Antispam MX record check fail

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
abgar
Normal user
Normal user
Posts: 93
Joined: 2005-03-23 09:33
Location: Warsaw, Poland

Antispam MX record check fail

Post by abgar » 2016-08-09 12:15

Hello
From few days may server is flooded with spam ( which had not happened before )
I took a closer look and MX record

and so we have example spam coming from:
ux.skku.ac.kr

when I used check MX record tool on hmail it responded with: 115.145.162.94

But when I check this hostname with mxtoolbox.com I get respnse that no MX server exist
mx:ux.skku.ac.kr Find Problems

mx

No Records Exist
dns lookup smtp diag blacklist port scan dns propagation
Reported by i-ns.skku.ac.kr on 8/9/2016 at 10:13:39 AM (UTC 0), just for you. (History)

I do not know what to think about it

User avatar
mattg
Moderator
Moderator
Posts: 20239
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Antispam MX record check fail

Post by mattg » 2016-08-09 13:58

hMailserver will use an A record if no MX record exists (as per RFCs)
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

abgar
Normal user
Normal user
Posts: 93
Joined: 2005-03-23 09:33
Location: Warsaw, Poland

Re: Antispam MX record check fail

Post by abgar » 2016-08-10 10:54

I see.
But what is the sense ?
As per this real life example spam can slip in. IMHO :Checking MX record this way is pointless.


And A record for ux.skku.ac.kr does not exist
http://mxtoolbox.com/SuperTool.aspx?act ... n=toolpage

so I still do not know how Hmail got 115.145.162.94

User avatar
mattg
Moderator
Moderator
Posts: 20239
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Antispam MX record check fail

Post by mattg » 2016-08-10 11:32

hMailserver doesn't actually do any lookups, it asks the host Windows to do the DNS lookup, and just uses the result

What does an NS lookup from a command prompt on the computer with hMailserver installed show you?
Which DNS do you use in Windows?
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

abgar
Normal user
Normal user
Posts: 93
Joined: 2005-03-23 09:33
Location: Warsaw, Poland

Re: Antispam MX record check fail

Post by abgar » 2016-08-10 12:02

mattg wrote:
What does an NS lookup from a command prompt on the computer with hMailserver installed show you?
Which DNS do you use in Windows?
Nslookup points to: 115.145.162.94
I use my IP parter dns: 217.17.34.10 but also check at google's 8.8.8.8.
It is the same result

I also check my hosts file it it is not compromised but it is OK. The response from NSlookuo from other computer is the same


http://www.dnsstuff.com/tools#dnsReport ... skku.ac.kr
I feel completely stupid :evil:

User avatar
mattg
Moderator
Moderator
Posts: 20239
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Antispam MX record check fail

Post by mattg » 2016-08-21 00:55

You linked to this thread from viewtopic.php?f=7&t=30168#p188978

I thought this thread was solved for you

What have I missed??
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

abgar
Normal user
Normal user
Posts: 93
Joined: 2005-03-23 09:33
Location: Warsaw, Poland

Re: Antispam MX record check fail

Post by abgar » 2016-08-22 11:02

The problem still remains:

example spam coming from: ux.skku.ac.kr

Hmailserver MX check gives value: 115.145.162.94 and passes the spam

while online check http://mxtoolbox.com/SuperTool.aspx?act ... n=toolpage gives no value

This problem applies to othe spaming domains

User avatar
SorenR
Senior user
Senior user
Posts: 3215
Joined: 2006-08-21 15:38
Location: Denmark

Re: Antispam MX record check fail

Post by SorenR » 2016-08-22 13:50

SørenR.

“With age comes wisdom, but sometimes age comes alone.”
- Oscar Wilde

abgar
Normal user
Normal user
Posts: 93
Joined: 2005-03-23 09:33
Location: Warsaw, Poland

Re: Antispam MX record check fail

Post by abgar » 2016-08-22 14:02

That does not solve my question: why Hmail positively verifies MX record ?

User avatar
SorenR
Senior user
Senior user
Posts: 3215
Joined: 2006-08-21 15:38
Location: Denmark

Re: Antispam MX record check fail

Post by SorenR » 2016-08-22 15:08

abgar wrote:That does not solve my question: why Hmail positively verifies MX record ?
Maybe since the sender have a MX record...

