MRatWork Forum by Mustafa Ramadhan
Sawo Project - Kloxo-MR Discussions => Kloxo-MR Bugs and Requests => Topic started by: Joe on 2014-02-01, 17:18:14
-
I just upgraded from Kloxo original to MR. Now when using Spamassassin all emails are showing false positives for the 'RDNS_NONE' rule. There seems to be a problem with reverse dns lookups.
I've used Kloxo original for years with Spamassassin on multiple servers and never had this problem. I use custom scoring and many spammers do not have reverse dns but some legitimate mail as well so I like to increase the RDNS_NONE score to prevent spam but not reject all email without reverse dns.
-
Read http://forum.mratwork.com/kloxo-mr-tips-and-tricks/(tip)-how-to-setup-qmail-on-kloxo-mr/ related to reverse-dns
-
I just followed those steps for qmail and spamassassin is still showing all incoming mail as RDNS_NONE.
-
Try bogofilter instead spamassassin. Setup in 'switch program'.
-
Bogofilter can't compare to spamassassin. I have custom rules and DnsBlocklists that I have used over many years with spamassassin that has eliminated 99% of spam. All of them work except for rdns lookups and now only about 90% of spam is blocked because I had to disable RDNS_NONE.
-
Is this a different version of Spamassassin made for Qmailtoaster? How is it different from the original Kloxo version that was installed?
-
Spamasssin also taken from qmailtoaster.com
-
How do I remove this version of spamassassin?
-
yum remove spamassassin-toaster
Will try a newer version and see if it works.
-
I installed Spamassassin 3.3.2-7 and same problem. Kloxo MR is not performing reverse DNS lookups.
-
It works fine blocking all spammers ;)
-
It works fine blocking all spammers ;)
Nothing blocks ALL spammers without blocking some legitimate mail but Spamassassin does the best job especially if you tweak the default rules.
MRatWork,
Spamdyke's feature of Rejecting Servers Without RDNS Names works but Spamassassin for some reason isn't looking up reverse dns. Tested again with Kloxo original and the Spamassassin RDNS_NONE feature works.
I guess for now I'll use Spamdyke's setting since it should bounce the message and let the legitimate sender know why it was rejected.
-
I confirm this too also checking MX is false positive ! MX exists but it shows that it doesn't and rejects mail !
Disable this to get all your e-mails !
How to fix this ?
-
Yea, if you look at the email headers of all incoming email it shows "Received: from unknown" when it should show "Received: from hostname and ipaddress". I think all of these problems are caused by Kloxo MR's requirement to use qmail toaster compared with the original Kloxo.
Kloxo original using qmail does not show the "Received: from unkown" header. Something sure doesn't seem configured right or I'm not sure if qmail toaster handles headers differently and that creates a problem with Spamassassin.
-
It appears qmail-toaster does headers differently. The received from unknown, not sure if a bug, or if that is how they set it up, since right after that it has the (helo hostname) IP.
It appears to be a regex problem in the perl script for spamassassin.
Using spamdyke protects you from this, so enable spamdyke and disable rdns none in spamassassin.
Find and Change /etc/spamassassin/local.cf:
score RDNS_NONE 0
-
It appears qmail-toaster does headers differently. The received from unknown, not sure if a bug, or if that is how they set it up, since right after that it has the (helo hostname) IP.
It appears to be a regex problem in the perl script for spamassassin.
Using spamdyke protects you from this, so enable spamdyke and disable rdns none in spamassassin.
Find and Change /etc/spamassassin/local.cf:
score RDNS_NONE 0
That's what I did but about 5% of legitimate email do no have reverse ptr records setup correctly. I would prefer to increase the spam score instead of blocking those completely without RDNS. People really should learn to setup mx records, reverse dns, DKIM, and SPF.
-
+1 Joe, those are all important things, and I agree. I block them, if they are not serious enough about security, spam, and maintaining the proper records - sorry. ;)
-
Thank you !
-
It doesn't work ! Still good e-mail are rejected because no reverse DNS or MX while it works well.
