Reverse DNS anti-spam weight not being added to total spam score
Problem reported by Ben Conner - August 27, 2014 at 7:30 PM
Submitted
Hi,
 
On the current Enterprise version of SM, I'm seeing IP addresses with no reverse dns not having their score added to the total score weight.  Example:
 
I have my Reverse DNS score set to 30 and enabled. 
 
From today's SMTP and Delivery log files:
 
[2014.08.27] 10:22:16 [107.150.8.3][9243328] rsp: 220 mail.webworldinc.com
[2014.08.27] 10:22:16 [107.150.8.3][9243328] connected at 8/27/2014 10:22:16 AM
[2014.08.27] 10:22:16 [107.150.8.3][9243328] cmd: EHLO powerless.tk
[2014.08.27] 10:22:16 [107.150.8.3][9243328] rsp: 250-mail.webworldinc.com Hello [107.150.8.3]250-SIZE 104857600250-AUTH LOGIN CRAM-MD5250-STARTTLS250 OK
[2014.08.27] 10:22:16 [107.150.8.3][9243328] cmd: MAIL FROM:<newz@powerless.tk>
[2014.08.27] 10:22:22 [107.150.8.3][9243328] rsp: 250 OK <newz@powerless.tk> Sender ok
[2014.08.27] 10:22:22 [107.150.8.3][9243328] cmd: RCPT TO:<mlk@webworldinc.com>
[2014.08.27] 10:22:27 [107.150.8.3][9243328] rsp: 250 OK <mlk@webworldinc.com> Recipient ok
[2014.08.27] 10:22:27 [107.150.8.3][9243328] cmd: DATA
[2014.08.27] 10:22:31 [107.150.8.3][9243328] rsp: 354 Start mail input; end with <CRLF>.<CRLF>
[2014.08.27] 10:22:31 [107.150.8.3][9243328] rsp: 250 OK
[2014.08.27] 10:22:31 [107.150.8.3][9243328] Data transfer succeeded, writing mail to 43301569.eml
[2014.08.27] 10:22:32 [107.150.8.3][9243328] cmd: MAIL FROM:<newz@powerless.tk>
[2014.08.27] 10:22:36 [107.150.8.3][9243328] rsp: 250 OK <newz@powerless.tk> Sender ok
[2014.08.27] 10:22:36 [107.150.8.3][9243328] cmd: RCPT TO:<ben@webworldinc.com>
[2014.08.27] 10:22:41 [107.150.8.3][9243328] rsp: 250 OK <ben@webworldinc.com> Recipient ok
[2014.08.27] 10:22:41 [107.150.8.3][9243328] cmd: DATA
[2014.08.27] 10:22:46 [107.150.8.3][9243328] rsp: 354 Start mail input; end with <CRLF>.<CRLF>
[2014.08.27] 10:22:46 [107.150.8.3][9243328] rsp: 250 OK
[2014.08.27] 10:22:46 [107.150.8.3][9243328] Data transfer succeeded, writing mail to 43301571.eml
[2014.08.27] 10:22:46 [107.150.8.3][9243328] cmd: QUIT
[2014.08.27] 10:22:46 [107.150.8.3][9243328] rsp: 221 Service closing transmission channel
[2014.08.27] 10:22:46 [107.150.8.3][9243328] disconnected at 8/27/2014 10:22:46 AM
Delivery log:
[2014.08.27] 10:22:42 [01571] Delivery started for newz@powerless.tk at 10:22:42 AM
[2014.08.27] 10:22:59 [01571] Spam check results: [_SPF: Pass], [BARRACUDA -BRBL: passed], [SORBS - DYNAMIC IP: passed], [SPAMCOP: passed], [SPAMHAUS - ZEN: passed], [_REVERSEDNSLOOKUP: passed], [_BAYESIANFILTERING: passed], [_INTERNALSPAMASSASSIN: 0:0], [_DK: None], [_DKIM: None], [_CUSTOMRULES: ], [SPAMHAUS - DBL: passed]
[2014.08.27] 10:23:00 [01571] Starting local delivery to ben@webworldinc.com
[2014.08.27] 10:23:00 [01571] Delivery for newz@powerless.tk to ben@webworldinc.com has completed (Delivered) Filter: None
[2014.08.27] 10:23:00 [01571] End delivery to ben@webworldinc.com
[2014.08.27] 10:23:00 [01571] Delivery finished for newz@powerless.tk at 10:23:00 AM    [id:43301571]
 
