RBL scoring in 5.4 oddity.

This forum contains features that has been archived. This section contains implemented features, duplicate requests, and requests which we have decided not to implement.
Post Reply
^DooM^
Site Admin
Posts: 13861
Joined: 2005-07-29 16:18
Location: UK

RBL scoring in 5.4 oddity.

Post by ^DooM^ » 2011-06-29 10:58

Has anyone else come across this situation?

It appears that hMail is marking email as spam even though there is no cause for it to do so. I have never had this issue in the past and has only appeared to start on a fresh 5.4 B1926 install with external MySQL on 64Bit Server 2008 .

I have an email from paypal + others That have come back clean when checked on RBL lists yet hMail is marking them as spam from those RBL lists

I run zen.spamhaus.org and have hMail looking for a result of 127.0.0.2-8|127.0.0.10-11
In the log hMail recorded the following:

Code: Select all

"SMTPD"	43004	0	"2011-06-29 08:02:07.794"	"TCP"	"DNS lookup: 112.188.113.216.zen.spamhaus.org, 0 addresses found: (none), Match: False"
Email was received:

Code: Select all

Received: from outbound1.den.paypal.com ([216.113.188.112]) by mail.mydomain.com ; Wed, 29 Jun 2011 08:02:08 +0100
And hMail marked it as spam with the following headers

Code: Select all

X-hMailServer-Spam: YES
X-hMailServer-Reason-1: The host name specified in HELO does not match IP address. - (Score: 1)
X-hMailServer-Reason-3: Rejected by spamhaus - (Score: 5)
X-hMailServer-Reason-Score: 6
Clearly hMail ignored the result and marked it as spam anyway. I disabled all other RBL's and it still appears to be doing this. Anyone else noticed this behavior?
If at first you don't succeed, bomb disposal probably isn't for you! ヅ

^DooM^
Site Admin
Posts: 13861
Joined: 2005-07-29 16:18
Location: UK

Re: RBL scoring in 5.4 oddity.

Post by ^DooM^ » 2011-06-29 11:06

Here is another one i just came across except this time Zen said no and Barracuda said yes

Code: Select all

"SMTPD"	27228	0	"2011-06-29 00:39:13.307"	"TCP"	"DNS lookup: 55.119.151.64.zen.spamhaus.org, 0 addresses found: (none), Match: False"
"SMTPD"	27228	0	"2011-06-29 00:39:13.330"	"TCP"	"DNS lookup: 55.119.151.64.bb.barracudacentral.org, 1 addresses found: 127.0.0.2, Match: True"

Code: Select all

Received: from mail25.smtprelayserver.com ([64.151.119.55]) by mail.mydomain.com ; Wed, 29 Jun 2011 00:39:14 +0100
And yet hMail still showed Zen as saying yes.

Code: Select all

X-hMailServer-Spam: YES
X-hMailServer-Reason-2: Rejected by barracuda - (Score: 5)
X-hMailServer-Reason-3: Rejected by spamhaus - (Score: 5)
X-hMailServer-Reason-Score: 10
If at first you don't succeed, bomb disposal probably isn't for you! ヅ

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: RBL scoring in 5.4 oddity.

Post by Bill48105 » 2011-06-29 13:51

Odd. I use ASSP in front of hmail so all those tests are off in my hmail but suppose yer gonna make me look into it. :D
Bill
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

rjk
Normal user
Normal user
Posts: 248
Joined: 2010-03-30 19:30
Location: uʍop ǝpısdn

Re: RBL scoring in 5.4 oddity.

Post by rjk » 2011-06-29 15:13

Perhaps your DNS cache is corrupted?

Code: Select all

ipconfig /flushdns
I suppose you have already tried that but no hurt asking. I use the Zen list as well and I am not getting the same issue.
hMailServer 5.5.2-B2129 on Server 2008 R2 VM
MySQL 5.5.25, IIS 7.5, PHP 5.6.2 via FastCGI, RoundCube 1.0.3
XenServer 6.0 on HP DL380 G5 32GB RAM

^DooM^
Site Admin
Posts: 13861
Joined: 2005-07-29 16:18
Location: UK

Re: RBL scoring in 5.4 oddity.

