Discussion:
How to fix DNS for "Received: from unknown"
(too old to reply)
Quinn Comendant
2014-10-20 18:12:20 UTC
Permalink
Hi Guys

I've been discussing on the ***@spamassassin.apache.org list about a minor issue I'm having with SA, and it was noted by a couple people that the headers of incoming mail indicates qmail is not doing DNS lookups correctly. Specifically, it seems qmail is not recording the reverse dns of the host from which it received the mail, and is instead using "Received: from unknown …" for all incoming messages. DNS works on the command line, if I query using `host` or `dig` so I don't think it is a problem with our network's DNS. Does qmail need something special to be able to do dns lookups? This has never been a problem for us but apparently this is affecting spamassassin's functionality.

Example "received" headers:

Here's one from gmail:

Received: from unknown (HELO mail-pd0-f175.google.com) (209.85.192.175)
by oak.strangecode.com with (AES128-SHA encrypted) SMTP; 19 Oct 2014 05:42:33 -0000

And testing this IP from the command line on our mail server:

{***@oak/0 ~} host 209.85.192.175
175.192.85.209.in-addr.arpa domain name pointer mail-pd0-f175.google.com.
{***@oak/0 ~} host mail-pd0-f175.google.com
mail-pd0-f175.google.com has address 209.85.192.175


Here's one from Rackspace (our host):

Received: from unknown (HELO smtp1-ext.ord1.corp.rackspace.com) (173.203.4.141)
by oak.strangecode.com with (DHE-RSA-AES256-SHA encrypted) SMTP; 20 Oct 2014 17:42:11 -0000

And from the command line:

{***@oak/0 ~} host 173.203.4.141
141.4.203.173.in-addr.arpa domain name pointer smtp1-ext.ord1.corp.rackspace.com.
{***@oak/0 ~} host smtp1-ext.ord1.corp.rackspace.com
smtp1-ext.ord1.corp.rackspace.com has address 173.203.4.14
Eric Shubert
2014-10-22 01:50:11 UTC
Permalink
Post by Quinn Comendant
Hi Guys
Received: from unknown (HELO mail-pd0-f175.google.com) (209.85.192.175)
by oak.strangecode.com with (AES128-SHA encrypted) SMTP; 19 Oct 2014 05:42:33 -0000
175.192.85.209.in-addr.arpa domain name pointer mail-pd0-f175.google.com.
mail-pd0-f175.google.com has address 209.85.192.175
Received: from unknown (HELO smtp1-ext.ord1.corp.rackspace.com) (173.203.4.141)
by oak.strangecode.com with (DHE-RSA-AES256-SHA encrypted) SMTP; 20 Oct 2014 17:42:11 -0000
141.4.203.173.in-addr.arpa domain name pointer smtp1-ext.ord1.corp.rackspace.com.
smtp1-ext.ord1.corp.rackspace.com has address 173.203.4.141
Thanks!
Quinn
That's on purpose. The tcpserver -H option, which is used by default,
tells tcpserver not to look up the rdns name, the only purpose of which
would be to add it in the message header. spamdyke is doing that
already, and it's in the logs. If you'd like to see the rdns name in the
message header, you can remove the -H option from the tcpserver line in
the /var/qmail/supervise/smtpd/run file. Personally, I think that's
information that doesn't need to be in the message header (along with
the authenticated user's account id, but that's another matter).

I'd like to see spamdyke add its own header at some point, at which time
I'm sure it will be there. Sam's very thorough about these things. ;)

Thanks.
--
-Eric 'shubes'

---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-***@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-***@qmailtoaster.com
Quinn Comendant
2014-10-22 06:58:02 UTC
Permalink
Personally, I think that's information that doesn't need to be in the
message header (along with the authenticated user's account id, but
that's another matter).
Apparently, that info is important for SA. Here's my discussion on the SA users list that elicited this: http://goo.gl/icChJU ("I think that
getting the DNS fixed so RBL tests work will take care of that").

I'm happy to hear its configurable. I'm going to change my config so the header is written and see if SA scoring improves.
I'd like to see spamdyke add its own header at some point, at which
time I'm sure it will be there. Sam's very thorough about these
things. ;)
Is spamdyke packaged with QMT nowadays? I'm not using it.

Quinn

---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-***@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-***@qmailtoaster.com
Eric Shubert
2014-10-22 14:20:02 UTC
Permalink
Post by Quinn Comendant
Personally, I think that's information that doesn't need to be in the
message header (along with the authenticated user's account id, but
that's another matter).
Apparently, that info is important for SA. Here's my discussion on the SA users list that elicited this: http://goo.gl/icChJU ("I think that
getting the DNS fixed so RBL tests work will take care of that").
I'm happy to hear its configurable. I'm going to change my config so the header is written and see if SA scoring improves.
I'd like to see spamdyke add its own header at some point, at which
time I'm sure it will be there. Sam's very thorough about these
things. ;)
Is spamdyke packaged with QMT nowadays? I'm not using it.
Quinn
---------------------------------------------------------------------
That's interesting. The extra DNS lookup is no big deal really, as it'd
be cached by the resolver. I don't recall any other negative side
effects of taking the -H away. I seem to recall some discussion about it
several years back on this list though. Would you try to find that and
see what the upshot was? We should probably consider removing the -H option.

This is somewhat moot though, as the new qmail package will be using
xinetd/init instead of tcpserver/supervise in an upcoming release.
Everything except qmail is no longer using supervise, and qmail is the
last piece. I don't have a time estimate for this, but I expect it will
be the next release.

Yes, there is a new spamdyke rpm included with the yum repos for the new
QMT. You cannot use this with the legacy qmail-toaster package though,
as the configurations are a little different.

You should most definitely be using spamdyke. You can install it with
the qtp-install-spamdyke script. Your server will thank you, as you'll
see the load drop significantly because it won't be scanning nearly as
much. I wouldn't run a mail server without it.
--
-Eric 'shubes'


---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-***@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-***@qmailtoaster.com
a***@globalgate.com.ar
2014-10-22 17:30:04 UTC
Permalink
Hi Eric,
Post by Eric Shubert
This is somewhat moot though, as the new qmail package will be using
xinetd/init instead of tcpserver/supervise in an upcoming release. Everything
except qmail is no longer using supervise, and qmail is the last piece. I
don't have a time estimate for this, but I expect it will be the next
release.
I didn't find in the list archive if you've explained it already

I'm curious: ¿why did you consider better to not run qmail and another pieces
under tcpserver/supervise and choose go back to inetd/xinetd?

Could you elaborate on that please? (on free time of course)

regards,

--

Abel Lucano ____________________________________________________

GlobalGate Ingeniería


---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-***@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-***@qmailtoaster.com
Loading...