Page 1 of 1
check_ip_reverse_dns problem?
Posted: Fri Nov 28, 2008 4:44 am
by garmtech
Hello,
We have a number of complains about one mail server being denied by magicspam.
Code: Select all
2008-11-27 14:59:26 magicspam-plesk[29866]: SPAM[check_ip_reverse_dns]: mua=0,ip=[159.148.146.66:(null)],helo=<ns.cpcs.lv>,from=<xxx@remotedomain.com>,rcpt=<yyy@localdomain.com>
And here's an output of nslookup:
Code: Select all
# nslookup ns.cpcs.lv
Server: 195.28.26.2
Address: 195.28.26.2#53
Non-authoritative answer:
Name: ns.cpcs.lv
Address: 159.148.146.66
# nslookup 159.148.146.66
Server: 195.28.26.2
Address: 195.28.26.2#53
Non-authoritative answer:
66.146.148.159.in-addr.arpa name = mail.cpcs.lv.
Authoritative answers can be found from:
148.159.in-addr.arpa nameserver = nsz.ls.lv.
148.159.in-addr.arpa nameserver = nsz2.ls.lv.
# nslookup mail.cpcs.lv
Server: 195.28.26.2
Address: 195.28.26.2#53
Non-authoritative answer:
Name: mail.cpcs.lv
Address: 159.148.146.66
Am I correct that MagicSpam's check_ip_reverse_dns check requires the same reverse name as HELO to pass this check? If so it's very bad, because even our server represent itself as mx1.garmtech.com, but have reverse name of web1.garmtech.net.
Re: check_ip_reverse_dns problem?
Posted: Fri Nov 28, 2008 5:16 pm
by magicspam
No. The check_ip_reverse_dns rule simply checks for the existence of a reverse DNS entry for the connecting IP address. What you are doing is a forward DNS lookup on the HELO. There are different rules which check the HELO, which may or may not be enabled on your server.
Could you please confirm that the DNS server which the Plesk server is currently using has a PTR record? You can check this by running the following command on the Plesk server:
If this comes back with a PTR record, then we will have to take a look at our code. If *no* PTR record is returned, then it may be that the DNS server which the Plesk server is using is not updating properly.
Running the above command from here, we can see that there is a PTR record:
Code: Select all
$ host 159.148.146.66
Name: mail.cpcs.lv
Address: 159.148.146.66
Also, it may have been that the PTR record was recently updated, and the change didn't make it to your DNS server yet.
Let us know.
Re: check_ip_reverse_dns problem?
Posted: Fri Nov 28, 2008 5:35 pm
by garmtech
# host 159.148.146.66
66.146.148.159.in-addr.arpa domain name pointer mail.cpcs.lv.
I will also ask client to retry e-mail sending on Monday from that server. For now we included them into whitelist. Please check code, because I'm not sure that they fixed situation themselves. We can't even call them out by phone for a two days.
Re: check_ip_reverse_dns problem?
Posted: Mon Dec 01, 2008 1:03 pm
by magicspam
We have been using this particular code for quite some time now and have not had any problems with it. Were you able to confirm that this issue is resolved? From all appearances, it looks like either a temporary DNS failure, or the PTR record was updated recently.