DNS Blacklist check doesn't always reject messages

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
richyrich
New user
New user
Posts: 2
Joined: 2013-04-02 23:36

DNS Blacklist check doesn't always reject messages

Post by richyrich » 2013-04-03 22:14

A few email accounts on my server have started to be hit hard by spammers.

I did have SpamAssassin installed but when I run the spamd service it is constantly crashing and subsequently preventing any emails from being received. So, I'm not able to run SpamAssassin at the moment.

So, I have turned on the DNSBL for spamcop (127.0.0.* score 4) and spamhaus (127.0.0.* score 5) and also added another for bl.mailspike.org (127.0.0.* score 4).

I can see it is picking up some spam messages in the log and marking them as "Rejected by xxxx". However, I can see some messages that are obviously spam addresses, that are still getting through. When I manually check the IP address from the log against the DNSBL, they all say rejected. And yet, hmailserver, isn't rejecting them.

For example, I have this message in the log:-
"176.8.141.151" "SENT: 550 Rejected by SpamCop."
But also received a message from 189.203.203.19. This message was not marked as rejected, but when I manually check the IP it is listed on the same DNS BLs as the previous message.

Any idea why it is rejecting some and not others?

User avatar
mattg
Moderator
Moderator
Posts: 20960
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: DNS Blacklist check doesn't always reject messages

Post by mattg » 2013-04-04 00:57

Depends on your entire SPAM scoring

If mail doesn't meet the mark score, then no tests are recorded in the mail headers. Are you checking mail headers or logs?
Also, I suspect that if a time out occurs when doing a DNSBL check, then the assumption is a 'pass'.

SPAMhaus has been copping a pretty large DDOS attack recently - http://www.spamhaus.org/news/article/69 ... n-spamhaus and it may well be that there servers have been too busy to respond in a timely manner.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

japi
New user
New user
Posts: 27
Joined: 2011-06-12 14:09
Location: Germany

Re: DNS Blacklist check doesn't always reject messages

Post by japi » 2013-04-04 10:52

Hi,

which DNS servers are you using?
Google DNS for example is not working if you want to query spamhaus.
Maybe spamhaus does not like googles caching of queries... I don't know. But for some reason it's not working. It seems like spamhaus blocks google DNS from querying them (maybe depending on the list-type; short-/long-term blacklisting).

Since switching to other DNS servers, my spam rejecting percentage went up more than 50%. :D

For now i'm using OpenDNS (works great), but using public DNS servers is not recommended by spamhaus (see http://www.spamhaus.org/faq/section/DNSBL%20Usage#261 )

Also i can recommend using barracudas blacklist: http://www.barracudacentral.org/rbl/how-to-use
I't gets some spammers which spamhaus and spamcop don't catch and has virtually no false positives (uceprotect and sorbs had a LOT false positives during my tests).

You can find some discussions about that topic online, for example:
https://groups.google.com/forum/?fromgr ... 8PKNkm1oyU

Best Regards,
JP

User avatar
mattg
Moderator
Moderator
Posts: 20960
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: DNS Blacklist check doesn't always reject messages

Post by mattg » 2013-04-04 12:51

I normally wouldn't recommend using OpenDNS servers for a mail server, because if you block any sites with your OpenDNS account, the mailserver just won't send to some sites, and generate lots of errors
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

richyrich
New user
New user
Posts: 2
Joined: 2013-04-02 23:36

Re: DNS Blacklist check doesn't always reject messages

Post by richyrich » 2013-04-04 20:24

mattg wrote:Depends on your entire SPAM scoring

If mail doesn't meet the mark score, then no tests are recorded in the mail headers. Are you checking mail headers or logs?
Also, I suspect that if a time out occurs when doing a DNSBL check, then the assumption is a 'pass'.

SPAMhaus has been copping a pretty large DDOS attack recently - http://www.spamhaus.org/news/article/69 ... n-spamhaus and it may well be that there servers have been too busy to respond in a timely manner.
Hi

I'm checking the hmailserver logs and then running the IP that it is logging manually against the individual black lists. Like you say, it could well be they are timing out. Yeah, I have tried adjusting the scoring and have added some additional black list checks. So, the mark as spam score setting is currently 8, delete the message is 10. My blacklists are:-
Spamhaus Score=5
SpamCop Score=4
MailSpike Score=4
PSBL Score=3
Lashback Score=3

I did see about the attack on Spamhaus. I don't have any major problems when querying direct on their website, but I can see this could be an issue.
japi wrote:which DNS servers are you using?
I've just checked and it looks like it is using Google DNS.
japi wrote:Also i can recommend using barracudas blacklist: http://www.barracudacentral.org/rbl/how-to-use
I did go through the Barracuda's but, to be honest, I couldn't be bothered to go through the whole registration process! :)

It does seem to have improved a bit with adding the additional lists. The ones still getting through don't seem to be listed when I check them, so it does seem to be working better now.

Thanks for your help :)

Post Reply