Antispam MX record check fail
Antispam MX record check fail
Hello
From few days may server is flooded with spam ( which had not happened before )
I took a closer look and MX record
and so we have example spam coming from:
ux.skku.ac.kr
when I used check MX record tool on hmail it responded with: 115.145.162.94
But when I check this hostname with mxtoolbox.com I get respnse that no MX server exist
mx:ux.skku.ac.kr Find Problems
mx
No Records Exist
dns lookup smtp diag blacklist port scan dns propagation
Reported by i-ns.skku.ac.kr on 8/9/2016 at 10:13:39 AM (UTC 0), just for you. (History)
I do not know what to think about it
From few days may server is flooded with spam ( which had not happened before )
I took a closer look and MX record
and so we have example spam coming from:
ux.skku.ac.kr
when I used check MX record tool on hmail it responded with: 115.145.162.94
But when I check this hostname with mxtoolbox.com I get respnse that no MX server exist
mx:ux.skku.ac.kr Find Problems
mx
No Records Exist
dns lookup smtp diag blacklist port scan dns propagation
Reported by i-ns.skku.ac.kr on 8/9/2016 at 10:13:39 AM (UTC 0), just for you. (History)
I do not know what to think about it
Re: Antispam MX record check fail
hMailserver will use an A record if no MX record exists (as per RFCs)
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
Re: Antispam MX record check fail
I see.
But what is the sense ?
As per this real life example spam can slip in. IMHO :Checking MX record this way is pointless.
And A record for ux.skku.ac.kr does not exist
http://mxtoolbox.com/SuperTool.aspx?act ... n=toolpage
so I still do not know how Hmail got 115.145.162.94
But what is the sense ?
As per this real life example spam can slip in. IMHO :Checking MX record this way is pointless.
And A record for ux.skku.ac.kr does not exist
http://mxtoolbox.com/SuperTool.aspx?act ... n=toolpage
so I still do not know how Hmail got 115.145.162.94
Re: Antispam MX record check fail
hMailserver doesn't actually do any lookups, it asks the host Windows to do the DNS lookup, and just uses the result
What does an NS lookup from a command prompt on the computer with hMailserver installed show you?
Which DNS do you use in Windows?
What does an NS lookup from a command prompt on the computer with hMailserver installed show you?
Which DNS do you use in Windows?
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
Re: Antispam MX record check fail
Nslookup points to: 115.145.162.94mattg wrote:
What does an NS lookup from a command prompt on the computer with hMailserver installed show you?
Which DNS do you use in Windows?
I use my IP parter dns: 217.17.34.10 but also check at google's 8.8.8.8.
It is the same result
I also check my hosts file it it is not compromised but it is OK. The response from NSlookuo from other computer is the same
http://www.dnsstuff.com/tools#dnsReport ... skku.ac.kr
I feel completely stupid
Re: Antispam MX record check fail
You linked to this thread from viewtopic.php?f=7&t=30168#p188978
I thought this thread was solved for you
What have I missed??
I thought this thread was solved for you
What have I missed??
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
Re: Antispam MX record check fail
The problem still remains:
example spam coming from: ux.skku.ac.kr
Hmailserver MX check gives value: 115.145.162.94 and passes the spam
while online check http://mxtoolbox.com/SuperTool.aspx?act ... n=toolpage gives no value
This problem applies to othe spaming domains
example spam coming from: ux.skku.ac.kr
Hmailserver MX check gives value: 115.145.162.94 and passes the spam
while online check http://mxtoolbox.com/SuperTool.aspx?act ... n=toolpage gives no value
This problem applies to othe spaming domains
Re: Antispam MX record check fail
http://multirbl.valli.org/lookup/115.145.162.94.html
http://multirbl.valli.org/lookup/ux.skku.ac.kr.html
Blacklists use IP address in 9/10 of the cases...
http://multirbl.valli.org/lookup/ux.skku.ac.kr.html
Blacklists use IP address in 9/10 of the cases...
SørenR.
Woke is Marxism advancing through Maoist cultural revolution.
Woke is Marxism advancing through Maoist cultural revolution.
Re: Antispam MX record check fail
That does not solve my question: why Hmail positively verifies MX record ?
