Check valid MX record on receive |
Post Reply 
|
Page 12> |
| Author | |
Clator 
Guest Group 
|
 Post Options
 Thanks(0)
 Quote Reply
 Topic: Check valid MX record on receivePosted: 10 March 2006 at 10:05am |
|
Thanks again. I've discovered an internal 10. address where my server is hosted that may prove more reliable for DNS than the current IP. Hopefully this'll do it.
|
|
 |
|
|
LogSat
Admin Group 
Joined: 25 January 2005 Location: United States Status: Offline Points: 4106 |
Post Options
Thanks(0)
Quote Reply
Posted: 07 March 2006 at 9:36pm |
|
We've uploaded build 2.7.1.535 in the registered user area. The release notes are as follows:
// New to VersionNumber = '2.7.1.535'; {TODO -cFix : Sometimes Socket Errors on MX test could cause rejects (catches more cases than in build 531)} {TODO -cNew : Changed the precedence for the :tag and :tagsubject modifiers for the Unfiltered Emails} {TODO -cFix : DoNotStartWithoutAV option in SpamFilter.ini file not working correctly} |
|
|
|
|
LogSat
Admin Group
Joined: 25 January 2005 Location: United States Status: Offline Points: 4106 |
Post Options
Thanks(0)
Quote Reply
Posted: 07 March 2006 at 8:10pm |
|
Clator,
Your logs still show the DNS disconnecting SpamFilter when queries are made: 03/07/06 08:01:11:368 -- (404) Resolving 205.188.139.137 - Error resolving IP address (Socket Error # 10054 Connection reset by peer.) 03/07/06 08:01:11:368 -- (404) - Invalid MX record - Socket Error # 10054 Connection reset by peer. We thought we had modified the MX filter so that forceful disconnects from the DNS server that would cause MX lookups to fail would not cause the filter to fail. Apparently your case is slightly different,and our workaround does not work. We'll try to replicate the problem and ignore the error you are receiving as well. In the meantime, you may want to check the connection to your DNS server to see if you can find out why it fails every now and then. |
|
|
|
|
Clator
Guest Group
|
Post Options
Thanks(0)
Quote Reply
Posted: 07 March 2006 at 5:10pm |
|
Sure thing. Is there an email address I should just send the logs to? I can send them unaltered that way. (No bots to pick up the various addresses and whatnot). Thanks. |
|
|
|
|
LogSat
Admin Group
Joined: 25 January 2005 Location: United States Status: Offline Points: 4106 |
Post Options
Thanks(0)
Quote Reply
Posted: 07 March 2006 at 4:06pm |
|
Clator,
We'll need to see SpamFilter's activity logfiles showing those emails, as in the logs will be reported the reason for the failure, and we need to cross-reference with the emails themselves you just posted. |
|
|
|
|
Clator
Guest Group
|
Post Options
Thanks(0)
Quote Reply
Posted: 07 March 2006 at 2:19pm |
|
Posted these in the wrong thread. They should go here. Per Dan's suggestion, Ive created a new corpus directory. Meanwhile some of the domains that are failing MX checks are elon.edu, aapa.org, and gci.net. Sorry I don't have the full headers at the moment. I went ahead and forced the messages through. Some more potential false positives ... Received: from 205.188.139.137 by clator.com (LogSat Software SMTP Server - Unlicensed Evaluation Copy) Tue, 7 Mar 2006 08:01:11 -0500
Joined: 25 January 2005 ------------------------------------------------------------ -------------------- and another ... personall details removed again to keep the bots from picking it up. Received: from 204.127.192.82 by clator.com (LogSat Software SMTP Server - Unlicensed Evaluation Copy) Mon, 6 Mar 2006 19:34:08 -0500
Received: from 207.171.160.42 by clator.com (LogSat Software SMTP Server - Unlicensed Evaluation Copy) Tue, 7 Mar 2006 13:33:57 -0500
