Print Page | Close Window

timeout and reverse dns now working correctly?

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: http://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=2204
Printed Date: 11 December 2018 at 6:23am


Topic: timeout and reverse dns now working correctly?
Posted By: dcook
Subject: timeout and reverse dns now working correctly?
Date Posted: 14 October 2003 at 10:28am

Ver 1.0.206

I reciently added the reverse dns lookup feature in spamfilter and it does block a lot of email over and above keywords and maps servers  --- however:

I have had the following problems --

1. Two people were blocked because of "no reverse dns" -- they had a reverse entry- these were false positives.

2. I unfiltered and email address and mail was still blocked to this person because of no reverse DNS.  This sender had a reverse entry and would some times be blocked and other times mail would be delivered.

3. I am seeing a few dns server time outs -- this I believe was the reason in #2 sometimes mail would be blocked.

It was my understanding that whitelisting an email address would override the dns reverse lookup -- that does not seem  to be the case.

I have switched OFF the reverse lookup in spamfilter till I get resolution. 

Dwight Cook




Replies:
Posted By: Desperado
Date Posted: 14 October 2003 at 12:01pm

Dwight,

I, too have found that no RDNS seems to be applied prior to the white list but it hasn't cause me more than one or two issues.  I will shoot this off to logsat support for review.  However, my understanding is that the INTENT is that if DNS does time out, it should not block because the assumption is made that it is a transient condition and better to let it go than block.  Again, if this has changed, I believe it is a bug, not an intentional change.

Dan S.



Posted By: LogSat
Date Posted: 15 October 2003 at 12:14am

Dwight,

We're not able to replicate the problems. For this:

<<
1. Two people were blocked because of "no reverse dns" -- they had a reverse entry- these were false positives.
>>

can you please post (or email us at mailto:support@logsat.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - support@logsat.com ) with the SpamFilter's activity logfile that show the email being rejected along with IPs and email addresses?


With regards to the whitelists, we're not too clear on which case you are referring. We tested both however, and did not find problems.

The two whitelists you refer in your post are "unfiltered emails" and "whitelisting an email address". They are two different things.

"Unfiltered emails" are local email address who want to receive unfiltered emails. All email addressed to them will bypass all filter rules.

"Whitelisting an email address" we interpreted as "Excluded FROM Emails", which are specific senders that you want to prevent from being filtered by mistake.


As far as the DNS timeouts, in this case the reverse DNS test is ignored, and the other filters are applied.

Following are log examples for all 3 cases:

 

mailto:test@logsat.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - test@logsat.com is in the "Unfiltered Emails":

10/15/03 00:09:46:096 -- (3636) Connection from: 172.27.4.53  -  Originating country : N/A
10/15/03 00:09:46:306 -- (3636) Resolving 172.27.4.53 - Not found
10/15/03 00:09:46:306 -- (3636) Bypassed all rules for: mailto:test@logsat.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - test@logsat.com from mailto:rrr@cfl.rr.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - rrr@cfl.rr.com
10/15/03 00:09:46:346 -- (3636) EMail from mailto:rrr@cfl.rr.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - rrr@cfl.rr.com to mailto:test@logsat.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - test@logsat.com was queued. Size: 1 KB
10/15/03 00:09:46:346 -- (3636) Disconnect
10/15/03 00:09:46:356 -- (2284) Sending email from mailto:rrr@cfl.rr.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - rrr@cfl.rr.com to mailto:test@logsat.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - test@logsat.com
10/15/03 00:09:48:029 -- (2284) EMail from mailto:rrr@cfl.rr.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - rrr@cfl.rr.com to mailto:test@logsat.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - test@logsat.com   was forwarded to rome:25

The log shows that upon connection the Reverse DNS test fails. But when the remote server sends the recipient, mailto:test@logsat.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - test@logsat.com , it is recognized to be in the "Unfiltered Emails" whitelist, and the email is queued and sent anyways.

 

mailto:zzz@cfl.rr.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - zzz@cfl.rr.com is in the "Excluded FROM Emails"

10/15/03 00:12:24:351 -- (1284) Connection from: 172.27.4.53  -  Originating country : N/A
10/15/03 00:12:24:551 -- (1284) Resolving 172.27.4.53 - Not found
10/15/03 00:12:24:551 -- (1284) Bypassed all rules for: mailto:test2@logsat.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - test2@logsat.com from mailto:zzz@cfl.rr.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - zzz@cfl.rr.com
10/15/03 00:12:24:602 -- (1284) EMail from mailto:zzz@cfl.rr.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - zzz@cfl.rr.com to mailto:test2@logsat.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - test2@logsat.com was queued. Size: 1 KB
10/15/03 00:12:24:612 -- (1284) Disconnect
10/15/03 00:12:24:612 -- (3520) Sending email from mailto:zzz@cfl.rr.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - zzz@cfl.rr.com to mailto:test2@logsat.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - test2@logsat.com
10/15/03 00:12:25:803 -- (3520) EMail from mailto:zzz@cfl.rr.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - zzz@cfl.rr.com to mailto:test2@logsat.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - test2@logsat.com   was forwarded to rome:25

The log shows that upon connection the Reverse DNS test fails, and then the remote server sends its email address ( mailto:zzz@cfl.rr.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - zzz@cfl.rr.com ), it is recognized to be in the "Excluded FROM Emails" whitelist, and the email is queued and sent anyways.

 

If you notice otherwise, can you please post more details using the SpamFilter logs as we did above?

Roberto F.
LogSat Software




Print Page | Close Window