-
Take a look - proper e-mail from PayPal is rejected !
Feb 4 15:15:19 onlinecity smtp: 1391523319.964820 17163 > 220 mail.mydomain.pl - Welcome to Qmail ESMTP?
Feb 4 15:15:20 onlinecity smtp: 1391523320.139108 17163 < EHLO mx0.slc.paypal.com?
Feb 4 15:15:20 onlinecity smtp: 1391523320.139208 17163 > 250-mail.mydomain.pl - Welcome to Qmail?
Feb 4 15:15:20 onlinecity smtp: 1391523320.139229 17163 > 250-STARTTLS?
Feb 4 15:15:20 onlinecity smtp: 1391523320.139232 17163 > 250-PIPELINING?
Feb 4 15:15:20 onlinecity smtp: 1391523320.139244 17163 > 250-8BITMIME?
Feb 4 15:15:20 onlinecity smtp: 1391523320.139254 17163 > 250-SIZE 268435456?
Feb 4 15:15:20 onlinecity smtp: 1391523320.139257 17163 > 250 AUTH LOGIN PLAIN CRAM-MD5?
Feb 4 15:15:20 onlinecity smtp: 1391523320.760125 17163 < MAIL FROM:<service@paypal.pl>?
Feb 4 15:15:20 onlinecity smtp: 1391523320.761166 17163 > 250 Refused. The domain of your sender address has no mail exchanger (MX).?
Feb 4 15:15:20 onlinecity smtp: 1391523320.943264 17163 < RCPT TO:<admin@mydomain.pl>?
Feb 4 15:15:20 onlinecity smtp: 1391523320.943791 17163 > 421 Refused. The domain of your sender address has no mail exchanger (MX).?
-
Take a look - proper e-mail from PayPal is rejected !
Feb 4 15:15:19 onlinecity smtp: 1391523319.964820 17163 > 220 mail.mydomain.pl - Welcome to Qmail ESMTP?
Feb 4 15:15:20 onlinecity smtp: 1391523320.139108 17163 < EHLO mx0.slc.paypal.com?
Feb 4 15:15:20 onlinecity smtp: 1391523320.139208 17163 > 250-mail.mydomain.pl - Welcome to Qmail?
Feb 4 15:15:20 onlinecity smtp: 1391523320.139229 17163 > 250-STARTTLS?
Feb 4 15:15:20 onlinecity smtp: 1391523320.139232 17163 > 250-PIPELINING?
Feb 4 15:15:20 onlinecity smtp: 1391523320.139244 17163 > 250-8BITMIME?
Feb 4 15:15:20 onlinecity smtp: 1391523320.139254 17163 > 250-SIZE 268435456?
Feb 4 15:15:20 onlinecity smtp: 1391523320.139257 17163 > 250 AUTH LOGIN PLAIN CRAM-MD5?
Feb 4 15:15:20 onlinecity smtp: 1391523320.760125 17163 < MAIL FROM:<service@paypal.pl>?
Feb 4 15:15:20 onlinecity smtp: 1391523320.761166 17163 > 250 Refused. The domain of your sender address has no mail exchanger (MX).?
Feb 4 15:15:20 onlinecity smtp: 1391523320.943264 17163 < RCPT TO:<admin@mydomain.pl>?
Feb 4 15:15:20 onlinecity smtp: 1391523320.943791 17163 > 421 Refused. The domain of your sender address has no mail exchanger (MX).?
Did you uncheck "Reject Messages From Server Without MX Records" in the spamdyke settings? I decided to only use the first option "Reject Servers Without RDNS Names".
-
Here's what you need to do to get SPF checks working in Spamassassin which is really helping reduce spam and helps legitimate mail get through.
1. yum install perl-Mail-SPF
2. Create new file located here etc/mail/spamassassin/custom.pre
Add the following line:
loadplugin Mail::SpamAssassin::Plugin::SPF
3. Adjust scores accordingly in /etc/mail/spamassassin/local.cf
score SPF_HELO_FAIL
score SPF_FAIL
score SPF_HELO_PASS
score SPF_PASS