Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - DNS errors in Spam isp
  FAQ FAQ  Forum Search   Register Register  Login Login

DNS errors in Spam isp

 Post Reply Post Reply
Author
jmiglioratti View Drop Down
Newbie
Newbie
Avatar

Joined: 31 March 2016
Location: Rochester
Status: Offline
Points: 4
Post Options Post Options   Thanks (0) Thanks(0)   Quote jmiglioratti Quote  Post ReplyReply Direct Link To This Post Topic: DNS errors in Spam isp
    Posted: 31 March 2016 at 9:24am
I am having lots of email being bounced and some of the messages that get bounced actually get delivered and others do not.

here is the activity log


03/31/16 00:01:18:056 -- (95332368) No Data Received03/31/16 00:01:17:931 -- (95332368) Connection from: 10.241.1.8  -  Originating country : N/A03/31/16 00:01:17:931 -- (95332368) Detected TCP Connection: 10.241.1.8 on port: 2503/31/16 00:00:59:317 -- (95328288) Disconnect03/31/16 00:00:59:317 -- (95328288) SFDB - Added 104.243.68.183 - Response: Error=003/31/16 00:00:59:317 -- (116543888) EMail from VoIP@novastudent.download to wdagostion@wenroch.com was received and quarantined. Size: 2 KB, 2048 bytes03/31/16 00:00:59:302 -- (95328288) Blacklist cache - Added 104.243.68.183 to limbo03/31/16 00:00:59:286 -- (116540768) Time to add Msg to Bayes corpus:003/31/16 00:00:59:239 -- (116543888) Adding to Quarantine file:QrtnFBFCF3CF-D5FC-42FB-90BF-8AA470D70798.tmp03/31/16 00:00:59:239 -- (95328288) Starting bayesian procedures03/31/16 00:00:59:239 -- (95328288) Created thread (116543888) to add email to quarantine03/31/16 00:00:59:239 -- (95328288) Starting quarantine procedures03/31/16 00:00:59:239 -- (95328288) SFDE - Added 1 email hashes - Response: 03/31/16 00:00:59:208 -- (95328288) Hash cache - Added OK03/31/16 00:00:59:192 -- (95328288) Email Subject: **Fortinet-Spam** VoIP Services Could Be Your Solution.03/31/16 00:00:59:192 -- (95328288) From header (VoIP@novastudent.download) matches MAIL FROM (VoIP@novastudent.download)03/31/16 00:00:59:130 -- (95328288) 104.243.68.183 - Mail from: VoIP@novastudent.download To: wdagostion@wenroch.com will be rejected03/31/16 00:00:59:130 -- (95328288) - EmailFrom is in local blacklist file...03/31/16 00:00:59:130 -- (95328288) Received RCPT TO: wdagostion@wenroch.com03/31/16 00:00:59:098 -- (95328288) Received MAIL FROM: VoIP@novastudent.download03/31/16 00:00:59:036 -- (95328288) Connection from: 104.243.68.183  -  Originating country : United States03/31/16 00:00:59:020 -- (95328288) Detected TCP Connection: 104.243.68.183 on port: 2503/31/16 00:00:28:340 -- (46646464) EMail from noreply@workforwendys.com to 448@wenroch.com, ppettinato@wenroch.com ---  was forwarded to 10.241.1.11:25 - Response:250 <E1alTkr-0007jG-Tz@vps.kigwired.com> [InternalId=9819334] Queued mail for delivery --- 03/31/16 00:00:27:761 -- (95310288) Disconnect03/31/16 00:00:27:714 -- (116540768) Time to add Msg to Bayes corpus:003/31/16 00:00:27:652 -- (95310288) Starting bayesian procedures03/31/16 00:00:22:525 -- (46646464) Sending email from noreply@workforwendys.com to 448@wenroch.com, ppettinato@wenroch.com --- 03/31/16 00:00:22:525 -- (95310288) Created thread (46646464) to handle delivery03/31/16 00:00:22:525 -- (95310288) EMail from noreply@workforwendys.com to "448@wenroch.com, ppettinato@wenroch.com" was queued (Indy1ED99123-9BAB-471C-8520-49814068DF1A.