Forget about MX records, it will not change fighting SPAM. You need to focus on the IP address of the sender and which blacklists have found it.

hMailAdmin -> Settings -> Anti-spam ->DNS blacklists

DNS host: b.barracudacentral.org
Expected result: 127.0.0.2
Rejection message: RBL - Rejected by Barracuda Reputation Block List
Score: 5 (or whatever fit your installation)

Try this and report back!
SørenR.

“With age comes wisdom, but sometimes age comes alone.”
- Oscar Wilde

abgar
Normal user
Normal user
Posts: 93
Joined: 2005-03-23 09:33
Location: Warsaw, Poland

Re: Antispam MX record check fail

Post by abgar » 2016-08-22 15:20

I already use: spamhause, spamcop, surriel, dnsbl.bit nl so I can also add barracuda - why not. thanks

But problem of strange Hmail behaviour remains

User avatar
mattg
Moderator
Moderator
Posts: 20239
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Antispam MX record check fail

Post by mattg » 2016-08-22 15:48

Can you show SMTP + debug logs of this message (or one like it) being received by hMailserver
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
SorenR
Senior user
Senior user
Posts: 3215
Joined: 2006-08-21 15:38
Location: Denmark

Re: Antispam MX record check fail

Post by SorenR » 2016-08-22 16:19

Matt... Manual says under Anti Spam:
Check that sender has DNS-MX records

If you enable this option, hMailServer will check that the senders domain has valid MX records in the DNS. If not, the spam score of this test will be added to the total spam score for the message. Please note that there is no requirement that domains should have MX records. It's perfectly valid for a domain not to have MX records and still send email messages. While most domain owners set up MX records, far from all do it. This means that you should expect quite many false positives using this spam test.
"Sender" is that the sending mailserver "ux.skku.ac.kr" or "jack.ass@spammer.inc" using "ux.skku.ac.kr" as relay ??

I never gave it much thought... Some experimenting is needed me thinks :wink:
SørenR.

“With age comes wisdom, but sometimes age comes alone.”
- Oscar Wilde

abgar
Normal user
Normal user
Posts: 93
Joined: 2005-03-23 09:33
Location: Warsaw, Poland

Re: Antispam MX record check fail

Post by abgar » 2016-08-22 16:49

SorenR wrote:. Some experimenting is needed me thinks :wink:
Through the Force, things you will see. Other places. The future…the past. :)

User avatar
SorenR
Senior user
Senior user
Posts: 3215
Joined: 2006-08-21 15:38
Location: Denmark

Re: Antispam MX record check fail

Post by SorenR » 2016-08-22 18:09

From poking around the source code it appears the test is done on the domain of the envelope sender...

Code: Select all

"52.67.146.184"	"SENT: 220 mx.acme.inc ESMTP"
"52.67.146.184"	"RECEIVED: EHLO ec2-52-67-146-184.sa-east-1.compute.amazonaws.com"
"52.67.146.184"	"SENT: 250-mx.acme.inc[nl]250 SIZE"
"52.67.146.184"	"RECEIVED: MAIL FROM:<zaimi@yunguowu.com>"
"52.67.146.184"	"SENT: 250 OK"
In this example "yunguowu.com"...
SørenR.

“With age comes wisdom, but sometimes age comes alone.”
- Oscar Wilde

abgar
Normal user
Normal user
Posts: 93
Joined: 2005-03-23 09:33
Location: Warsaw, Poland

Re: Antispam MX record check fail

Post by abgar » 2016-08-23 00:03

Hmm, I have no knowledge at your level but upon what I read: https://www.pobox.com/helpspot/index.ph ... age&id=260
checking the mx record of envelope sender makes no sense as antispam feature.

User avatar
mattg
Moderator
Moderator
Posts: 20239
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Antispam MX record check fail

Post by mattg » 2016-08-23 01:32

Ok I'm a little lost...
abgar wrote:checking the mx record of envelope sender makes no sense as antispam feature.
Makes much more sense than checking a FROM address that can be spoofed I'd expect...

I'm still not sure at what level we are assuming things
abgar wrote:example spam coming from: ux.skku.ac.kr
Hmailserver MX check gives value: 115.145.162.94 and passes the spam
mattg wrote:Can you show SMTP + debug logs of this message (or one like it) being received by hMailserver
abgar wrote:while online check http://mxtoolbox.com/SuperTool.aspx?act ... n=toolpage gives no value
I'm not really surprised by this
I expect that MXToolbox doesn't handle the sub-level domain names well. Most lookup services only check top level domains
I think that "ux.skku.ac.kr" just has too many "." in it to get checked by online checking tools.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

Post Reply