Wizard IT Products

Some of my customers are complaining that some email coming to them is being returned as undeliverable. The undeliverable email appears to be valid. How can I control this?

If you use the log search tool and you can identify one or more of the messages that were marked as spam but you feel are valid, you should see the name of the rule responsible for marking that message as spam. If you would like our assistance in interpreting the logs, feel free to post them here and we will take a look at them for you.

I am assuming you want me to post the entire log. So here it is.

2010-05-31 12:17:00 magicspam-plesk[28177]: SPAM[block_lists:36]: mua=0,ip=[78.48.50.139:f048050139.adsl.alicedsl.de],helo=<alicedsl.de>,from=<rivuxaw3105@alicedsl.de>,rcpt=<ray@goray.com> 2010-05-31 12:17:02 magicspam-plesk[28253]: SPAM[check_dynamic_reverse_dns]: mua=0,ip=[85.138.60.193:a85-138-60-193.cpe.netcabo.pt],helo=<netcabo.pt>,from=<iwomuay5797@netcabo.pt>,rcpt=<order@flatlineboom.com> 2010-05-31 12:17:05 magicspam-plesk[28332]: SPAM[block_lists:36]: mua=0,ip=[213.184.245.49:leased-line-213-184-245-49.telecom.by],helo=<mmb>,from=<collusioniu@creativecommons.org>,rcpt=<info@flatlineboom.com> 2010-05-31 12:17:07 magicspam-plesk[28397]: SPAM[block_lists:37]: mua=0,ip=[41.252.34.255:(null)],helo=<manager.home>,from=<marbleXR@dvb-brasil.org>,rcpt=<rcarter@pelinet.net> 2010-05-31 12:17:44 magicspam-plesk[29545]: SPAM[block_lists:36]: mua=0,ip=[190.134.3.114:r190-134-3-114.dialup.adsl.anteldata.net.uy],helo=<anteldata.net.uy>,from=<vuoimevibe1878@anteldata.net.uy>,rcpt=<info@goray.com> 2010-05-31 12:17:46 magicspam-plesk[29638]: SPAM[block_lists:37]: mua=0,ip=[92.99.138.67:(null)],helo=<daleel244c07dd.mydsldomain>,from=<glencW@ciponline.org>,rcpt=<info@flatlineboom.com> 2010-05-31 12:17:53 magicspam-plesk[29831]: HAM: mua=0,ip=[72.34.103.146:sanfrangisco.kitehearts.net],helo=<sanfrangisco.kitehearts.net>,from=<EducationLocator#email@kitehearts.net>,rcpt=<tanya.ashworth@cmsrllc.com> 2010-05-31 12:18:22 magicspam-plesk[30736]: SPAM[block_lists:37]: mua=0,ip=[148.208.210.1:(null)],helo=<LILI>,from=<disor5@yahoo.com>,rcpt=<david@sanvidgeconsulting.com> 2010-05-31 12:18:42 magicspam-plesk[31375]: SPAM[block_lists:36]: mua=0,ip=[189.82.178.193:18982178193.user.veloxzone.com.br],helo=<servimpressao>,from=<kiwivS@ciponline.org>,rcpt=<info@flatlineboom.com> 2010-05-31 12:18:54 magicspam-plesk[31736]: SPAM[check_dynamic_reverse_dns]: mua=0,ip=[92.252.18.125:xdsl-92-252-18-125.dip.osnanet.de],helo=<osnanet.de>,from=<ginufia7106@osnanet.de>,rcpt=<info@kayaktreks.com> 2010-05-31 12:19:19 magicspam-plesk[32506]: SPAM[block_lists:36]: mua=0,ip=[81.137.229.179:host81-137-229-179.in-addr.btopenworld.com],helo=<btopenworld.com>,from=<pyfezous3604@btopenworld.com>,rcpt=<rocketsue@pelinet.net> 2010-05-31 12:19:20 magicspam-plesk[32546]: SPAM[check_dynamic_reverse_dns]: mua=0,ip=[213.196.75.22:75.196.213.kr22.zona.ba],helo=<spin>,from=<regressiveaI@ciponline.org>,rcpt=<rcarter@pelinet.net> 2010-05-31 12:19:32 magicspam-plesk[470]: SPAM[block_lists:37]: mua=0,ip=[117.197.50.235:(null)],helo=<manoj765f856ce>,from=<enormousWT@sofitel.com>,rcpt=<rcarter@pelinet.net> 2010-05-31 12:19:49 magicspam-plesk[1011]: SPAM[block_lists:37]: mua=0,ip=[41.252.51.198:(null)],helo=<BPMVTJKU>,from=<injuriouslo94@silexmedioambiente.com>,rcpt=<jason.houp@cmsrllc.com> 2010-05-31 12:20:25 magicspam-plesk[2136]: SPAM[check_ip_reverse_dns]: mua=0,ip=[109.195.134.157:(null)],helo=<microsof12327d>,from=<petrify3Q@911tabs.com>,rcpt=<rcarter@pelinet.net> 