Print Page | Close Window

DNS errors in Spam isp

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: http://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=7133
Printed Date: 21 November 2017 at 1:31am


Topic: DNS errors in Spam isp
Posted By: jmiglioratti
Subject: DNS errors in Spam isp
Date Posted: 31 March 2016 at 9:24am
I am having lots of email being bounced and some of the messages that get bounced actually get delivered and others do not.

here is the activity log


03/31/16 00:01:18:056 -- (95332368) No Data Received03/31/16 00:01:17:931 -- (95332368) Connection from: 10.241.1.8  -  Originating country : N/A03/31/16 00:01:17:931 -- (95332368) Detected TCP Connection: 10.241.1.8 on port: 2503/31/16 00:00:59:317 -- (95328288) Disconnect03/31/16 00:00:59:317 -- (95328288) SFDB - Added 104.243.68.183 - Response: Error=003/31/16 00:00:59:317 -- (116543888) EMail from VoIP@novastudent.download to wdagostion@wenroch.com was received and quarantined. Size: 2 KB, 2048 bytes03/31/16 00:00:59:302 -- (95328288) Blacklist cache - Added 104.243.68.183 to limbo03/31/16 00:00:59:286 -- (116540768) Time to add Msg to Bayes corpus:003/31/16 00:00:59:239 -- (116543888) Adding to Quarantine file:QrtnFBFCF3CF-D5FC-42FB-90BF-8AA470D70798.tmp03/31/16 00:00:59:239 -- (95328288) Starting bayesian procedures03/31/16 00:00:59:239 -- (95328288) Created thread (116543888) to add email to quarantine03/31/16 00:00:59:239 -- (95328288) Starting quarantine procedures03/31/16 00:00:59:239 -- (95328288) SFDE - Added 1 email hashes - Response: 03/31/16 00:00:59:208 -- (95328288) Hash cache - Added OK03/31/16 00:00:59:192 -- (95328288) Email Subject: **Fortinet-Spam** VoIP Services Could Be Your Solution.03/31/16 00:00:59:192 -- (95328288) From header (VoIP@novastudent.download) matches MAIL FROM (VoIP@novastudent.download)03/31/16 00:00:59:130 -- (95328288) 104.243.68.183 - Mail from: VoIP@novastudent.download To: wdagostion@wenroch.com will be rejected03/31/16 00:00:59:130 -- (95328288) - EmailFrom is in local blacklist file...03/31/16 00:00:59:130 -- (95328288) Received RCPT TO: wdagostion@wenroch.com03/31/16 00:00:59:098 -- (95328288) Received MAIL FROM: VoIP@novastudent.download03/31/16 00:00:59:036 -- (95328288) Connection from: 104.243.68.183  -  Originating country : United States03/31/16 00:00:59:020 -- (95328288) Detected TCP Connection: 104.243.68.183 on port: 2503/31/16 00:00:28:340 -- (46646464) EMail from noreply@workforwendys.com to 448@wenroch.com, ppettinato@wenroch.com ---  was forwarded to 10.241.1.11:25 - Response:250 <E1alTkr-0007jG-Tz@vps.kigwired.com> [InternalId=9819334] Queued mail for delivery --- 03/31/16 00:00:27:761 -- (95310288) Disconnect03/31/16 00:00:27:714 -- (116540768) Time to add Msg to Bayes corpus:003/31/16 00:00:27:652 -- (95310288) Starting bayesian procedures03/31/16 00:00:22:525 -- (46646464) Sending email from noreply@workforwendys.com to 448@wenroch.com, ppettinato@wenroch.com --- 03/31/16 00:00:22:525 -- (95310288) Created thread (46646464) to handle delivery03/31/16 00:00:22:525 -- (95310288) EMail from noreply@workforwendys.com to "448@wenroch.com, ppettinato@wenroch.com" was queued (Indy1ED99123-9BAB-471C-8520-49814068DF1A.~tmp). Size: 15 KB, 16007 bytes03/31/16 00:00:22:525 -- (95310288) Starting queueing procedures03/31/16 00:00:22:494 -- (95310288) - URLs In MAPS search done... 03/31/16 00:00:22:494 -- (95310288) Checking URLs in emails against MAPS03/31/16 00:00:22:494 -- (95310288) Checking SURBL03/31/16 00:00:22:494 -- (95310288) EMail from noreply@workforwendys.com to 448@wenroch.com, ppettinato@wenroch.com passes Bayesian filter - 0% spam  (140ms)03/31/16 00:00:22:291 -- (95310288) Checking SFDE03/31/16 00:00:22:275 -- (95310288) Checking SFDC03/31/16 00:00:22:275 -- (95310288) Email Subject: Job Application from White, Eddie03/31/16 00:00:22:260 -- (95310288) From header (noreply@workforwendys.com) matches MAIL FROM (noreply@workforwendys.com)03/31/16 00:00:22:025 -- (95310288) RCPT TO: ppettinato@wenroch.com accepted03/31/16 00:00:22:025 -- (95310288) Mail from: noreply@workforwendys.com03/31/16 00:00:22:025 -- (95310288) Received RCPT TO: ppettinato@wenroch.com03/31/16 00:00:21:963 -- (95310288) RCPT TO: 448@wenroch.com accepted03/31/16 00:00:21:963 -- (95310288) - MAPS search done... 03/31/16 00:00:21:650 -- (95310288) DNS Server will rotate after query. New server will be 216.136.95.203/31/16 00:00:21:650 -- (95310288) DNS Error:TimedOut03/31/16 00:00:18:790 -- (46985376) IPcache Limbo - removed 1 entries during cleanup03/31/16 00:00:18:681 -- (46985376) Blacklist cache - starting cleanup03/31/16 00:00:17:915 -- (95309088) Disconnect03/31/16 00:00:17:915 -- (95309088) No Data Received03/31/16 00:00:17:790 -- (95309088) Connection from: 10.241.1.8  -  Originating country : N/A03/31/16 00:00:17:790 -- (95309088) Detected TCP Connection: 10.241.1.8 on port: 2503/31/16 00:00:16:633 -- (95310288) DNS Server will rotate after query. New server will be 216.136.95.203/31/16 00:00:16:633 -- (95310288) DNS Error:TimedOut03/31/16 00:00:11:460 -- (95310288) Mail from: noreply@workforwendys.com03/31/16 00:00:11:429 -- (95310288) Resolving 209.140.23.224 - host.clickinfotechmail3.in03/31/16 00:00:11:413 -- (95310288) Received RCPT TO: 448@wenroch.com03/31/16 00:00:11:350 -- (95310288) Received MAIL FROM: noreply@workforwendys.com03/31/16 00:00:11:116 -- (95310288) Received STARTTLS command03/31/16 00:00:11:038 -- (95310288) Connection from: 209.140.23.224  -  Originating country : United States03/31/16 00:00:11:007 -- (95310288) Detected TCP Connection: 209.140.23.224 on port: 2503/30/16 23:59:18:929 -- (46982496) Hash cache - removed 2 entries during cleanup03/30/16 23:59:18:819 -- (46982496) IPcache Limbo - removed 1 entries during cleanup03/30/16 23:59:18:710 -- (46982496) Blacklistcache Limbo - removed 1 entries during cleanup03/30/16 23:59:18:710 -- (46982496) Blacklist cache - starting cleanup



