Reverse DNS spam check never failing
Problem reported by Antony - March 24, 2014 at 8:59 AM
Submitted
Running Smartermail Enterprise 12.0.5178 on Windows 2008 32bit
 
We have the ReverseDNS spam check set up to return a score of 10 if it fails.  However, it doesn't appear to be ever failing.
 
As an example see the following (truncated) headers from an email:
Return-Path: <xxxx@xxxx.eu>
Received: from 00148bbc.xxxxx.eu (UnknownHost [nnn.nnn.nnn.nnn]) by smartermail with SMTP;
   Sat, 22 Mar 2014 01:03:04 +0000
Received: by 00148bbc.hefty1b.xxxx.eu
    (amavisd-new, port 7243) with ESMTP id 00X148BOBC;
    for <abc@example.com>; Fri, 21 Mar 2014 18:02:34 -0700
...
X-SmarterMail-Spam: SPF_Pass, Bayesian Filtering, DK_None, DKIM_None
X-SmarterMail-TotalSpamWeight: 3
 
From the logs:
Spam check results: [_SPF: Pass], [BARRACUDA - BRBL: passed], [CBL - ABUSE SEAT - DO NOT CHECK OUTGOING: passed], [HOSTKARMA - BLACKLIST: passed], [HOSTKARMA - BROWNLIST: passed], [HOSTKARMA - YELLOWLIST: passed], [SORBS - ABUSE: passed], [SORBS - DYNAMIC IP: passed], [SORBS - PROXY: passed], [SORBS - SMTP: passed], [SORBS - SOCKS: passed], [SPAMHAUS - CBL: passed], [SPAMHAUS - CSS: passed], [SPAMHAUS - PBL: passed], [SPAMHAUS - PBL2: passed], [SPAMHAUS - SBL: passed], [UCEPROTECT LEVEL 1: passed], [UCEPROTECT LEVEL 2: passed], [UCEPROTECT LEVEL 3: passed], [VIRUS RBL - MSRBL: passed], [_REVERSEDNSLOOKUP: passed], [_BAYESIANFILTERING: failed], [_DK: None], [_DKIM: None], [HOSTKARMA - WHITELIST: passed], [SURBL - ABUSE BUSTER: passed], [SURBL - JWSPAMSPY: passed], [SURBL - MALWARE: passed], [SURBL - PHISHING: passed], [SURBL - SPAMASSASSIN: passed], [SURBL - SPAMCOP: passed], [URIBL - BLACK: passed], [URIBL - GREY: passed], [URIBL - MULTI: passed], [URIBL - RED: passed]
 
When a I do a manual PTR lookup against the two dns servers in the Smartermail setup it times out, as it does when I try a number of other servers.
 
So this should have resulted in a [_REVERSEDNSLOOKUP: failed] 
 
Any ideas why this is not occurring?
 
TIA
Antony

9 Replies

Reply to Thread
0
Scarab Replied
Time-outs are considered a soft-fail, rather than a hard-fail. If it cannot query an antispam test, such as rDNS, it will consider it the same as a "passed", erring on the side of caution, because it doesn't know if it is a pass or fail. It will only provide a "fail" if it is able to complete the test and has a definitive result.
0
Steve Reid Replied
Are you running your own DNS server for Smartermail?
0
Andrew Stein Replied
I have an ongoing ticket open with SM on this same issue. I'll update you if we find anything relevant.
0
Antony Replied
Yes both servers setup in SM are our own.
0
Mark Lowe Replied
I am wondering if this actually works properly - so i looked at a piece of spam we received - it got sent from IP address 160.20.13.211.  So when I look at the logs it says REVERSE DNS = PASS, but if I go to MXToolbox it says there is no reverse PTR record and so should be a FAIL?
0
Von-Austin See Replied
Employee Post
Mark,

From your server, open a cmd window and try the following

NSlookup
Set type=ptr
160.20.13.211

Do you receive a result immediately, or does it take several seconds to pull the PTR record ?
Von See
Technical Support Supervisor
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Mark Lowe Replied
it comes back immediately with non-existent domain
0
Von-Austin See Replied
Employee Post
Mark, I would recommend opening a ticket with our support department so that we may look into this further. Based on the nSlookup test, this absolutely should have failed.
Von See
Technical Support Supervisor
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
1
kevind Replied
Mark, we had the same problem earlier this year running 14.x, but haven't seen it occur much lately. See: https://portal.smartertools.com/community/a87411/message-with-no-ptr-makes-it-through.aspx
 
It's interesting that you found "Reverse DNS = Pass" in the logs. I wonder if that's been added recently as we didn't see it in our SMTP logs at the time.
 
Kevin

Reply to Thread