Reason for rejected message ?

Vernon Schryver vjs@calcite.rhyolite.com
Tue Feb 27 20:09:38 UTC 2007


> From: Daniel Gehriger 

> I just upgraded to the latest DCC and found this entry in the log. I 
> can't figure out why the message has been rejected, even though 
> zen.spamhaus.org doesn't list any of the IPs contained in the e-mail.

I was wrong about Spamhaus' PBL.  Because zen.spamhaus.org includes
pbl.spamhaus.org, and pbl.spamhaus.org includes IP addresses that are
known to not send spam but are MX or DNS servers (e.g. Comcast's NS
RRs), it is probably not a good idea to use -Bzen.spamhaus.org,
at least not without -Bset:no-MX and -Bset:no-NS.

The complaints about DNS timeouts are not good.  Is something wrong
with your DNS system?  Dccifd should have at least received NXDOMAIN
for 86.59.190.206.zen.spamhaus.org from your local caching DNS server.
(I trust you have sufficient reasons for marking a Yahoo IP address
in /var/dcc/whiteclnt as one of your MX servers.)

However, none of that is not relevant to this case, because dccifd says
that it got no answers from your DNS resolver.  Besides, "DCC-->spam"
claims that the message was rejected because its checksum counts were
above the local definition of "bulk".  If a DNSBL result were involved,
there would have been a "DNSBL-->spam" string.  The strangeness is that
all of the checksums for the message except IP address of the SMTP
client, 206.190.59.86, were unique to this message.  The only way that
makes sense is if DCCIFD_REJECT_AT=0 in /var/dcc/dcc_conf to cause
dccifd to have a -t bulkd threshold of 0.  With what -t value is dccifd
running?


> > ### end of message body ########################
> > no DNSBL helper answer
> > 1Qhr2a DNSBL failed for sender 206.190.59.86, 14.0 msg-secs remaining
> > no DNSBL helper answer
> > 1Qhr2a DNSBL failed for lombric.ch, 3.0 msg-secs remaining
> > no DNSBL helper answer
> > 1Qhr2a DNSBL exhausted 25 msg-secs for www.doodle.ch
> > DCC-->spam  dccifd  global
> > 
> > X-DCC-EATSERVER-Metrics: vps183.sui-inter.net 1166; bulk Body=1 Fuz1=1
> >                             reported: 1               checksum  server wlist
> >                        IP: fbb931b2 f51a1606 d4b9c10d 2804a798            mx
> >                  env_From: d86486d2 7a41662b 3db9df5a a4f06fcf
> >                      From: 6a1b0db5 179b1289 940b2c50 0f4df1a1
> >           substitute helo: 3e7aa4ba c1995ecf 27310463 40a147d5
> >                Message-ID: 7ed1829b f2f4c2f2 e1d101f2 5f85ff85
> >                  Received: 67c39aaa 00ede42b cd283ec0 cd752353
> >                      Body: 56859aa5 5a66042c b868eed4 e337537f       0
> >                      Fuz1: 8a2d296f 8d50151d 5515bd93 ff253d74       0
> >      substitute mail_host: dc4446ce 14efb078 b2d1ef1a 478fdd30
> > 
> >        greylist recipient
> >      sylvaine@linkcad.com: 71d5c1ba e4189545 2b4a3587 e11268aa
> >                            1a406611 f3fe8373 d896388f 0b23d47e Embargo #1 reset
> > 
> > rejection message: 550 5.7.1 Service unavailable; Mail rejected as SPAM
> > result: reject


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.