~tmp). Size: 15 KB, 16007 bytes03/31/16 00:00:22:525 -- (95310288) Starting queueing procedures03/31/16 00:00:22:494 -- (95310288) - URLs In MAPS search done... 03/31/16 00:00:22:494 -- (95310288) Checking URLs in emails against MAPS03/31/16 00:00:22:494 -- (95310288) Checking SURBL03/31/16 00:00:22:494 -- (95310288) EMail from noreply@workforwendys.com to 448@wenroch.com, ppettinato@wenroch.com passes Bayesian filter - 0% spam  (140ms)03/31/16 00:00:22:291 -- (95310288) Checking SFDE03/31/16 00:00:22:275 -- (95310288) Checking SFDC03/31/16 00:00:22:275 -- (95310288) Email Subject: Job Application from White, Eddie03/31/16 00:00:22:260 -- (95310288) From header (noreply@workforwendys.com) matches MAIL FROM (noreply@workforwendys.com)03/31/16 00:00:22:025 -- (95310288) RCPT TO: ppettinato@wenroch.com accepted03/31/16 00:00:22:025 -- (95310288) Mail from: noreply@workforwendys.com03/31/16 00:00:22:025 -- (95310288) Received RCPT TO: ppettinato@wenroch.com03/31/16 00:00:21:963 -- (95310288) RCPT TO: 448@wenroch.com accepted03/31/16 00:00:21:963 -- (95310288) - MAPS search done... 03/31/16 00:00:21:650 -- (95310288) DNS Server will rotate after query. New server will be 216.136.95.203/31/16 00:00:21:650 -- (95310288) DNS Error:TimedOut03/31/16 00:00:18:790 -- (46985376) IPcache Limbo - removed 1 entries during cleanup03/31/16 00:00:18:681 -- (46985376) Blacklist cache - starting cleanup03/31/16 00:00:17:915 -- (95309088) Disconnect03/31/16 00:00:17:915 -- (95309088) No Data Received03/31/16 00:00:17:790 -- (95309088) Connection from: 10.241.1.8  -  Originating country : N/A03/31/16 00:00:17:790 -- (95309088) Detected TCP Connection: 10.241.1.8 on port: 2503/31/16 00:00:16:633 -- (95310288) DNS Server will rotate after query. New server will be 216.136.95.203/31/16 00:00:16:633 -- (95310288) DNS Error:TimedOut03/31/16 00:00:11:460 -- (95310288) Mail from: noreply@workforwendys.com03/31/16 00:00:11:429 -- (95310288) Resolving 209.140.23.224 - host.clickinfotechmail3.in03/31/16 00:00:11:413 -- (95310288) Received RCPT TO: 448@wenroch.com03/31/16 00:00:11:350 -- (95310288) Received MAIL FROM: noreply@workforwendys.com03/31/16 00:00:11:116 -- (95310288) Received STARTTLS command03/31/16 00:00:11:038 -- (95310288) Connection from: 209.140.23.224  -  Originating country : United States03/31/16 00:00:11:007 -- (95310288) Detected TCP Connection: 209.140.23.224 on port: 2503/30/16 23:59:18:929 -- (46982496) Hash cache - removed 2 entries during cleanup03/30/16 23:59:18:819 -- (46982496) IPcache Limbo - removed 1 entries during cleanup03/30/16 23:59:18:710 -- (46982496) Blacklistcache Limbo - removed 1 entries during cleanup03/30/16 23:59:18:710 -- (46982496) Blacklist cache - starting cleanup
Back to Top
jmiglioratti View Drop Down
Newbie
Newbie
Avatar

