check_ip_reverse_dns problem?

This is the area for a general support questions, discussions and information that you can read and share. Post your experiences, stats and tricks and tips that are not covered elsewhere. Remember, for questions please search the FAQ first, as your question may already be answered.

Moderators: wizard, magicspam

Post Reply
garmtech
Posts: 12
Joined: Fri Nov 14, 2008 3:29 pm

check_ip_reverse_dns problem?

Post by garmtech » Fri Nov 28, 2008 4:44 am

Hello,

We have a number of complains about one mail server being denied by magicspam.

Code: Select all

2008-11-27 14:59:26 magicspam-plesk[29866]: SPAM[check_ip_reverse_dns]: mua=0,ip=[159.148.146.66:(null)],helo=<ns.cpcs.lv>,from=<xxx@remotedomain.com>,rcpt=<yyy@localdomain.com>
And here's an output of nslookup:

Code: Select all

# nslookup ns.cpcs.lv
Server:         195.28.26.2
Address:        195.28.26.2#53

Non-authoritative answer:
Name:   ns.cpcs.lv
Address: 159.148.146.66

# nslookup 159.148.146.66
Server:         195.28.26.2
Address:        195.28.26.2#53

Non-authoritative answer:
66.146.148.159.in-addr.arpa     name = mail.cpcs.lv.

Authoritative answers can be found from:
148.159.in-addr.arpa    nameserver = nsz.ls.lv.
148.159.in-addr.arpa    nameserver = nsz2.ls.lv.

# nslookup mail.cpcs.lv
Server:         195.28.26.2
Address:        195.28.26.2#53

Non-authoritative answer:
Name:   mail.cpcs.lv
Address: 159.148.146.66
Am I correct that MagicSpam's check_ip_reverse_dns check requires the same reverse name as HELO to pass this check? If so it's very bad, because even our server represent itself as mx1.garmtech.com, but have reverse name of web1.garmtech.net.

magicspam
Posts: 1553
Joined: Tue Oct 28, 2008 2:27 pm

Re: check_ip_reverse_dns problem?

Post by magicspam » Fri Nov 28, 2008 5:16 pm

No. The check_ip_reverse_dns rule simply checks for the existence of a reverse DNS entry for the connecting IP address. What you are doing is a forward DNS lookup on the HELO. There are different rules which check the HELO, which may or may not be enabled on your server.

Could you please confirm that the DNS server which the Plesk server is currently using has a PTR record? You can check this by running the following command on the Plesk server:

Code: Select all

host 159.148.146.66
If this comes back with a PTR record, then we will have to take a look at our code. If *no* PTR record is returned, then it may be that the DNS server which the Plesk server is using is not updating properly.

Running the above command from here, we can see that there is a PTR record:

Code: Select all

$ host 159.148.146.66
Name: mail.cpcs.lv
Address: 159.148.146.66
Also, it may have been that the PTR record was recently updated, and the change didn't make it to your DNS server yet.

Let us know.
-- MagicSpam Support Team --

garmtech
Posts: 12
Joined: Fri Nov 14, 2008 3:29 pm

Re: check_ip_reverse_dns problem?

Post by garmtech » Fri Nov 28, 2008 5:35 pm

# host 159.148.146.66
66.146.148.159.in-addr.arpa domain name pointer mail.cpcs.lv.

I will also ask client to retry e-mail sending on Monday from that server. For now we included them into whitelist. Please check code, because I'm not sure that they fixed situation themselves. We can't even call them out by phone for a two days. :)

magicspam
Posts: 1553
Joined: Tue Oct 28, 2008 2:27 pm

Re: check_ip_reverse_dns problem?

Post by magicspam » Mon Dec 01, 2008 1:03 pm

We have been using this particular code for quite some time now and have not had any problems with it. Were you able to confirm that this issue is resolved? From all appearances, it looks like either a temporary DNS failure, or the PTR record was updated recently.
-- MagicSpam Support Team --

Post Reply

Return to “General Discussions and Support Questions”

Who is online

Users browsing this forum: No registered users and 18 guests