2010-05-31 12:20:59 magicspam-plesk[3178]: HAM: mua=0,ip=[72.32.127.214:mail1.reotrans.com],helo=<203257-FTP1.rtllc.local>,from=<noreply_system@equator.com>,rcpt=<PHIL@DERRYTEAM.COM> 2010-05-31 12:21:05 magicspam-plesk[3367]: SPAM[check_dynamic_reverse_dns]: mua=0,ip=[95.14.158.193:dsl95-14-40641.ttnet.net.tr],helo=<95-14-40641.ttnet.net.tr>,from=<a-utsugibgio@aist.go.jp>,rcpt=<rich.davios@cmsrllc.com> 2010-05-31 12:21:06 magicspam-plesk[3411]: SPAM[block_lists:36]: mua=0,ip=[201.254.172.250:201-254-172-250.speedy.com.ar],helo=<ue10>,from=<bartendbj@mac-gratuit.fr>,rcpt=<rcarter@pelinet.net> 2010-05-31 12:21:21 magicspam-plesk[3882]: HAM: mua=0,ip=[76.73.120.27:funinteractive.net],helo=<funinteractive.net>,from=<thecenter@funinteractive.net>,rcpt=<rocketsue@pelinet.net> 2010-05-31 12:21:43 magicspam-plesk[4570]: SPAM[check_dynamic_reverse_dns]: mua=0,ip=[95.14.158.193:dsl95-14-40641.ttnet.net.tr],helo=<95-14-40641.ttnet.net.tr>,from=<j.rubin@ms29.hinet.net>,rcpt=<rich.davios@cmsrllc.com> 2010-05-31 12:21:52 magicspam-plesk[4848]: SPAM[check_dynamic_reverse_dns]: mua=0,ip=[187.67.239.114:bb43ef72.virtua.com.br],helo=<win>,from=<feetCA@galiciajewishmuseum.org>,rcpt=<info@flatlineboom.com> 2010-05-31 12:21:57 magicspam-plesk[5013]: SPAM[block_lists:36]: mua=0,ip=[201.229.244.21:tdev244-21.codetel.net.do],helo=<tdev244-21.codetel.net.do>,from=<disor5@yahoo.com>,rcpt=<dick@pelinet.net> 2010-05-31 12:22:28 magicspam-plesk[6011]: SPAM[check_dynamic_reverse_dns]: mua=0,ip=[122.183.200.86:telemedia-smb-086.200.183.122.airtelbroadband.in],helo=<edp2>,from=<impoverishn4@ciponline.org>,rcpt=<info@flatlineboom.com> 2010-05-31 12:22:31 magicspam-plesk[6106]: SPAM[check_ip_reverse_dns]: mua=0,ip=[87.204.188.28:(null)],helo=<salac3.lan>,from=<sessiondm@elsevier.com>,rcpt=<rcarter@pelinet.net> 2010-05-31 12:22:52 magicspam-plesk[6766]: HAM: mua=0,ip=[72.34.111.196:reeds.unittime.com],helo=<reeds.unittime.com>,from=<TermFinder@unittime.com>,rcpt=<lashawna@cmsrllc.com> 2010-05-31 12:23:21 magicspam-plesk[7691]: HAM: mua=0,ip=[216.27.93.125:smtp1.icpbounce.com],helo=<smtp1.icpbounce.com>,from=<bounces+119860.4994662.154479@icpbounce.com>,rcpt=<anthony.cooper@cmsrllc.com> 2010-05-31 12:23:22 magicspam-plesk[7707]: SPAM[check_ip_reverse_dns]: mua=0,ip=[95.57.52.204:(null)],helo=<computer5acad5>,from=<arenaceousm8@dvb-brasil.org>,rcpt=<info@flatlineboom.com> 2010-05-31 12:23:33 magicspam-plesk[8085]: SPAM[block_lists:36]: mua=0,ip=[89.83.245.72:if02t2-89-83-245-72.d4.club-internet.fr],helo=<drapier.lan>,from=<parrAo@nicetourisme.com>,rcpt=<rcarter@pelinet.net> 2010-05-31 12:24:44 magicspam-plesk[10287]: SPAM[check_ip_reverse_dns]: mua=0,ip=[85.116.156.145:(null)],helo=<pcgiovanni>,from=<alwaysRE@ciponline.org>,rcpt=<info@flatlineboom.com> 2010-05-31 12:25:01 magicspam-plesk[10798]: SPAM[block_lists:36]: mua=0,ip=[187.41.168.26:18741168026.user.veloxzone.com.br],helo=<layrton>,from=<fugitivey0@reuters.com>,rcpt=<rcarter@pelinet.net> 2010-05-31 12:25:39 magicspam-plesk[11995]: SPAM[block_lists:37]: mua=0,ip=[201.215.139.96:(null)],helo=<centmed001>,from=<arenaceous34@blogmarks.net>,rcpt=<rcarter@pelinet.net> 2010-05-31 12:25:45 magicspam-plesk[12178]: SPAM[block_lists:37]: mua=0,ip=[117.199.88.152:(null)],helo=<FTLAJFIU>,from=<cotyledonb90@royaltur.com>,rcpt=<order@flatlineboom.com> 2010-05-31 12:26:04 magicspam-plesk[12784]: HAM: mua=0,ip=[208.49.45.101:mail2.owenreollc.com],helo=<mail2.owenreollc.com>,from=<scline@owenreollc.com>,rcpt=<phil@derryteam.com> 