Post by ^DooM^ » 2011-06-29 15:27

If it was DNS, it would show in the logs as a fail. the log clearly shows the RBL does not show the IP as a spam source but hMail says it did, so it's either the log lying or hMail interpreting the result wrong.
If at first you don't succeed, bomb disposal probably isn't for you! ヅ

rolaids0
Normal user
Normal user
Posts: 150
Joined: 2010-04-27 02:03
Location: Florida
Contact:

Re: RBL scoring in 5.4 oddity.

Post by rolaids0 » 2011-06-29 16:07

I checked here and those certainly did not hit.

Does it say something like "Spam test: %s, Score: %d" in the logs?

^DooM^
Site Admin
Posts: 13861
Joined: 2005-07-29 16:18
Location: UK

Re: RBL scoring in 5.4 oddity.

Post by ^DooM^ » 2011-06-29 18:33

Nope the only log entry for spam tests is what i have already posted above.
If at first you don't succeed, bomb disposal probably isn't for you! ヅ

^DooM^
Site Admin
Posts: 13861
Joined: 2005-07-29 16:18
Location: UK

Re: RBL scoring in 5.4 oddity.

Post by ^DooM^ » 2011-06-30 09:49

Well I changed expected result to 127.0.0.* to see if that made any difference and it did not, thismorning i had another email marked as spam but Spamhaus said it wasn't.

Code: Select all

Received: from smtp.minsk.bluehornet.com ([216.54.194.23]) by mail.mydomain.com ; Thu, 30 Jun 2011 03:36:16 +0100

Code: Select all

"SMTPD"	42184	0	"2011-06-30 03:36:16.356"	"TCP"	"DNS lookup: 23.194.54.216.zen.spamhaus.org, 0 addresses found: (none), Match: False"
"SMTPD"	42184	0	"2011-06-30 03:36:16.380"	"TCP"	"DNS lookup: 23.194.54.216.bb.barracudacentral.org, 0 addresses found: (none), Match: False"

Code: Select all

X-hMailServer-Spam: YES
X-hMailServer-Reason-1: Rejected by DKIM. - (Score: 1)
X-hMailServer-Reason-2: Rejected by spamhaus - (Score: 5)
X-hMailServer-Reason-Score: 6
Next I will remove that RBL completely and re-add it.
If at first you don't succeed, bomb disposal probably isn't for you! ヅ

^DooM^
Site Admin
Posts: 13861
Joined: 2005-07-29 16:18
Location: UK

Re: RBL scoring in 5.4 oddity.

Post by ^DooM^ » 2011-07-03 02:24

Well it strikes again even after i removed and re-added spamhaus

Code: Select all

"SMTPD"	41988	0	"2011-07-03 00:02:22.926"	"TCP"	"DNS lookup: 195.122.210.207.bb.barracudacentral.org, 0 addresses found: (none), Match: False"
"SMTPD"	41988	0	"2011-07-03 00:02:23.181"	"TCP"	"DNS lookup: 195.122.210.207.zen.spamhaus.org, 0 addresses found: (none), Match: False"

Code: Select all

Delivered-To: socks@mydomain.com
Received: from mimimail16.com ([207.210.122.195]) by mail.mydomain.com ; Sun, 3 Jul 2011
 00:02:23 +0100
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=mimi; d=madmimi.com; h=Date:From:To:Message-Id:Subject:Mime-Version:Content-Type:List-Unsubscribe;
 bh=15gem+IJGXBOz376qO/NlIhJWE8=; b=fshQsq/wVO/Ui7TbzbFUYhbNUX4hSnVMwjvBi+ejHDl2tj0juHHyEB4GM4kj0OuxYRvca9FsMb7U
 np8+Rcv87qSFssdsLMkWjZmh+58wd6YxB4VMf/NwIKLvDTnusmS5OJ/inCN0TqmRGgZru3XzyLcM
 pfQ7tuv84fqoMPkSIMs=
Received: by mimimail16.com id h1uho40t3bcq for <socks@mydomain.com>; Sat, 2 Jul
 2011 19:02:26 -0400 (envelope-from <mailman@mimimail16.com>)
Date: Sat, 2 Jul 2011 19:02:26 -0400
From: Lunar Workshop <jorge@lunarworkshop.com>
To: socks@mydomain.com
Message-Id: <4e0fa3826bd8_4e13e6693c797a8@worker6.madmimi.managedmachine.com.tmail>
Subject: [SPAM] 5 For 5 Games Bundle Update
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary=mimepart_4e0fa3828ab7_4e13e6693c798eb
Mimiaid: 4270830230
List-Unsubscribe: <mailto:mailman@mimimail1.com?subject=Unsubscribe 4270830230>, <http://go.madmimi.com/opt_out?fe=1&pact=4270830230&amx=857774400>
Precendence: bulk
X-hMailServer-Spam: YES
X-hMailServer-Reason-1: Rejected by spamhaus - (Score: 5)
X-hMailServer-Reason-4: Sender domain does not have any MX records. - (Score: 1)
X-hMailServer-Reason-Score: 6
If at first you don't succeed, bomb disposal probably isn't for you! ヅ

