check_reverse_dns_list rule questions

There will always be opinions, both good and bad on how MagicSpam protection, rules and policies are used, and what the defaults should be. Different environments may have different needs. We try to find the perfect balance, and that is not always easy. Just remember that we have to satisfy millions of users.. not just one person.

Moderators: wizard, magicspam

Post Reply
widomaker
Posts: 7
Joined: Mon Aug 05, 2013 12:35 pm

check_reverse_dns_list rule questions

Post by widomaker » Tue Aug 06, 2013 5:08 pm

Hello,

I'm looking for additional details or a better description of what this rule is (check_reverse_dns_list).

Is it a more forgiving version of check_dynamic_reverse_dns that only matches very specific patterns instead of all generic reverse DNS?

Can you provide an example of a pattern that it is intended to catch? Do you know how likely false positives are with this rule?

We are finding that a large number of mail servers that communicate with our customers have generic reverse DNS. While we can exclude our customers that complain, I'd like to avoid them having to complain in the first place, if possible, by using a more forgiving rule.

Any thoughts or suggestions are welcome.

Regards,
Bob

magicspam
Posts: 1563
Joined: Tue Oct 28, 2008 2:27 pm

Re: check_reverse_dns_list rule questions

Post by magicspam » Wed Aug 07, 2013 10:12 am

Hello widomaker!

check_reverse_dns_list is a compiled list of patterns for servers that have leaked spam. Qualification is that the source has been reported to have sent spam (human reports) and that multiple source patterns of the same or similar PTR records exist. Challenges to listings can be made at:

http://www.linuxmagic.com/opensource/an ... amic_regex

with link 'Challenge an Entry'

This is of course different than check_dynamic_reverse_dns because, as you pointed out, this rule simply hits on IP addresses with dynamic style PTR records.

We hope this answers your question widomaker!

-- MagicSpam Support Team --

widomaker
Posts: 7
Joined: Mon Aug 05, 2013 12:35 pm

Re: check_reverse_dns_list rule questions

Post by widomaker » Wed Aug 14, 2013 11:07 am

So, in your opinion, or estimation, would you consider this rule (check_reverse_dns_list) to be less likely to have false positives than the check_dynamic_reverse_dns rule that blocks any dynamic looking reverse DNS (which is quite common for non-spam senders)?

I'm looking for an alternative to check_dynamic_reverse_dns (which blocks lots of spam but also blocks too many legit senders).

Thanks for your time and thoughts.

Regards,
Bob

magicspam
Posts: 1563
Joined: Tue Oct 28, 2008 2:27 pm

Re: check_reverse_dns_list rule questions

Post by magicspam » Wed Aug 14, 2013 4:02 pm

Hello Widomaker,

Thank you for your response!

The important thing to take away in this case is that *neither* of these rules have "false positives".

-- check_reverse_dns_list is vetted and compiled by human reports. Nothing is automatic and removal is self-serve.

-- check_dynamic_reverse_dns is simply a piece of logic which tests if a PTR record is dynamic or not.


If legitimate postmasters in your geographical region do not follow email server best practices there may be more cases where they trigger the check_dynamic_reverse_dns rule. It is up to you, as the postmaster of your mail server, whether or not you want to allow messages from mail servers with improperly configured PTR records - taking into consideration the large amount of spam that comes from mail servers with improperly configured PTR records.
You might also consider contacting the postmasters at the sending servers and informing them of the best practices and why it would behoove them to follow these. You may use the following URL for more information:

http://www.linuxmagic.com/best_practice ... e_dns.html


Thanks!

-- MagicSpam Support Team --

DavidMiller
Posts: 1
Joined: Mon Aug 19, 2013 7:09 am

Re: check_reverse_dns_list rule questions

Post by DavidMiller » Mon Aug 19, 2013 3:10 pm

I am not sure what is causing the issue. The email appears to be coming from a Yahoo server of sorts. This is a legitimate email.

How do I know what is the issue based upon the following response;

-----Original Message-----
From: MAILER-DAEMON@yahoo.com [xxxxxx:MAILER-DAEMON@yahoo.com]
Sent: Sunday, August 18, 2013 11:54 PM
To: vperez24@bellsouth.net
Subject: Failure Notice

Sorry, we were unable to deliver your message to the following address.

<admin@prostateawareness.net>:
Remote host said: 550 Dynamic Style reverse DNS IP=[216.39.63.11].Rejected by MagicSpam 1.0.5-3.4 (xxxx://www .magicspam .com/).Visit xxxx://www . linuxmagic . com/best_practices/check_dynamic_reverse_dns.html for more information [RCPT_TO]

--- Below this line is a copy of the message.

Received: from [216.39.60.166] by nm13. access. bullet. mail. gq1. yahoo. com with NNFMP; 19 Aug 2013 03:53:08 -0000
Received: from [67.195.15.63] by tm2. access. bullet .mail. gq1. yahoo .com with NNFMP; 19 Aug 2013 03:53:08 -0000
Received: from [127.0.0.1] by smtp104. sbc. mail. gq1. yahoo. com with NNFMP; 19 Aug 2013 03:53:08 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bellsouth.net; s=s1024; t=1376884388;

magicspam
Posts: 1563
Joined: Tue Oct 28, 2008 2:27 pm

Re: check_reverse_dns_list rule questions

Post by magicspam » Tue Aug 20, 2013 9:59 am

Hello David,

Thank you for your post. If you could, please forward, as an attachment, the entire message you received to our support email address so that we can examine this further. Forwarding as an attachment is important so that headers are preserved.

Our support email address is support@magicspam.com

Thanks!

-- MagicSpam Support Team --

leon-Pi
Posts: 1
Joined: Sat Nov 25, 2017 4:46 am

check_reverse_dns_list rule questions

Post by leon-Pi » Sun Nov 26, 2017 1:41 am

I notice, in the new version, that the single check_dynamic_reverse_dns rule has been replaced by two rules:
check_dynamic_reverse_dns FULL
check_dynamic_reverse_dns_default COMMON

What are the differences in these new rules? I had to disable the previous check_dynamic_reverse_dns rule due to too many poorly set up email servers affecting our customers mail delivery. Im curious if the the rule spit would make it possible to re-apply some of the dynamic reverse dns protections.

Thanks
Midamor - amiloride

magicspam
Posts: 1563
Joined: Tue Oct 28, 2008 2:27 pm

Re: check_reverse_dns_list rule questions

Post by magicspam » Tue Nov 28, 2017 6:11 pm

Hello leon-Pi,

Thank you for your post.

check_dynamic_reverse_dns_default COMMON uses the single REGEX for determining if the the message should be rejected based on the reverse DNS, while check_dynamic_reverse_dns FULL uses our own list of probable dynamic reverse DNS entries, which is regularly updated in your MagicSpam.

We would suggest you to enable the check_dynamic_reverse_dns in your MagicSpam and check if the spam protection for your server is improved.

Please note that MagicSpam PLUS and PRO versions, available only for certain platforms, offer the 'FLAG' feature, which allows you to enable certain policies in the 'FLAG' mode. 'FLAG' mode allow messages only to be flagged as spam and delivered to the customers quarantine, where they can be analyzed and excluded if needed, instead of being rejected right away.

With this advanced feature, you should be able to test any policy without fear that any false positive messages would be rejected.

We hope this information helps.
-- MagicSpam Support Team --

Post Reply

Return to “Discussions on Spam Protection Policies and Default Rules”

Who is online

Users browsing this forum: No registered users and 17 guests