Received: from 64.236.240.147 by clator.com (LogSat Software SMTP Server - Unlicensed Evaluation Copy) Tue, 7 Mar 2006 13:52:01 -0500
a legit one from turner.com ... Received: from 64.236.240.147 by clator.com (LogSat Software SMTP Server - Unlicensed Evaluation Copy) Tue, 7 Mar 2006 13:52:01 -0500
Hopefully these will point to some issues. In case it hasn't been said, thanks for any help you can provide. Received: from 68.230.240.34 by clator.com (LogSat Software SMTP Server - Unlicensed Evaluation Copy) Tue, 7 Mar 2006 13:56:40 -0500 |
|
|
|
|
WebGuyz
Senior Member 
Joined: 09 May 2005 Location: United States Status: Offline Points: 348 |
Post Options
Thanks(0)
Quote Reply
Posted: 03 March 2006 at 6:24pm |
Same here. Did you delete your Bayes Corpus and let it grow again or just leave it be after you dropped SORB? The Bayes catch rate is great now but maybe a little too sensitive, still trying to figure out. |
|
|
http://www.webguyz.net
|
|
|
|
|
dcook
Senior Member
Joined: 31 January 2005 Location: United States Status: Offline Points: 174 |
Post Options
Thanks(0)
Quote Reply
Posted: 03 March 2006 at 6:03pm |
|
I am currently having success with the following maps setting:
sbl-xbl.spamhaus.org, true combined.njabl.org, true bl.spamcop.net, true block.rhs.mailpolice.com, true dul.dnsbl.sorbs.net, true tanks alot |
|
|
Dwight
www.vividmix.com |
|
|
|
|
LogSat
Admin Group
Joined: 25 January 2005 Location: United States Status: Offline Points: 4106 |
Post Options
Thanks(0)
Quote Reply
Posted: 03 March 2006 at 4:15pm |
|
Clator,
Can you post (or email us) the SpamFilter's logfile entries that show these false positives? We'll need to see the log to find out what is happening. |
|
|
|
|
Clator
Guest Group
|
Post Options
Thanks(0)
Quote Reply
Posted: 03 March 2006 at 10:35am |
|
Just upgraded to .532 and have gotten a couple more false positives as described above. The cox.net address in particular.
|
|
|
|
|
Desperado
Senior Member
Joined: 27 January 2005 Location: United States Status: Offline Points: 1143 |
Post Options
Thanks(0)
Quote Reply
Posted: 03 March 2006 at 9:37am |
|
COMMENT ON SORBS: We had to stop using SORBS. They adopted a policy of charging for being de-listed and as a result most folks don't bother. I had a bitter argument with them on several IP's that were blocked. I feel the list (which used to be fantastic) is now very problematic and we saw a huge upsurge in false positives. |
|
|
The Desperado
Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com |
|
|
|
|
Clator
Guest Group
|
Post Options
Thanks(0)
Quote Reply
Posted: 03 March 2006 at 9:00am |
|
P.S. ... what was the IP that was blacklisted? I wonder if it was mine or the Comcast SMTP server.
|
|
|
|
|
Clator
Guest Group
|
Post Options
Thanks(0)
Quote Reply
Posted: 03 March 2006 at 8:57am |
|
Lovely. Undoubtedly caused by some spammer who had the IP at some point. I'll see if I can get it un-blacklisted. Thanks.
|
|
|
|
|
LogSat
Admin Group
Joined: 25 January 2005 Location: United States Status: Offline Points: 4106 |
Post Options
Thanks(0)
Quote Reply
Posted: 28 February 2006 at 10:05pm |
|
We just found it in our quarantine, the IP is blacklisted by dnsbl.sorbs.net... I'll reply to the email right now.
|
|
|
|
|
Clator
Guest Group
|
Post Options
Thanks(0)
Quote Reply
Posted: 28 February 2006 at 7:57pm |
|
I sent in a message to the sales address about obtaining a license for a home-based server like mine but haven't heard back. Was that received? My quarantine didn't show any replies either, but I don't quarantine everything. Just curious.