Replies:
Posted By: jmiglioratti
Date Posted: 31 March 2016 at 9:42am
The timeout is already set to 5000

;The timeout in milliseconds for all DNS-related queries.
DNSTimeout=5000


Posted By: LogSat
Date Posted: 31 March 2016 at 11:06am
The log section only covers about a minute of data, and shows just a couple of DNS errors. Keeping in mind that a few dozen DNS timeout errors a day are normal, could you please zip us the following so we can take a look:

• SpamFilter's entire activity logfiles for yesterday and today

• Your SpamFilter.ini file

• The \SpamFilter\Domains directory structure (if the files containing any of your blacklists/whitelists are outside that directory tree, please include those as well.


If the zipped file is over 8MB in size, please try to upload the file to our Box repository at:

https://logsat.com/sfi-upload-box.asp

 

As a side-note, DNS timeouts will not prevent emails from being delivered - they just affect the ability of some filters from detecting spam. If there is a DNS timeout experienced by a filter, that filter will "fail-open", meaning will not mark the email as spam and will let the remaining filters have a chance at examining the email.



-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP


Posted By: jmiglioratti
Date Posted: 31 March 2016 at 11:18am
I have uploaded the files to box.  the issues we are having is folks that have been fine emailing for years and now they get bounced.. here is an example of the bounce message.

From: Mail Delivery Subsystem <mailer-daemon@googlemail.com>
Date: March 30, 2016 at 7:02:36 AM CDT
To:
davidcfox@gmail.com
Subject: Delivery Status Notification (Failure)





Posted By: LogSat
Date Posted: 31 March 2016 at 5:52pm
Received the logs - thanks. From those it seems the issue you are experiencing is one that was resolved in the current official SpamFilter build 4.7.2.184:

// New to VersionNumber = '4.7.2.184';
{TODO -cNew : Added a new filter - the 0-Day domain filter. If a domain has been registered within the last nn days (30 by default), any emails containing that domain name will be heavily weighed as spam.}
{TODO -cNew : SpamFilter Enterprise only - added two new fields in the tbl_FilterSettings table for 0-Day filter and for a new upcoming option - DNSWLBypassForMX_RevDNS_SPF}
{TODO -cFix : In some cases depending on the internet provider DNS lookups could result in several timeouts (logged as DNS Error:TimedOut). This was due a different DNS library that was used starting from v4.7.1.145. Issue is now resolved.}

Can you please try upgrading from your older v4.7.1.172 to either the official 4.7.2.184 or the latest pre-release 4.7.2.194?




-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP



Print Page | Close Window