Reason for rejected message ?

Daniel Gehriger gehriger@linkcad.com
Wed, 28 Feb 2007 00:06:02 +0100 

Vernon Schryver wrote:
>> From: Daniel Gehriger 
> 
>> I just upgraded to the latest DCC and found this entry in the log. I 
>> can't figure out why the message has been rejected, even though 
>> zen.spamhaus.org doesn't list any of the IPs contained in the e-mail.
> 
> I was wrong about Spamhaus' PBL.  Because zen.spamhaus.org includes
> pbl.spamhaus.org, and pbl.spamhaus.org includes IP addresses that are
> known to not send spam but are MX or DNS servers (e.g. Comcast's NS
> RRs), it is probably not a good idea to use -Bzen.spamhaus.org,
> at least not without -Bset:no-MX and -Bset:no-NS.

Ok, I'll have a look at this.

> 
> The complaints about DNS timeouts are not good.  Is something wrong
> with your DNS system?  Dccifd should have at least received NXDOMAIN
> for 86.59.190.206.zen.spamhaus.org from your local caching DNS server.
> (I trust you have sufficient reasons for marking a Yahoo IP address
> in /var/dcc/whiteclnt as one of your MX servers.)

[ Yep, Yahoo should be in there. ] There shouldn't be any issues with 
the DNS system. Most of the time, dccifd doesn't complain about timeouts 
but then I get waves of those messages until a new DCC DNS helper is 
started.

> 
> However, none of that is not relevant to this case, because dccifd says
> that it got no answers from your DNS resolver.  Besides, "DCC-->spam"
> claims that the message was rejected because its checksum counts were
> above the local definition of "bulk".  If a DNSBL result were involved,
> there would have been a "DNSBL-->spam" string.  The strangeness is that
> all of the checksums for the message except IP address of the SMTP
> client, 206.190.59.86, were unique to this message.  The only way that
> makes sense is if DCCIFD_REJECT_AT=0 in /var/dcc/dcc_conf to cause
> dccifd to have a -t bulkd threshold of 0.  With what -t value is dccifd
> running?
> 

Here is the output of ps:

/var/dcc/libexec/dccifd -Ivscan -tREP,10 -tCMN,50,50 -Bset:debug=5 
-Brelays.ordb.org,any -Bzen.spamhaus.org,any -llog -wwhiteclnt 
-Uuserdirs -GIPmask/24 -p 127.0.0.1,10023 127.0.0.1/32 -o 
127.0.0.1,10026 -SHELO -Smail_host -SSender -SList-ID

Regards,

Daniel