Sponsor:

Server and Web Integrator
Link:
Kloxo-MR logo
6.5.0 or 7.0.0
Click for "How to install"
Donation/Sponsorship:
Kloxo-MR is open-source.
Donate and or Sponsorship always welcome.
Click to:
Click Here
Please login or register. 2018-11-15, 21:24:55

Author Topic: Spamassassin RDNS_NONE Rule False Positives  (Read 10349 times)

0 Members and 1 Guest are viewing this topic.

Offline Joe

  • Valuable Member
  • *
  • Posts: 147
  • Karma: +2/-0
    • View Profile
Re: Spamassassin RDNS_NONE Rule False Positives
« Reply #15 on: 2014-02-03, 20:17:37 »
It appears qmail-toaster does headers differently.  The received from unknown, not sure if a bug, or if that is how they set it up, since right after that it has the (helo hostname) IP.

It appears to be a regex problem in the perl script for spamassassin.

Using spamdyke protects you from this, so enable spamdyke and disable rdns none in spamassassin.

Find and Change /etc/spamassassin/local.cf:

Code: [Select]
score RDNS_NONE 0

That's what I did but about 5% of legitimate email do no have reverse ptr records setup correctly. I would prefer to increase the spam score instead of blocking those completely without RDNS. People really should learn to setup mx records, reverse dns, DKIM, and SPF.

Offline chrisf

  • Senior Master
  • **
  • Posts: 883
  • Karma: +11/-1
  • Gender: Male
  • Be the change that you wish to see in the world.
    • View Profile
    • Conviction's Hosting
Re: Spamassassin RDNS_NONE Rule False Positives
« Reply #16 on: 2014-02-03, 21:47:18 »
+1 Joe, those are all important things, and I agree.  I block them, if they are not serious enough about security, spam, and maintaining the proper records - sorry. ;)
Christopher

Knowledge in: PHP, Perl, MySQL, Javascript, Actionscript, FLASH, HTML, CSS
Server Administrator / Developer: https://convictionshosting.com

Offline Spacedust

  • Super Grand Master
  • ****
  • Posts: 3,962
  • Karma: +1/-0
    • View Profile
Re: Spamassassin RDNS_NONE Rule False Positives
« Reply #17 on: 2014-02-03, 23:43:26 »
Thank you !

Offline Spacedust

  • Super Grand Master
  • ****
  • Posts: 3,962
  • Karma: +1/-0
    • View Profile
Re: Spamassassin RDNS_NONE Rule False Positives
« Reply #18 on: 2014-02-04, 15:12:35 »
It doesn't work ! Still good e-mail are rejected because no reverse DNS or MX while it works well.

Offline Spacedust

  • Super Grand Master
  • ****
  • Posts: 3,962
  • Karma: +1/-0
    • View Profile
Re: Spamassassin RDNS_NONE Rule False Positives
« Reply #19 on: 2014-02-04, 15:17:37 »
Take a look - proper e-mail from PayPal is rejected !

Quote
Feb  4 15:15:19 onlinecity smtp: 1391523319.964820 17163 > 220 mail.mydomain.pl - Welcome to Qmail ESMTP?
Feb  4 15:15:20 onlinecity smtp: 1391523320.139108 17163 < EHLO mx0.slc.paypal.com?
Feb  4 15:15:20 onlinecity smtp: 1391523320.139208 17163 > 250-mail.mydomain.pl - Welcome to Qmail?
Feb  4 15:15:20 onlinecity smtp: 1391523320.139229 17163 > 250-STARTTLS?
Feb  4 15:15:20 onlinecity smtp: 1391523320.139232 17163 > 250-PIPELINING?
Feb  4 15:15:20 onlinecity smtp: 1391523320.139244 17163 > 250-8BITMIME?
Feb  4 15:15:20 onlinecity smtp: 1391523320.139254 17163 > 250-SIZE 268435456?
Feb  4 15:15:20 onlinecity smtp: 1391523320.139257 17163 > 250 AUTH LOGIN PLAIN CRAM-MD5?
Feb  4 15:15:20 onlinecity smtp: 1391523320.760125 17163 < MAIL FROM:<service@paypal.pl>?
Feb  4 15:15:20 onlinecity smtp: 1391523320.761166 17163 > 250 Refused. The domain of your sender address has no mail exchanger (MX).?
Feb  4 15:15:20 onlinecity smtp: 1391523320.943264 17163 < RCPT TO:<admin@mydomain.pl>?
Feb  4 15:15:20 onlinecity smtp: 1391523320.943791 17163 > 421 Refused. The domain of your sender address has no mail exchanger (MX).?
« Last Edit: 2014-02-04, 15:20:32 by Spacedust »

Offline Joe

  • Valuable Member
  • *
  • Posts: 147
  • Karma: +2/-0
    • View Profile
Re: Spamassassin RDNS_NONE Rule False Positives
« Reply #20 on: 2014-02-04, 17:46:12 »
Take a look - proper e-mail from PayPal is rejected !

Quote
Feb  4 15:15:19 onlinecity smtp: 1391523319.964820 17163 > 220 mail.mydomain.pl - Welcome to Qmail ESMTP?
Feb  4 15:15:20 onlinecity smtp: 1391523320.139108 17163 < EHLO mx0.slc.paypal.com?
Feb  4 15:15:20 onlinecity smtp: 1391523320.139208 17163 > 250-mail.mydomain.pl - Welcome to Qmail?
Feb  4 15:15:20 onlinecity smtp: 1391523320.139229 17163 > 250-STARTTLS?
Feb  4 15:15:20 onlinecity smtp: 1391523320.139232 17163 > 250-PIPELINING?
Feb  4 15:15:20 onlinecity smtp: 1391523320.139244 17163 > 250-8BITMIME?
Feb  4 15:15:20 onlinecity smtp: 1391523320.139254 17163 > 250-SIZE 268435456?
Feb  4 15:15:20 onlinecity smtp: 1391523320.139257 17163 > 250 AUTH LOGIN PLAIN CRAM-MD5?
Feb  4 15:15:20 onlinecity smtp: 1391523320.760125 17163 < MAIL FROM:<service@paypal.pl>?
Feb  4 15:15:20 onlinecity smtp: 1391523320.761166 17163 > 250 Refused. The domain of your sender address has no mail exchanger (MX).?
Feb  4 15:15:20 onlinecity smtp: 1391523320.943264 17163 < RCPT TO:<admin@mydomain.pl>?
Feb  4 15:15:20 onlinecity smtp: 1391523320.943791 17163 > 421 Refused. The domain of your sender address has no mail exchanger (MX).?

Did you uncheck "Reject Messages From Server Without MX Records" in the spamdyke settings? I decided to only use the first option "Reject Servers Without RDNS Names".

Offline Joe

  • Valuable Member
  • *
  • Posts: 147
  • Karma: +2/-0
    • View Profile
Re: Spamassassin RDNS_NONE Rule False Positives
« Reply #21 on: 2014-02-08, 22:21:18 »
Here's what you need to do to get SPF checks working in Spamassassin which is really helping reduce spam and helps legitimate mail get through.

1. yum install perl-Mail-SPF

2. Create new file located here etc/mail/spamassassin/custom.pre

Add the following line:

loadplugin Mail::SpamAssassin::Plugin::SPF

3. Adjust scores accordingly in /etc/mail/spamassassin/local.cf

score   SPF_HELO_FAIL
score   SPF_FAIL
score   SPF_HELO_PASS
score   SPF_PASS

 


MRatWork Affiliates:    BIGRAF(R) Inc.    House of LMAR    EFARgrafix

Page created in 0.037 seconds with 23 queries.

web stats analysis