Results 1 to 5 of 5

Thread: SpamAssassin flagging everything as NO_DNS_FOR_FROM

  1. #1
    Join Date
    Jan 2006
    Posts
    17
    Rep Power
    9

    Question SpamAssassin flagging everything as NO_DNS_FOR_FROM

    Hi

    On our Zimbra 6.0.5 server running on Fedora 6, it seems that all messages are being tagged by spamassassin with NO_DNS_FOR_FROM (despite having legitimate sent addresses).

    How should I debug this? It started happening today...

    Example header:

    Code:
    Return-Path: mailman-bounces@mozilla.org
    Received: from zzzzzz.yyyyyy.com (LHLO zzzzzz.yyyyyy.com) (NN.NNN.NN.NN) by
     zzzzzz.yyyyyy.com with LMTP; Wed, 1 Sep 2010 07:10:44 -0500 (CDT)
    Received: from localhost (localhost.localdomain [127.0.0.1])
     by zzzzzz.yyyyyy.com (Postfix) with ESMTP id 84983B90D2D
     for ; Wed,  1 Sep 2010 07:10:42 -0500 (CDT)
    X-Virus-Scanned: amavisd-new at zzzzzz.yyyyyy.com
    X-Spam-Flag: NO
    X-Spam-Score: -1.851
    X-Spam-Level: 
    X-Spam-Status: No, score=-1.851 tagged_above=-10 required=3.2
     tests=[AWL=-0.748, BAYES_00=-2.599, NO_DNS_FOR_FROM=1.496]
     autolearn=no
    Received: from zzzzzz.yyyyyy.com ([127.0.0.1])
     by localhost (zzzzzz.yyyyyy.com [127.0.0.1]) (amavisd-new, port 10024)
     with ESMTP id 7rHCzaW15+sm; Wed,  1 Sep 2010 07:10:37 -0500 (CDT)
    Received: from dm-mailman01.mozilla.org (mail.mozilla.org [63.245.208.162])
     by zzzzzz.yyyyyy.com (Postfix) with ESMTP id 0389EB90D24
     for ; Wed,  1 Sep 2010 07:10:37 -0500 (CDT)
    Received: from dm-mailman01.mozilla.org (localhost.localdomain [127.0.0.1])
     by dm-mailman01.mozilla.org (Postfix) with ESMTP id 6F52D93E596
     for ; Wed,  1 Sep 2010 05:10:31 -0700 (PDT)
    MIME-Version: 1.0
    Content-Type: text/plain; charset="us-ascii"
    Content-Transfer-Encoding: 7bit
    Subject: mozilla.org mailing list memberships reminder
    From: mailman-owner@mozilla.org
    To: xxxxxx@xxxxxx.xxx
    X-No-Archive: yes
    Message-ID: 
    Date: Wed, 01 Sep 2010 05:09:29 -0700
    Precedence: bulk
    X-BeenThere: mailman@mozilla.org
    X-Mailman-Version: 2.1.12
    List-Id: 
    X-List-Administrivia: yes
    Sender: mailman-bounces@mozilla.org
    Errors-To: mailman-bounces@mozilla.org
    (Also at serverfault)

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by davidfraser View Post
    On our Zimbra 6.0.5 server running on Fedora 6, it seems that all messages are being tagged by spamassassin with NO_DNS_FOR_FROM (despite having legitimate sent addresses).
    It's not actually causing you a problem as the score is not bumping it to a spam level. That rule is for:

    Envelope sender has no MX or A DNS records
    Quote Originally Posted by davidfraser View Post
    How should I debug this? It started happening today...
    Do you think the spamassassin score might be justified with the following information?

    Code:
    dig dm-mailman01.mozilla.org mx
    
    ; <<>> DiG 9.7.1 <<>> dm-mailman01.mozilla.org mx
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8074
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;dm-mailman01.mozilla.org.      IN      MX
    
    ;; Query time: 93 msec
    ;; SERVER: 192.168.1.10#53(192.168.1.10)
    ;; WHEN: Wed Sep  1 17:19:24 2010
    ;; MSG SIZE  rcvd: 42
    Code:
    dig mozilla.org mx
    
    ; <<>> DiG 9.7.1 <<>> mozilla.org mx
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28983
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 4
    
    ;; QUESTION SECTION:
    ;mozilla.org.                   IN      MX
    
    ;; ANSWER SECTION:
    mozilla.org.            600     IN      MX      100 mozilla.com.s5a1.psmtp.com.
    mozilla.org.            600     IN      MX      300 mozilla.com.s5b1.psmtp.com.
    mozilla.org.            600     IN      MX      400 mozilla.com.s5b2.psmtp.com.
    mozilla.org.            600     IN      MX      200 mozilla.com.s5a2.psmtp.com.
    