2010-05-31 12:26:14 magicspam-plesk[13114]: SPAM[block_lists:37]: mua=0,ip=[89.232.105.90:(null)],helo=<FRSQHQSEOA>,from=<disportsd91@remel.com>,rcpt=<phil@derryteam.com> 2010-05-31 12:26:33 magicspam-plesk[13722]: SPAM[block_lists:36]: mua=0,ip=[187.3.48.40:187-3-48-40-sa.cpe.vivax.com.br],helo=<eduardo>,from=<bakeliteCk@flibus.com>,rcpt=<rcarter@pelinet.net> 2010-05-31 12:27:06 magicspam-plesk[14735]: SPAM[block_lists:36]: mua=0,ip=[122.162.94.10:abts-north-dynamic-010.94.162.122.airtelbroadband.in],helo=<office9e74e90e>,from=<condominiumnY@lonelyplanet.com>,rcpt=<info@flatlineboom.com> 2010-05-31 12:27:07 magicspam-plesk[14771]: SPAM[block_lists:36]: mua=0,ip=[196.217.239.143:adsl196-143-239-217-196.adsl196-16.iam.net.ma],helo=<evwbbol>,from=<johana_rosalynqd@barb.com>,rcpt=<rentals@douglasrealty.net> 2010-05-31 12:27:07 magicspam-plesk[14773]: SPAM[block_lists:36]: mua=0,ip=[196.217.239.143:adsl196-143-239-217-196.adsl196-16.iam.net.ma],helo=<evwbbol>,from=<johana_rosalynqd@barb.com>,rcpt=<treiersen@douglasrealty.net> 2010-05-31 12:27:07 magicspam-plesk[14775]: SPAM[block_lists:36]: mua=0,ip=[196.217.239.143:adsl196-143-239-217-196.adsl196-16.iam.net.ma],helo=<evwbbol>,from=<johana_rosalynqd@barb.com>,rcpt=<cpainter@douglasrealty.net> 2010-05-31 12:27:12 magicspam-plesk[14947]: HAM: mua=0,ip=[74.125.82.175:mail-wy0-f175.google.com],helo=<mail-wy0-f175.google.com>,from=<marty.bielecki@gmail.com>,rcpt=<sperez@douglasrealty.net> 2010-05-31 12:27:39 magicspam-plesk[15812]: HAM: mua=0,ip=[173.224.212.66:softdnserror],helo=<rs1.fretrews.com>,from=<miracle_face_kit@fretrews.com>,rcpt=<rcarter@pelinet.net> 2010-05-31 12:27:45 magicspam-plesk[16008]: SPAM[block_lists:36]: mua=0,ip=[88.166.30.43:dau94-8-88-166-30-43.fbx.proxad.net],helo=<proxad.net>,from=<avupodi9256@proxad.net>,rcpt=<tanya.ashworth@cmsrllc.com> 2010-05-31 12:27:46 magicspam-plesk[16048]: SPAM[check_dynamic_reverse_dns]: mua=0,ip=[94.218.69.70:dslb-094-218-069-070.pools.arcor-ip.net],helo=<arcor-ip.net>,from=<jiaetewoqo4582@arcor-ip.net>,rcpt=<info@douglasrealty.net> 2010-05-31 12:28:02 magicspam-plesk[16547]: SPAM[block_lists:36]: mua=0,ip=[120.60.18.125:triband-mum-120.60.18.125.mtnl.net.in],helo=<user>,from=<siameseYc@wiktionary.org>,rcpt=<info@flatlineboom.com> 2010-05-31 12:28:38 magicspam-plesk[17671]: SPAM[block_lists:36]: mua=0,ip=[201.20.165.69:69.165.20.201.fsa-multi01.dynamic.fsonline.com.br],helo=<pesquisa09>,from=<showQY@wiktionary.org>,rcpt=<rcarter@pelinet.net> 2010-05-31 12:29:02 magicspam-plesk[18429]: SPAM[check_dynamic_reverse_dns]: mua=0,ip=[74.246.235.251:adsl-074-246-235-251.sip.int.bellsouth.net],helo=<bellsouth.net>,from=<ofogudegik4465@bellsouth.net>,rcpt=<cpainter@douglasrealty.net> 2010-05-31 12:29:04 magicspam-plesk[18502]: SPAM[check_ip_reverse_dns]: mua=0,ip=[178.123.187.104:(null)],helo=<home0932bc4720>,from=<simpsoneK@maylane.com>,rcpt=<rcarter@pelinet.net> 2010-05-31 12:29:13 magicspam-plesk[18779]: HAM: mua=0,ip=[67.227.96.11:mail.arthammerindustries.com],helo=<mail.arthammerindustries.com>,from=<Dunhill@arthammerindustries.com>,rcpt=<jason.houp@cmsrllc.com> 2010-05-31 12:30:45 magicspam-plesk[21679]: SPAM[block_lists:37]: mua=0,ip=[78.97.199.0:(null)],helo=<fujitsu>,from=<optimum6C@tehrantimes.com>,rcpt=<info@flatlineboom.com> 2010-05-31 12:31:10 magicspam-plesk[22473]: SPAM[block_lists:36]: mua=0,ip=[59.178.171.17:triband-del-59.178.171.17.bol.net.in],helo=<tabela>,from=<darlingZJ@galiciajewishmuseum.org>,rcpt=<rcarter@pelinet.net>