Re: Antispam MX record check fail
Maybe since the sender have a MX record...abgar wrote:That does not solve my question: why Hmail positively verifies MX record ?
Forget about MX records, it will not change fighting SPAM. You need to focus on the IP address of the sender and which blacklists have found it.
hMailAdmin -> Settings -> Anti-spam ->DNS blacklists
DNS host: b.barracudacentral.org
Expected result: 127.0.0.2
Rejection message: RBL - Rejected by Barracuda Reputation Block List
Score: 5 (or whatever fit your installation)
Try this and report back!
SørenR.
Woke is Marxism advancing through Maoist cultural revolution.
Woke is Marxism advancing through Maoist cultural revolution.
Re: Antispam MX record check fail
I already use: spamhause, spamcop, surriel, dnsbl.bit nl so I can also add barracuda - why not. thanks
But problem of strange Hmail behaviour remains
But problem of strange Hmail behaviour remains
Re: Antispam MX record check fail
Can you show SMTP + debug logs of this message (or one like it) being received by hMailserver
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
Re: Antispam MX record check fail
Matt... Manual says under Anti Spam:
I never gave it much thought... Some experimenting is needed me thinks
"Sender" is that the sending mailserver "ux.skku.ac.kr" or "jack.ass@spammer.inc" using "ux.skku.ac.kr" as relay ??Check that sender has DNS-MX records
If you enable this option, hMailServer will check that the senders domain has valid MX records in the DNS. If not, the spam score of this test will be added to the total spam score for the message. Please note that there is no requirement that domains should have MX records. It's perfectly valid for a domain not to have MX records and still send email messages. While most domain owners set up MX records, far from all do it. This means that you should expect quite many false positives using this spam test.
I never gave it much thought... Some experimenting is needed me thinks
SørenR.
Woke is Marxism advancing through Maoist cultural revolution.
Woke is Marxism advancing through Maoist cultural revolution.
Re: Antispam MX record check fail
Through the Force, things you will see. Other places. The future…the past.SorenR wrote:. Some experimenting is needed me thinks
Re: Antispam MX record check fail
From poking around the source code it appears the test is done on the domain of the envelope sender...
In this example "yunguowu.com"...
Code: Select all
"52.67.146.184" "SENT: 220 mx.acme.inc ESMTP"
"52.67.146.184" "RECEIVED: EHLO ec2-52-67-146-184.sa-east-1.compute.amazonaws.com"
"52.67.146.184" "SENT: 250-mx.acme.inc[nl]250 SIZE"
"52.67.146.184" "RECEIVED: MAIL FROM:<zaimi@yunguowu.com>"
"52.67.146.184" "SENT: 250 OK"
SørenR.
Woke is Marxism advancing through Maoist cultural revolution.
Woke is Marxism advancing through Maoist cultural revolution.
Re: Antispam MX record check fail
Hmm, I have no knowledge at your level but upon what I read: https://www.pobox.com/helpspot/index.ph ... age&id=260
checking the mx record of envelope sender makes no sense as antispam feature.
checking the mx record of envelope sender makes no sense as antispam feature.
Re: Antispam MX record check fail
Ok I'm a little lost...
I'm still not sure at what level we are assuming things
I expect that MXToolbox doesn't handle the sub-level domain names well. Most lookup services only check top level domains
I think that "ux.skku.ac.kr" just has too many "." in it to get checked by online checking tools.
Makes much more sense than checking a FROM address that can be spoofed I'd expect...abgar wrote:checking the mx record of envelope sender makes no sense as antispam feature.
I'm still not sure at what level we are assuming things
abgar wrote:example spam coming from: ux.skku.ac.kr
Hmailserver MX check gives value: 115.145.162.94 and passes the spam
mattg wrote:Can you show SMTP + debug logs of this message (or one like it) being received by hMailserver
I'm not really surprised by thisabgar wrote:while online check http://mxtoolbox.com/SuperTool.aspx?act ... n=toolpage gives no value
I expect that MXToolbox doesn't handle the sub-level domain names well. Most lookup services only check top level domains
I think that "ux.skku.ac.kr" just has too many "." in it to get checked by online checking tools.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation