MX records,
> possibly issues are that the A record doesn't match the PTR for the
> IP returned by the A record and that one of the MX records doesn't
> have a PTR. I'd be keen to know if one or both of these are the
> issue, and what the situation WRT RFCs on email DNS says about what
> are required for proper operation of email.�
>
Does the domain have a PTR record for every A record and, by extension,
for every MX record? You should be able to check this with 'dig' or
simply use 'host' to verify that the relevant reverse lookups work OK.
Is the domain's SPF record valid and configured properly? I use this
site for checking SPF records:�
http://www.kitterman.com/spf/validate.html
Martin
Re: what is triggering NO_DNS_FOR_FROM
Posted by David Jones <dj...@ena.com>.
>From: Andy Smith <a....@ldexgroup.co.uk>
>Sent: Monday, March 13, 2017 11:49 AM
>To: users@spamassassin.apache.org
>Subject: what is triggering NO_DNS_FOR_FROM
>Hi all,
> I have a some genuine emails getting marked with NO_DNS_FOR_FROM from one particular domain and I'd like to know exactly why. I've had a dig in the >Spamassasin Dns.pm but I can't work out exactly what process_dnsbl_result is doing. What exactly does it check WRT MX and A records?
>I can see that the domain in question does have A and MX records, possibly issues are that the A record doesn't match the PTR for the IP returned by the A record >and that one of the MX records doesn't have a PTR. I'd be keen to know if one or both of these are the issue, and what the situation WRT RFCs on email DNS says >about what are required for proper operation of email.
>I've already had to ask the owners of the domain to correct an issue where their sending server's A record didn't match the PTR and was triggering the RDNS_NONE >rule (as detected by Exim), so if I'm going to convince them to do more modifications I'd prefer to know what I was talking about,
>thanks, Andy.
I have never seen this rule in SA because I reject these senders at the postfix MTA level
before SA. I recommend doing this at the MTA level so the senders get a good bounce
message that they can Google themselves and hopefully figure out their own problem
before having to contact you.
# grep NO_DNS_FOR_FROM /var/lib/spamassassin/3.004001/updates_spamassassin_org/*
20_net_tests.cf:header NO_DNS_FOR_FROM eval:check_dns_sender()
20_net_tests.cf:describe NO_DNS_FOR_FROM Envelope sender has no MX or A DNS records
Dave
Re: what is triggering NO_DNS_FOR_FROM
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
On 13.03.17 17:49, Andy Smith wrote:
>I can see that the domain in question does have A and MX records,
>possibly issues are that the A record doesn't match the PTR for the IP
>returned by the A record and that one of the MX records doesn't have a
>PTR. I'd be keen to know if one or both of these are the issue, and what
>the situation WRT RFCs on email DNS says about what are required for
>proper operation of email.
This has never been an issue, and you should never expect that to match.
There's no point in checking those.
Please, do not advise enyone ever to check for this combination (1).
What is supposed to match:
sending IP => PTR => A/AAAA => sending IP
MX => A/AAAA => IP (public aka no private ranges)
See? no reverse checks in the latter case.
You would be surprised that companies like google, aol, yahoo (at the time I
last checked, and I did this multiple times, see (1)) don't have rDNS for
those - that's because there's no requirement (and no sane reason) for that.
>I've already had to ask the owners of the domain to correct an issue
>where their sending server's A record didn't match the PTR and was
>triggering the RDNS_NONE rule (as detected by Exim), so if I'm going to
>convince them to do more modifications I'd prefer to know what I was
>talking about,
The sending IP is NOT the MX record - those are two separate things.
Yes, it may be the same server, but the PTR is checked on incoming mail, and
_never_ on the MX->A record.
Simply - don't mix those, you'll lose focus on the real issue.
(1)
In the past I got customer complaints about them being rejected because
"their MX records pointing to A's that didn't matchtheir PTRs". This never
turned out to be true - they were blacklisted, they were refused because
their HELO string was nonexistent, or they just made complaint without any
real problem.
Once the admin wasn't even able to translate clear error message from
english, nor search for the error message on the net...
Simply, don't do that.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows 2000: 640 MB ought to be enough for anybody
Re: what is triggering NO_DNS_FOR_FROM
Posted by RW <rw...@googlemail.com>.