|
|
|
|
|
Desperado
Senior Member
Joined: 27 January 2005 Location: United States Status: Offline Points: 1143 |
Post Options
Thanks(0)
Quote Reply
Posted: 28 February 2006 at 12:55pm |
|
Here are my stats for the first half of today. Invalid MX is way down on the list but still ... 2000 messages. Also, often, during "Spam Attacks", the invalid MX test is the only thing that blocks them so it bumps up to as high a 30%
Edited by Desperado |
|
|
The Desperado
Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com |
|
|
|
|
Analytical
Newbie 
Joined: 28 February 2006 Location: United States Status: Offline Points: 4 |
Post Options
Thanks(0)
Quote Reply
Posted: 28 February 2006 at 10:30am |
|
I have been using the MX filter with great success. I had a few people get false positives but those few are now whitelisted per their personal spamfilter web interface. The MX filter is blocks about 1000 pieces of spam every two days. This is a great feature!
|
|
|
His and yours,
Dwight |
|
|
|
|
LogSat
Admin Group
Joined: 25 January 2005 Location: United States Status: Offline Points: 4106 |
Post Options
Thanks(0)
Quote Reply
Posted: 27 February 2006 at 11:50pm |
|
Unfortunately that does look very much like the symptom in my original reply "where a socket error could cause the MX record test to fail". That has been solved in the latest releases, sorry...
|
|
|
|
|
Clator
Guest Group
|
Post Options
Thanks(0)
Quote Reply
Posted: 27 February 2006 at 11:46pm |
|
here's another. Not sure if it's a 1 or a 2. 02/27/06 17:54:07:073 -- (1296) Connection from: 63.174.99.34 - Originating country : United States |
|
|
|
|
Clator
Guest Group
|
Post Options
Thanks(0)
Quote Reply
Posted: 27 February 2006 at 11:40pm |
|
Just got another one: 02/27/06 23:29:26:292 -- (444) Resolving 66.135.197.13 - Error resolving IP address (Socket Error # 10054 Connection reset by peer.) |
|
|
|
|
LogSat
Admin Group
Joined: 25 January 2005 Location: United States Status: Offline Points: 4106 |
Post Options
Thanks(0)
Quote Reply
Posted: 27 February 2006 at 11:11pm |
|
If you can post some of the SpamFilter's activity log entries for those rejected emails we can try to see if the problem is the same one fixed by the newer builds or now.
|
|
|
|
|
Clator
Guest Group
|
Post Options
Thanks(0)
Quote Reply
Posted: 27 February 2006 at 10:56pm |
|
2.7.1.511 ... my bad.
|
|
|
|
|
Clator
Guest Group
|
Post Options
Thanks(0)
Quote Reply
Posted: 27 February 2006 at 10:54pm |
|
2.7.1.515 That was the version available to me being a non-paying individual user. Woe is me I guess until the next generally available release I suppose. Finding a lot of these false positives in the meantime. *sigh* Thanks for your help. |
|
|
|
|
LogSat
Admin Group
Joined: 25 January 2005 Location: United States Status: Offline Points: 4106 |
Post Options
Thanks(0)
Quote Reply
Posted: 27 February 2006 at 4:05pm |
|
cox.net does indeed have a correctly configured MX record, the email should not have been rejected for that casue.