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: RBL scoring in 5.4 oddity.

Post by Bill48105 » 2011-07-03 03:18

DooM, it only happen if there is another positive flagging of some sort? Suppose you're gonna make me test this aren't ya? LOL
Bill
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

^DooM^
Site Admin
Posts: 13861
Joined: 2005-07-29 16:18
Location: UK

Re: RBL scoring in 5.4 oddity.

Post by ^DooM^ » 2011-07-03 08:59

Bill48105 wrote:DooM, it only happen if there is another positive flagging of some sort? Suppose you're gonna make me test this aren't ya? LOL
Bill
Could be, want me to disable all but Spamhaus?
If at first you don't succeed, bomb disposal probably isn't for you! ヅ

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: RBL scoring in 5.4 oddity.

Post by Bill48105 » 2011-07-03 14:59

^DooM^ wrote:Could be, want me to disable all but Spamhaus?
Well not sure tha'd help, the one you show was DKIM & spamhaus.. (Well logs didn't show another dns bl trip anyway). Definitely strange. I guess I was thinking someone if ANY antispam trips then 1st or last dns bl trips perhaps. Too bad I don't use hmail's antispam or perhaps I woulda run into it & had a clue. If it is indeed hmail & not your setup I am shocked no one else is running into it.
Bill
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

^DooM^
Site Admin
Posts: 13861
Joined: 2005-07-29 16:18
Location: UK

Re: RBL scoring in 5.4 oddity.

Post by ^DooM^ » 2011-07-04 00:30

Me to and this only started happening on a fresh 5.4 install, my old upgraded 5.4 install works just fine.
If at first you don't succeed, bomb disposal probably isn't for you! ヅ

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: RBL scoring in 5.4 oddity.

Post by Bill48105 » 2011-07-06 17:09

^DooM^ wrote:Me to and this only started happening on a fresh 5.4 install, my old upgraded 5.4 install works just fine.
Compare settings with fine toothed comb, preferably viewing SQL, sqldump or backup. There MUST be SOMETHING different.
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

^DooM^
Site Admin
Posts: 13861
Joined: 2005-07-29 16:18
Location: UK

Re: RBL scoring in 5.4 oddity.

Post by ^DooM^ » 2011-07-06 20:31

Will do as soon as it happens again.
If at first you don't succeed, bomb disposal probably isn't for you! ヅ

^DooM^
Site Admin
Posts: 13861
Joined: 2005-07-29 16:18
Location: UK

Re: RBL scoring in 5.4 oddity.

Post by ^DooM^ » 2011-07-10 11:03

Well I can't see the problem and as I am the only one that appears to have this issue I'll just disable spamhaus and see if it happens with any other RBL's
If at first you don't succeed, bomb disposal probably isn't for you! ヅ

^DooM^
Site Admin
Posts: 13861
Joined: 2005-07-29 16:18
Location: UK

Re: RBL scoring in 5.4 oddity.

Post by ^DooM^ » 2011-08-09 13:49

This turned out to be user error :oops: I started using spamhaus surbl which was throwing up false positives but i gave it the same reject name as the standard rbl and completely forgot i had added the spamhaus SURBL. Thanks to Bill for troubleshooting with me. Sometimes helps to have a second set of eyes look at a problem :)
If at first you don't succeed, bomb disposal probably isn't for you! ヅ

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: RBL scoring in 5.4 oddity.

Post by Bill48105 » 2011-08-09 16:33

Here ya go DooM: :shock: Those big enough eyes for you? hehe Glad there was a logical explanation found at least.
Bill
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

Post Reply