URIBL problem after recent rspamd update
222 views
Skip to first unread message
Bill Pye
Dec 3, 2016, 9:59:51 AM12/3/16
to rspamd
Hi everyone
After the recent rspamd update to version 1.4.1-2 I'm having a problem with my mail server showing a problem with the reverse DNS. I get a daily mail report sent by the mail server (it's on my LAN) and the headers shows this:
My mail server does have a reverse DNS record for the public IP and as it's on the LAN I also have a reverse DNS record on my own LAN DNS server. I should also mention that my LAN subnet is whitelisted in rmilter.
I suppose my question is why the change between rspamd versions and have I missed some configuration change that's causing this problem?
Regards
Bill
After the recent rspamd update to version 1.4.1-2 I'm having a problem with my mail server showing a problem with the reverse DNS. I get a daily mail report sent by the mail server (it's on my LAN) and the headers shows this:
Date: Sat, 3 Dec 2016 15:02:41 +0100 (CET) X-Spamd-Result: default: False [11.90 / 12.00] URIBL_BLACK(7.50)[no-reverse-dns-configured.com.multi.uribl.com] R_MISSING_CHARSET(2.50)[] MISSING_MIME_VERSION(2.00)[] MIME_GOOD(-0.10)[text/plain] FROM_EQ_ENVFROM(0.00)[] TO_MATCH_ENVRCPT_ALL(0.00)[] RCPT_COUNT_1(0.00)[] RCVD_COUNT_1(0.00)[] TO_EQ_FROM(0.00)[] TO_DN_NONE(0.00)[] FROM_NO_DN(0.00)[] X-Rspamd-Server: localhost X-Rspamd-Scan-Time: 1.15 X-Rspamd-Queue-ID: E851340E179C X-Spam: yes
That message is usually sent close to the end-of-day when I noticed I hadn't received it I ran the cron job again, the daily report from the previous day, December 1st shows this in the headers:
Date: Thu, 1 Dec 2016 23:30:08 +0100 (CET) X-Spamd-Result: default: False [4.40 / 12.00] R_MISSING_CHARSET(2.50)[] MISSING_MIME_VERSION(2.00)[] MIME_GOOD(-0.10)[text/plain] FROM_EQ_ENVFROM(0.00)[] TO_MATCH_ENVRCPT_ALL(0.00)[] RCPT_COUNT_1(0.00)[] RCVD_COUNT_1(0.00)[] TO_EQ_FROM(0.00)[] TO_DN_NONE(0.00)[] FROM_NO_DN(0.00)[] X-Rspamd-Server: localhost X-Rspamd-Scan-Time: 3.01 X-Rspamd-Queue-ID: B29B647A8363
My mail server does have a reverse DNS record for the public IP and as it's on the LAN I also have a reverse DNS record on my own LAN DNS server. I should also mention that my LAN subnet is whitelisted in rmilter.
I suppose my question is why the change between rspamd versions and have I missed some configuration change that's causing this problem?
Regards
Bill
Andrew Lewis
Dec 3, 2016, 10:12:34 AM12/3/16
to rsp...@googlegroups.com
Hi Bill,
> URIBL_BLACK(7.50)[no-reverse-dns-configured .com.multi.uribl.com]
So rspamd has found the domain: no-reverse-dns-configured .com
somewhere in the body of this mail and this domain is listed by URIBL.
Best,
-AL.
Bill Pye
Dec 3, 2016, 10:15:32 AM12/3/16
to rspamd
Hi again
OK, the problem was me, as usual. :)
I did have this LAN whitelisted but at some point I disabled it, that's removed the check for my internal mail although it would seem that there is still a change that's caused the URIBL_BLACK score to increase.
Perhaps I'm misunderstanding something here but if I whitelist the LAN in rmilter it also doesn't check outbound mail for spam, or does it? Is whitelisting the LAN subnet a good, bad or indifferent setting? What's the best way to check outbound mail for spam but not mail destined for other LAN users on the server?
Regards
Bill
OK, the problem was me, as usual. :)
I did have this LAN whitelisted but at some point I disabled it, that's removed the check for my internal mail although it would seem that there is still a change that's caused the URIBL_BLACK score to increase.
Perhaps I'm misunderstanding something here but if I whitelist the LAN in rmilter it also doesn't check outbound mail for spam, or does it? Is whitelisting the LAN subnet a good, bad or indifferent setting? What's the best way to check outbound mail for spam but not mail destined for other LAN users on the server?
Regards
Bill
Message has been deleted
Bill Pye
Dec 4, 2016, 2:56:52 AM12/4/16
to rspamd
Hi Andrew,
Thanks for the feedback. :)
You're right, of course, and it never occurred to me that it was
something in the body of the messages. I'd quickly scanned the message
but with a long list of rejeceted domains I must have overlooked this
one.
Thanks again.
Regards
Bill
Thanks again.
Regards
Bill
Reply all
Reply to author
Forward
0 new messages