And when the message was delivered, the headers reflected:
 
From - Wed Aug 27 10:31:18 2014
X-Account-Key: account1
X-UIDL: sm_00029BE6_282e18b847194d3a976d8306103a8d29
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:                                                                                 
Return-Path: <newz@powerless.tk>
Received: from powerless.tk (UnknownHost [107.150.8.3]) by mail.webworldinc.com with SMTP;
   Wed, 27 Aug 2014 10:22:46 -0700
To: ben@webworldinc.com
Subject: Why you need a new walk-in tub
Message-ID: <96a2874520528d97072b82b78bc69a8f@cost.cf>
Return-Path: newz@powerless.tk
Date: Wed, 27 Aug 2014 11:55:25 -0400
From: "Walk-inTub" <newz@powerless.tk>
Reply-To: newz@powerless.tk
MIME-Version: 1.0
X-Mailer-LID: 94
List-Unsubscribe: <http://cost.cf/unsubscribe.php?M=224865&C=87c386e0e42b67c9c4549a7e7acb7729&L=94&N=382>
X-Mailer-RecptId: 224865
X-Mailer-SID: 382
X-Mailer-Sent-By: 1
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: 8bit
X-SmarterMail-Spam: SPF_Pass, ISpamAssassin 0 [raw: 0], DK_None, DKIM_None, Custom Rules []
X-SmarterMail-TotalSpamWeight: 0
 
I verified this had no reverse dns.  ?
 
--Ben
 

4 Replies

Reply to Thread
0
Hello;
 
Everything looks to be working properly.
 
 
That site shows the domain does indeed have a reverse PTR or rDNS.
0
Hi Steve,
 
The problem with DNS lookups is they are very dynamic.  That said, I just checked again on my own servers as well as outside my network and it did not have rdns defined. 
 
But actually...  that wasn't the question I raised.
 
From the log files posted, the response SM received was no dns, or 'UnknownHost' as it reports it in the log files. And given that, the score I assigned to a failed rdns check (30 in my case) did not get added to the spam score.
 
--Ben
0
Are you running your own dns servers?
0
"Steve, rDNS is IP based, not hostname based. I don't understand how you got a positive rDNS by looking up a hostname at intodns.com. Doing a reverse lookup of 107.150.8.3 shows no ptr record exists, so indeed it would seem that the OP is correct, no rDNS but SmarterMail seems to think there is, based on [_REVERSEDNSLOOKUP: passed] in the logs posted"
 
To clarify this further: rDNS is HOST NAME BASED and must map to a FULLY QUALIFIED DOMAIN NAME.  If no domain name is provided as part of the lookup transaction, then rDNS is subject to FAIL, IE:
 
In computer networking, reverse DNS lookup or reverse DNS resolution (rDNS) is the determination of a domain name that is associated with a given IP address using the Domain Name System (DNS) of the Internet.
 
Computer networks use the Domain Name System to determine the IP address associated with a domain name. This process is also known as forward DNS resolution. Reverse DNS lookup is the inverse process, the resolution of an IP address to its designated domain name.
 
The reverse DNS database of the Internet is rooted in the Address and Routing Parameter Area (arpa) top-level domain of the Internet. IPv4 uses the in-addr.arpa domain and the ip6.arpa domain is delegated for IPv6. The process of reverse resolving an IP address uses the pointer DNS record type (PTR record).
 
Informational RFCs (RFC 1033, and RFC 1912 Section 2.1) specify that "Every Internet-reachable host should have a name"  and that such names match with a reverse pointer record, but it is not a requirement of standards governing operation of the DNS itself.
 
There's plenty of other rDNS to FQDN name supporting information available via Google at: https://www.google.com/?gws_rd=ssl#q=rdns%20lookup
 
Bruce Barnes
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting

Reply to Thread