Can you tell me what part of this log tells me what the rule is?

2010-05-31 12:26:04 magicspam-plesk[12784]: HAM: mua=0,ip=[208.49.45.101:mail2.owenreollc.com],helo=<mail2.owenreollc.com>,from=<scline@owenreollc.com>,rcpt=<phil@derryteam.com>

The individual log entry you just posted is not spam (it is marked "HAM") and therefore there is no rule to be triggered. Using one of your other log entries as a sample:

2010-05-31 12:17:00 magicspam-plesk[28177]: SPAM[block_lists:36]: mua=0,ip=[78.48.50.139:f048050139.adsl.alicedsl.de],helo=<alicedsl.de>,from=<rivuxaw3105@alicedsl.de>,rcpt=<ray@goray.com>

You can see that it was marked "SPAM[block_lists:36]". That means it was flagged as spam, and block list 36 is the cause. List 36 is RATS-Dyna.

As for the messages that you feel should have been delivered, every single spam message noted in the log snippet you provided was marked as spam because of an improperly configured mail server. There are a lot of list 36 (RATS-Dyna) and 37 (RATS-NoPtr) as well as their corresponding rules, check_dynamic_reverse_dns and check_ip_reverse_dns, respectively. If the operators of the other servers are unwilling to change their reverse DNS entries to correspond to the best practices, you can add exemptions for them so that mail from them will be delivered.