Joined: 31 March 2016
Location: Rochester
Status: Offline
Points: 4
Post Options Post Options   Thanks (0) Thanks(0)   Quote jmiglioratti Quote  Post ReplyReply Direct Link To This Post Posted: 31 March 2016 at 9:42am
The timeout is already set to 5000

;The timeout in milliseconds for all DNS-related queries.
DNSTimeout=5000
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4104
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 31 March 2016 at 11:06am
The log section only covers about a minute of data, and shows just a couple of DNS errors. Keeping in mind that a few dozen DNS timeout errors a day are normal, could you please zip us the following so we can take a look:

• SpamFilter's entire activity logfiles for yesterday and today

• Your SpamFilter.ini file

• The \SpamFilter\Domains directory structure (if the files containing any of your blacklists/whitelists are outside that directory tree, please include those as well.


If the zipped file is over 8MB in size, please try to upload the file to our Box repository at:

https://logsat.com/sfi-upload-box.asp

 

As a side-note, DNS timeouts will not prevent emails from being delivered - they just affect the ability of some filters from detecting spam. If there is a DNS timeout experienced by a filter, that filter will "fail-open", meaning will not mark the email as spam and will let the remaining filters have a chance at examining the email.

Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
jmiglioratti View Drop Down
Newbie
Newbie
Avatar

Joined: 31 March 2016
Location: Rochester
Status: Offline
Points: 4
Post Options Post Options   Thanks (0) Thanks(0)   Quote jmiglioratti Quote  Post ReplyReply Direct Link To This Post Posted: 31 March 2016 at 11:18am
I have uploaded the files to box.  the issues we are having is folks that have been fine emailing for years and now they get bounced.. here is an example of the bounce message.

From: Mail Delivery Subsystem <mailer-daemon@googlemail.com>
Date: March 30, 2016 at 7:02:36 AM CDT
To: davidcfox@gmail.com
Subject: Delivery Status Notification (Failure)

Delivery to the following recipient failed permanently:

    jmfox@wenroch.com

Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the server for the recipient domain wenroch.com by mail.wenroch.com. [104.244.193.242].

The error that the other server returned was:
557 Your domain gmail.com does not have a valid MX DNS record.


and another one

Here is the mail failure response that my contact received. 

Get Outlook for mobile

 

_____________________________
From: schrammsigns@oh.rr.com
Sent: Wednesday, March 30, 2016 10:43 AM
Subject: Fw: Mail Delivery Failure
To: Peter Fox <pfox@wenroch.com>


here it is

-----Original Message-----
From: Mail Delivery System
Sent: Wednesday, March 30, 2016 8:59 AM
To: schrammsigns@oh.rr.com
Subject: Mail Delivery Failure

This message was created automatically by the mail system (ecelerity).

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

>>> PFox@wenroch.com (reading confirmation): 557 Your domain oh.rr.com does
>>> not have a valid MX DNS record.


Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4104
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 31 March 2016 at 5:52pm
Received the logs - thanks. From those it seems the issue you are experiencing is one that was resolved in the current official SpamFilter build 4.7.2.184:

// New to VersionNumber = '4.7.2.184';
{TODO -cNew : Added a new filter - the 0-Day domain filter. If a domain has been registered within the last nn days (30 by default), any emails containing that domain name will be heavily weighed as spam.}
{TODO -cNew : SpamFilter Enterprise only - added two new fields in the tbl_FilterSettings table for 0-Day filter and for a new upcoming option - DNSWLBypassForMX_RevDNS_SPF}
{TODO -cFix : In some cases depending on the internet provider DNS lookups could result in several timeouts (logged as DNS Error:TimedOut). This was due a different DNS library that was used starting from v4.7.1.145. Issue is now resolved.}

Can you please try upgrading from your older v4.7.1.172 to either the official 4.7.2.184 or the latest pre-release 4.7.2.194?


Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.117 seconds.