Page 1 of 1

MagicSpam Reverse DNS Issue

Posted: Fri Aug 06, 2010 6:56 am
by cqi
Hello:

I'm having an issue with MagicSpam and Reverse DNS. I have been running the default settings for about a week but I'm receiving some huge push back from clients because of the reverse dns option is rejecting "good" emails from many of their clients as well as the bad ones. This is unfortunate as I know their clients email servers are not properly configured. However, I'm not prepared to spend countless upaid hours fighting the battle of trying to get every IT person to put in a reverse DNS record. I would surely lose the client going through that process anyway which the frustration of not getting emails.

My question is do we have the capability of turning these defaults on/off at the domain level or only at the server level? I suspect it is only at the server level.

My second question is how effective is MagicSpam going to be if I'm turning off reverse dns checking?

Any suggestions would be appreciated.

Re: MagicSpam Reverse DNS Issue

Posted: Fri Aug 06, 2010 9:25 am
by magicspam
MagicSpam is designed to protect the mail of the entire server. You can add exemptions for those users who do not want to be protected, but you cannot currently disable individual rules on a per-domain basis.

MagicSpam will still be effective if you turn off the rules, as it still has a list of blocklists it uses. However, the rules offer additional protection in the event of an outbreak from an IP that is not yet on any of the lists, but is poorly configured.

We suggest letting the administrators of the servers know that they have a misconfiguration, but to keep your users happy until the admins fix their servers, you can temporarily add entries to your hosts file to make the server believe the other servers have properly-formatted reverse DNS entries. For example:

1.2.3.4 mail.example.com

If you have that entry in your hosts file, when MagicSpam goes to look up the reverse DNS for 1.2.3.4, it will find that entry and not bother to do a DNS query. Obviously, the preferred method would be for the admins to fix their servers, but this is a temporary measure to keep your users happy.

Re: MagicSpam Reverse DNS Issue

Posted: Thu Sep 02, 2010 9:39 am
by ifbik
I have some particular cases in which reverse DNS seems having no solution.

Their configuration is as follows:

- the mailserver is hosted in-house, over a DSL line with static IP address;
- the carrier hosting the DSL line does not allow DNS editing to DSL customers;
- the provider holding the authoritative zone for the domain does NOT have access to the DNS reverse lookup zone.

Editing the hosts file on the magicspam protected server seems the only solution, but I think reverse DNS lookup can be of little help in fighting spam, causing plenty of false positives. Why not turning it off by default on magicspam?

Regards

Re: MagicSpam Reverse DNS Issue

Posted: Thu Sep 02, 2010 11:45 am
by magicspam
That is an interesting viewpoint indeed. We won't spend time arguing for / against, but simply point out that as part of Email Server Best Practice standards, a public Email service should have a proper conforming in-addr.arpa entry in place in order to properly identify itself.

We have had customers in the past turn off rDNS checks. MagicSpam still offers a high level of protection via the various other Best Practice rules, as well as the included BMS protection service. It should be noted though that the rDNS name conformation tests are the most effective protection against Bot-net style attacks (ie: distributed home PC's either viral infected or trojan'd).

With MagicSpam, the protection level is at the Server Level only - though there are tentative plans for a MagicSpam 'Pro' type solution whereby per domain / per user coverage / rules may be a reality. Bear in mind that with such a stunningly low subscription fee, this really is entry level type software. If you are interested in a full integrated solution we suggest you visit http://magicmail.linuxmagic.com.