On Mon, 13 Mar 2017 17:49:47 +0100
Andy Smith wrote:
> Hi all,
>
> I have a some genuine emails getting marked with NO_DNS_FOR_FROM
> from one particular domain and I'd like to know exactly why. I've had
> a dig in the Spamassasin Dns.pm but I can't work out exactly what
> process_dnsbl_result is doing. What exactly does it check WRT MX and A
> records?
It does what it says it does, it checks if the envelope sender
address has neither an MX nor A record.
One complication is that SA has to work out what the envelope sender
address is, see "envelope_sender_header" in the configuration
documentation.
If you have a copy of the email that failed on NO_DNS_FOR_FROM, run it
through SA and see if the problem is reproducible. If it is run it
through spamassassin -D and search for NO_DNS_FOR_FROM to see what
address is being used.
Re: what is triggering NO_DNS_FOR_FROM
Posted by David Jones <dj...@ena.com>.
>From: Reindl Harald <h....@thelounge.net>
>Sent: Monday, March 13, 2017 12:11 PM
>To: Andy Smith; users@spamassassin.apache.org; David Jones
>Subject: Re: what is triggering NO_DNS_FOR_FROM
>it's also about the FROM-HEADER and not about envelopes alone and hence
>i doubt "because I reject these senders at the postfix MTA level
>before SA"
The rule description says "Envelope sender" which is what I was going by:
20_net_tests.cf:header NO_DNS_FOR_FROM eval:check_dns_sender()
20_net_tests.cf:describe NO_DNS_FOR_FROM Envelope sender has no MX or A DNS records
I do block the envelope-from domain in postfix if it can't be resolved
therefore I don't see any hits on that rule.
http://www.postfix.org/postconf.5.html#reject_unknown_sender_domain
Dave
what is triggering NO_DNS_FOR_FROM
Posted by Andy Smith <a....@ldexgroup.co.uk>.
Hi all,
I have a some genuine emails getting marked with NO_DNS_FOR_FROM from
one particular domain and I'd like to know exactly why. I've had a dig
in the Spamassasin Dns.pm but I can't work out exactly what
process_dnsbl_result is doing. What exactly does it check WRT MX and A
records?
I can see that the domain in question does have A and MX records,
possibly issues are that the A record doesn't match the PTR for the IP
returned by the A record and that one of the MX records doesn't have a
PTR. I'd be keen to know if one or both of these are the issue, and what
the situation WRT RFCs on email DNS says about what are required for
proper operation of email.
I've already had to ask the owners of the domain to correct an issue
where their sending server's A record didn't match the PTR and was
triggering the RDNS_NONE rule (as detected by Exim), so if I'm going to
convince them to do more modifications I'd prefer to know what I was
talking about,
thanks, Andy.
Re: RDNS_NONE always being triggered
Posted by a....@ldexgroup.co.uk.
On Jan 4, 2016, 3:42 AM, rwmaillists at googlemail wrote:
> No look-up is done. RDNS_NONE tests whether rdns is recorded in the
> received header. You need either to turn it on or turn the rule off.
Hi, Thanks for the reply. Ok so I assume you mean its a header that has
to haven been put in the mail by the receiving MTA (ie my Exim server)?
Would you mind elaborating, I've googled for RDNS header but haven't
worked out what exactly you are referring to.
thanks again, Andy.
Re: RDNS_NONE always being triggered
Posted by RW <rw...@googlemail.com>.
On Mon, 04 Jan 2016 11:40:23 +0100
a.smith@ldexgroup.co.uk wrote:
>
>
> Hi,
>
> I'm using Spamassassin 3.4.1 on FreeBSD 9.3, called via a pipe from
> Exim. Today I created a meta rule to give additional points to
> FREEMAIL where also there is no RDNS. What I've noticed is that many
> emails are triggering RDNS_NONE when I don't think they should. DNS
> lookups are working normally on the host server.
>
> ...
> Can anyone help me out? I'd have thought the rule should just check
> 98.138.229.47 and trigger if there is no PTR but that doesn't seem to
> be the case,
No look-up is done. RDNS_NONE tests whether rdns is recorded in the
received header. You need either to turn it on or turn the rule off.