DNS errors in Spam isp |
Post Reply |
Author | |
jmiglioratti
Newbie Joined: 31 March 2016 Location: Rochester Status: Offline Points: 4 |
Post Options
Thanks(0)
Posted: 31 March 2016 at 9:24am |
I am having lots of email being bounced and some of the messages that get bounced actually get delivered and others do not. here is the activity log 03/31/16 00:01:18:056 -- (95332368) No Data Received03/31/16 00:01:17:931 -- (95332368) Connection from: 10.241.1.8 - Originating country : N/A03/31/16 00:01:17:931 -- (95332368) Detected TCP Connection: 10.241.1.8 on port: 2503/31/16 00:00:59:317 -- (95328288) Disconnect03/31/16 00:00:59:317 -- (95328288) SFDB - Added 104.243.68.183 - Response: Error=003/31/16 00:00:59:317 -- (116543888) EMail from VoIP@novastudent.download to wdagostion@wenroch.com was received and quarantined. Size: 2 KB, 2048 bytes03/31/16 00:00:59:302 -- (95328288) Blacklist cache - Added 104.243.68.183 to limbo03/31/16 00:00:59:286 -- (116540768) Time to add Msg to Bayes corpus:003/31/16 00:00:59:239 -- (116543888) Adding to Quarantine file:QrtnFBFCF3CF-D5FC-42FB-90BF-8AA470D70798.tmp03/31/16 00:00:59:239 -- (95328288) Starting bayesian procedures03/31/16 00:00:59:239 -- (95328288) Created thread (116543888) to add email to quarantine03/31/16 00:00:59:239 -- (95328288) Starting quarantine procedures03/31/16 00:00:59:239 -- (95328288) SFDE - Added 1 email hashes - Response: 03/31/16 00:00:59:208 -- (95328288) Hash cache - Added OK03/31/16 00:00:59:192 -- (95328288) Email Subject: **Fortinet-Spam** VoIP Services Could Be Your Solution.03/31/16 00:00:59:192 -- (95328288) From header (VoIP@novastudent.download) matches MAIL FROM (VoIP@novastudent.download)03/31/16 00:00:59:130 -- (95328288) 104.243.68.183 - Mail from: VoIP@novastudent.download To: wdagostion@wenroch.com will be rejected03/31/16 00:00:59:130 -- (95328288) - EmailFrom is in local blacklist file...03/31/16 00:00:59:130 -- (95328288) Received RCPT TO: wdagostion@wenroch.com03/31/16 00:00:59:098 -- (95328288) Received MAIL FROM: VoIP@novastudent.download03/31/16 00:00:59:036 -- (95328288) Connection from: 104.243.68.183 - Originating country : United States03/31/16 00:00:59:020 -- (95328288) Detected TCP Connection: 104.243.68.183 on port: 2503/31/16 00:00:28:340 -- (46646464) EMail from noreply@workforwendys.com to 448@wenroch.com, ppettinato@wenroch.com --- was forwarded to 10.241.1.11:25 - Response:250 <E1alTkr-0007jG-Tz@vps.kigwired.com> [InternalId=9819334] Queued mail for delivery --- 03/31/16 00:00:27:761 -- (95310288) Disconnect03/31/16 00:00:27:714 -- (116540768) Time to add Msg to Bayes corpus:003/31/16 00:00:27:652 -- (95310288) Starting bayesian procedures03/31/16 00:00:22:525 -- (46646464) Sending email from noreply@workforwendys.com to 448@wenroch.com, ppettinato@wenroch.com --- 03/31/16 00:00:22:525 -- (95310288) Created thread (46646464) to handle delivery03/31/16 00:00:22:525 -- (95310288) EMail from noreply@workforwendys.com to "448@wenroch.com, ppettinato@wenroch.com" was queued (Indy1ED99123-9BAB-471C-8520-49814068DF1A.~tmp). Size: 15 KB, 16007 bytes03/31/16 00:00:22:525 -- (95310288) Starting queueing procedures03/31/16 00:00:22:494 -- (95310288) - URLs In MAPS search done... 03/31/16 00:00:22:494 -- (95310288) Checking URLs in emails against MAPS03/31/16 00:00:22:494 -- (95310288) Checking SURBL03/31/16 00:00:22:494 -- (95310288) EMail from noreply@workforwendys.com to 448@wenroch.com, ppettinato@wenroch.com passes Bayesian filter - 0% spam (140ms)03/31/16 00:00:22:291 -- (95310288) Checking SFDE03/31/16 00:00:22:275 -- (95310288) Checking SFDC03/31/16 00:00:22:275 -- (95310288) Email Subject: Job Application from White, Eddie03/31/16 00:00:22:260 -- (95310288) From header (noreply@workforwendys.com) matches MAIL FROM (noreply@workforwendys.com)03/31/16 00:00:22:025 -- (95310288) RCPT TO: ppettinato@wenroch.com accepted03/31/16 00:00:22:025 -- (95310288) Mail from: noreply@workforwendys.com03/31/16 00:00:22:025 -- (95310288) Received RCPT TO: ppettinato@wenroch.com03/31/16 00:00:21:963 -- (95310288) RCPT TO: 448@wenroch.com accepted03/31/16 00:00:21:963 -- (95310288) - MAPS search done... 03/31/16 00:00:21:650 -- (95310288) DNS Server will rotate after query. New server will be 216.136.95.203/31/16 00:00:21:650 -- (95310288) DNS Error:TimedOut03/31/16 00:00:18:790 -- (46985376) IPcache Limbo - removed 1 entries during cleanup03/31/16 00:00:18:681 -- (46985376) Blacklist cache - starting cleanup03/31/16 00:00:17:915 -- (95309088) Disconnect03/31/16 00:00:17:915 -- (95309088) No Data Received03/31/16 00:00:17:790 -- (95309088) Connection from: 10.241.1.8 - Originating country : N/A03/31/16 00:00:17:790 -- (95309088) Detected TCP Connection: 10.241.1.8 on port: 2503/31/16 00:00:16:633 -- (95310288) DNS Server will rotate after query. New server will be 216.136.95.203/31/16 00:00:16:633 -- (95310288) DNS Error:TimedOut03/31/16 00:00:11:460 -- (95310288) Mail from: noreply@workforwendys.com03/31/16 00:00:11:429 -- (95310288) Resolving 209.140.23.224 - host.clickinfotechmail3.in03/31/16 00:00:11:413 -- (95310288) Received RCPT TO: 448@wenroch.com03/31/16 00:00:11:350 -- (95310288) Received MAIL FROM: noreply@workforwendys.com03/31/16 00:00:11:116 -- (95310288) Received STARTTLS command03/31/16 00:00:11:038 -- (95310288) Connection from: 209.140.23.224 - Originating country : United States03/31/16 00:00:11:007 -- (95310288) Detected TCP Connection: 209.140.23.224 on port: 2503/30/16 23:59:18:929 -- (46982496) Hash cache - removed 2 entries during cleanup03/30/16 23:59:18:819 -- (46982496) IPcache Limbo - removed 1 entries during cleanup03/30/16 23:59:18:710 -- (46982496) Blacklistcache Limbo - removed 1 entries during cleanup03/30/16 23:59:18:710 -- (46982496) Blacklist cache - starting cleanup |
|
jmiglioratti
Newbie Joined: 31 March 2016 Location: Rochester Status: Offline Points: 4 |
Post Options
Thanks(0)
|
The timeout is already set to 5000 ;The timeout in milliseconds for all DNS-related queries.
DNSTimeout=5000 |
|
LogSat
Admin Group Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
|
The log section only covers about a minute of data, and shows just a couple of DNS errors. Keeping in mind that a few dozen DNS timeout errors a day are normal, could you please zip us the following so we can take a look: • SpamFilter's entire activity logfiles for yesterday and today • Your SpamFilter.ini file • The \SpamFilter\Domains directory structure (if the files containing any of your blacklists/whitelists are outside that directory tree, please include those as well. If the zipped file is over 8MB in size, please try to upload the file to our Box repository at: https://logsat.com/sfi-upload-box.asp
As a side-note, DNS timeouts will not prevent emails from being delivered - they just affect the ability of some filters from detecting spam. If there is a DNS timeout experienced by a filter, that filter will "fail-open", meaning will not mark the email as spam and will let the remaining filters have a chance at examining the email. |
|
jmiglioratti
Newbie Joined: 31 March 2016 Location: Rochester Status: Offline Points: 4 |
Post Options
Thanks(0)
|
I have uploaded the files to box. the issues we are having is folks that have been fine emailing for years and now they get bounced.. here is an example of the bounce message. From: Mail Delivery Subsystem <mailer-daemon@googlemail.com>
Delivery to the following recipient failed
permanently: jmfox@wenroch.com Technical details of permanent failure: Google tried to deliver your message, but it was rejected by the server for the recipient domain wenroch.com by mail.wenroch.com. [104.244.193.242]. The error that the other server returned was: 557 Your domain gmail.com does not have a valid MX DNS record. and another one Here is the mail failure response that my contact received. _____________________________ From: schrammsigns@oh.rr.com Sent: Wednesday, March 30, 2016 10:43 AM Subject: Fw: Mail Delivery Failure To: Peter Fox <pfox@wenroch.com> here it is -----Original Message----- From: Mail Delivery System Sent: Wednesday, March 30, 2016 8:59 AM To: schrammsigns@oh.rr.com Subject: Mail Delivery Failure This message was created automatically by the mail system (ecelerity). A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: >>> PFox@wenroch.com (reading confirmation): 557 Your domain oh.rr.com does >>> not have a valid MX DNS record. |
|
LogSat
Admin Group Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
|
Received the logs - thanks. From those it seems the issue you are experiencing is one that was resolved in the current official SpamFilter build 4.7.2.184:
// New to VersionNumber = '4.7.2.184'; {TODO -cNew : Added a new filter - the 0-Day domain filter. If a domain has been registered within the last nn days (30 by default), any emails containing that domain name will be heavily weighed as spam.} {TODO -cNew : SpamFilter Enterprise only - added two new fields in the tbl_FilterSettings table for 0-Day filter and for a new upcoming option - DNSWLBypassForMX_RevDNS_SPF} {TODO -cFix : In some cases depending on the internet provider DNS lookups could result in several timeouts (logged as DNS Error:TimedOut). This was due a different DNS library that was used starting from v4.7.1.145. Issue is now resolved.} Can you please try upgrading from your older v4.7.1.172 to either the official 4.7.2.184 or the latest pre-release 4.7.2.194? |
|
Post Reply | |
Tweet
|
Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.279 seconds.