We did have a bug in one of the latest pre-release builds of SpamFilter, where a socket error could cause the MX record test to fail. This was fixed in build 2.7.1.531. What verison of SpamFilter are you using? |
|
|
|
|
Clator
Guest Group
|
Post Options
Thanks(0)
Quote Reply
Posted: 27 February 2006 at 8:57am |
|
I trapped an email in the quarantine from my in-laws who use Cox Hi-Speed, with the invalid MX record error in the log. This is curious, as Cox is of course a major national provider. Is this evidence of a #2 error as described above? Here are the relevant headers, modified to remove personal info: Received: from [my in-laws username] ([70.186.195.204]) by eastrmmtao05.cox.net
|
|
|
|
|
scubajim
Guest Group
|
Post Options
Thanks(0)
Quote Reply
Posted: 26 February 2006 at 11:53pm |
|
My thoughts only, but EVERY email/DNS administrator should consider publishing correct RDNS, MX, SPF so as to aid in reducing or eliminating the meriad of ways (what ever you wish to call them) spammers use to exploit the Internet to send SPAM and viruses. What I see is that spammers are better at setting up DNS than most administrators are. Please take Roberto, Dan's and the RFC's excellent advice and setup DNS as recommended and help other administrators who are less informed as to why they should do the same. |
|
|
|
|
Clator
Guest Group
|
Post Options
Thanks(0)
Quote Reply
Posted: 25 February 2006 at 10:35am |
|
#1 I would imagine. Not a false positive in the programmatic sense of the world so much as a user sense. Thanks for the info on the error. I'll try to customize it so that it is hopefully more informative to the user and will prompt him to contact his sysadmin about configuring the MX record appropriately. |
|
|
|
|
LogSat
Admin Group
Joined: 25 January 2005 Location: United States Status: Offline Points: 4106 |
Post Options
Thanks(0)
Quote Reply
Posted: 25 February 2006 at 10:20am |
|
Clator,
Do you mean false positives caused by (1) the legitimate sender not having configured his MX record properly, or (2) because the sender has a valid MX record, but SpamFilter still rejects the email? In case of #2, if you please post or email the log entries relative to the reject we'll try to see what the problem is. In case of #1, the sender's administrators will probably want to think about correcting their configuration, as with time more and more antispam software is and will continue to use this feature. Going back to your original question about the customization, yes, SpamFilter does already send a customizable error message explaining what the problem is. By default it's: 550 Your domain %Domain% does not have a valid MX DNS record. Disconnecting... You can customize it (and many others) in the "Customized Items" tab under the settings tab. |
|
|
|
|
Clator
Guest Group
|
Post Options
Thanks(0)
Quote Reply
Posted: 25 February 2006 at 9:14am |
|
I recently upgraded and have noticed a lot more false positives with this feature turned on. Rather than debate the merits of the feature, I have a question: What does the reject message look like? Does the capability exist to have invalid MX rejections bounce back with more than the generic server error message? Specifically, with a user-friendly writeup of what is discussed above? That might be helpful in alerting senders of false positives what must be done on their end to mitigate their problem. Odds are they probably do not even know about the problem. It'll give them something to take to their postmaster.
|
|
|
|
|
LogSat
Admin Group
Joined: 25 January 2005 Location: United States Status: Offline Points: 4106 |
Post Options
Thanks(0)
Quote Reply
Posted: 05 December 2004 at 11:40am |
|
Matt, Up until a few years ago, administrators would not only have never imagined to have needed an MX record, but other things were also unthinkable. While no RFC states anything in merit, not complying with any of the following examples may also prevent them from sending/receiving emails: Locking down the mail server to avoid being an open relay. Nowdays if you don't do this the admin will end up on blacklists and providers will rejecte emails from them. Adding a reverse DNS entry to the mail server's IP. Many providers nowdays will refuse emails unless the PTR is present. In the near future, many providers will reject emails unless domains have SPF records in the DNS. There is nothing in the RFC that dictates administrators must implement the above. However spam has imposed new, unwritten rules. Having a properly configured mailserver will help in the overall fight against spam. One such unwritten rule that most administrators know about is that mail servers should, not MUST, have an MX record. In the past not having one was OK, just like a few years ago it was OK to have an open relay, or not having a reverse DNS record. Not today. We are now giving administrators one more way to reject unwanted email by demanding that the senders have a properly configured MX record. Most domains do have an MX record in place. All anti-spam software have an accuracy rate in detecting spam that is not 100%. Any filter will at some point block legitimate emails. The MX record filter is not any different. It too will block some legitimate email, just like the others. It is the administrator's choice to see if that percentage is acceptable or not. Roberto F. |
|
|
|
Topic Options
Desperado wrote:
|
Post Reply
|
Page 12> |
Tweet
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.453 seconds.