    ;; ADDITIONAL SECTION:
    mozilla.com.s5a1.psmtp.com. 14400 IN    A       64.18.4.10
    mozilla.com.s5b2.psmtp.com. 14400 IN    A       64.18.4.14
    mozilla.com.s5a2.psmtp.com. 14400 IN    A       64.18.4.11
    mozilla.com.s5b1.psmtp.com. 14400 IN    A       64.18.4.13
    
    ;; Query time: 1209 msec
    ;; SERVER: 192.168.1.10#53(192.168.1.10)
    ;; WHEN: Wed Sep  1 17:25:03 2010
    ;; MSG SIZE  rcvd: 234
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    Join Date
    Jan 2006
    Posts
    17
    Rep Power
    9

    Default

    Quote Originally Posted by phoenix View Post
    It's not actually causing you a problem as the score is not bumping it to a spam level.
    It's not for this mail, but it did for others

    Quote Originally Posted by phoenix View Post
    Do you think the spamassassin score might be justified with the following information?

    Code:
    dig dm-mailman01.mozilla.org mx
    
    ; <<>> DiG 9.7.1 <<>> dm-mailman01.mozilla.org mx
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8074
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;dm-mailman01.mozilla.org.      IN      MX
    
    ;; Query time: 93 msec
    ;; SERVER: 192.168.1.10#53(192.168.1.10)
    ;; WHEN: Wed Sep  1 17:19:24 2010
    ;; MSG SIZE  rcvd: 42
    Code:
    dig mozilla.org mx
    
    ; <<>> DiG 9.7.1 <<>> mozilla.org mx
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28983
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 4
    
    ;; QUESTION SECTION:
    ;mozilla.org.                   IN      MX
    
    ;; ANSWER SECTION:
    mozilla.org.            600     IN      MX      100 mozilla.com.s5a1.psmtp.com.
    mozilla.org.            600     IN      MX      300 mozilla.com.s5b1.psmtp.com.
    mozilla.org.            600     IN      MX      400 mozilla.com.s5b2.psmtp.com.
    mozilla.org.            600     IN      MX      200 mozilla.com.s5a2.psmtp.com.
    
    ;; ADDITIONAL SECTION:
    mozilla.com.s5a1.psmtp.com. 14400 IN    A       64.18.4.10
    mozilla.com.s5b2.psmtp.com. 14400 IN    A       64.18.4.14
    mozilla.com.s5a2.psmtp.com. 14400 IN    A       64.18.4.11
    mozilla.com.s5b1.psmtp.com. 14400 IN    A       64.18.4.13
    
    ;; Query time: 1209 msec
    ;; SERVER: 192.168.1.10#53(192.168.1.10)
    ;; WHEN: Wed Sep  1 17:25:03 2010
    ;; MSG SIZE  rcvd: 234
    Not at all - and this is happening for multiple domains it didn't happen before fore. This is quite a regular DNS setup. The rule is only meant to match where there are no A or MX records associated with the domain at all

  4. #4
    Join Date
    Jun 2008
    Location
    Berkeley, CA
    Posts
    1,474
    Rep Power
    9

    Default

    The rule is described on my server (6.0.8)
    Code:
    20_net_tests.cf:header NO_DNS_FOR_FROM		eval:check_dns_sender()
    20_net_tests.cf:describe NO_DNS_FOR_FROM	Envelope sender has no MX or A DNS records
    20_net_tests.cf:tflags NO_DNS_FOR_FROM		net
    20_net_tests.cf:reuse  NO_DNS_FOR_FROM
    Note: envelope sender, which is the return path. As phoenix's second code block shows, the mail should pass this test. And of course if ALL mail is failing the test, then it's unlikely to be a problem with that one.

    What I would do in this situation is run dig mozilla.org mx as zimbra on the Zimbra box. I'll bet you have a problem with your DNS configuration on your ZCS box or (more likely) on whatever DNS server it uses.

  5. #5
    Join Date
    Jan 2006
    Posts
    17
    Rep Power
    9

    Default

    Quote Originally Posted by ewilen View Post
    The rule is described on my server (6.0.8)
    Code:
    20_net_tests.cf:header NO_DNS_FOR_FROM		eval:check_dns_sender()
    20_net_tests.cf:describe NO_DNS_FOR_FROM	Envelope sender has no MX or A DNS records
    20_net_tests.cf:tflags NO_DNS_FOR_FROM		net
    20_net_tests.cf:reuse  NO_DNS_FOR_FROM
    Note: envelope sender, which is the return path. As phoenix's second code block shows, the mail should pass this test. And of course if ALL mail is failing the test, then it's unlikely to be a problem with that one.

    What I would do in this situation is run dig mozilla.org mx as zimbra on the Zimbra box. I'll bet you have a problem with your DNS configuration on your ZCS box or (more likely) on whatever DNS server it uses.
    Thanks; that's helpful. It initially seemed like this was happening to all mail (within the initial period), but now I'm getting it on only some. I'm suspecting a transient/intermittent DNS failure; this helps me to investigate

Similar Threads

  1. [SOLVED] Spamassassin Questions
    By GCamp in forum Administrators
    Replies: 6
    Last Post: 05-02-2009, 11:49 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •