DNSRBL - Failed while Getting connecting IP from InfoRetiever
|
Logged in as: Guest
|
|
Users viewing this topic:
none
|
|
Login  | |
|
DNSRBL - Failed while Getting connecting IP from InfoRe... - 6.Feb.2009 6:12:30 AM
|
|
|
NNM
Posts: 16
Joined: 13.Aug.2008
Status: offline
|
GFI ME v12 20080623
Some times DNSRBL check fail to determinate sender IP address, using zen.spamhouse.org
DNSRBL Log file:
2009-02-06,15:51:33,448,3,"#00001fcc","#000019fc","info ","DNSRBL","Version: DNSRBL - Version 18"
2009-02-06,15:51:33,448,3,"#00001fcc","#000019fc","info ","DNSRBL","INFO: Subject: [8]: нет рекламы?"
2009-02-06,15:51:33,448,3,"#00001fcc","#000019fc","info ","DNSRBL","INFO: From: "Арзамасцевa" <truc0948source@deactivatedon.com>"
2009-02-06,15:51:33,448,3,"#00001fcc","#000019fc","info ","DNSRBL","INFO: Sender: "
2009-02-06,15:51:33,448,3,"#00001fcc","#000019fc","info ","DNSRBL","INFO: MessageID: <563a019dbf27$0f501a57$ff112001@deactivatedon.com>"
2009-02-06,15:51:33,448,3,"#00001fcc","#000019fc","info ","DNSRBL","INFO: Content type: multipart/alternative; boundary="----=_NextPart_000_0023_17_0CC88CB1.36B4CD54"; charset="windows-1251""
2009-02-06,15:51:33,448,3,"#00001fcc","#000019fc","info ","DNSRBL","INFO: SMTP Sender: truc0948source@deactivatedon.com"
2009-02-06,15:51:33,448,3,"#00001fcc","#000019fc","info ","DNSRBL","INFO: SMTP Recipient: perm@mydomain.com"
2009-02-06,15:51:33,448,3,"#00001fcc","#000019fc","info ","DNSRBL","INFO: Mime From display name: Арзамасцевa"
2009-02-06,15:51:33,448,3,"#00001fcc","#000019fc","info ","DNSRBL","INFO: Message recipients: 1"
2009-02-06,15:51:33,448,3,"#00001fcc","#000019fc","info ","DNSRBL","Recipient 'perm@mydomain.com' belongs to a local domain (mydomain.com)"
2009-02-06,15:51:33,448,3,"#00001fcc","#000019fc","info ","DNSRBL",">> CHeaderChecking"
2009-02-06,15:51:33,448,3,"#00001fcc","#000019fc","info ","DNSRBL","Processing Message : DNS Blacklist"
2009-02-06,15:51:33,448,3,"#00001fcc","#000019fc","info ","DNSRBL","Successfully retrieved Email InfoRetriever from Propertybag"
2009-02-06,15:51:33,448,3,"#00001fcc","#000019fc","info ","DNSRBL","Getting connecting IP from InfoRetiever"
2009-02-06,15:51:33,448,3,"#00001fcc","#000019fc","info ","DNSRBL","Failed while Getting connecting IP from InfoRetiever"
2009-02-06,15:51:33,448,3,"#00001fcc","#000019fc","info ","DNSRBL","No last IP could be extracted. Using connection IP address."
2009-02-06,15:51:33,448,3,"#00001fcc","#000019fc","info ","DNSRBL","GFI_MTAMSGPROPS_CONNECTION_SERVER_IP_ADDRESS is 192.168.3.1"
2009-02-06,15:51:33,448,3,"#00001fcc","#000019fc","info ","DNSRBL","Performing Zombie Check on the following IP: 192.168.3.6"
2009-02-06,15:51:33,448,3,"#00001fcc","#000019fc","info ","DNSRBL",">> CheckOpenRelay"
2009-02-06,15:51:33,448,3,"#00001fcc","#000019fc","info ","DNSRBL","Cache size: 3302"
2009-02-06,15:51:33,448,3,"#00001fcc","#000019fc","info ","DNSRBL","Checking: 192.168.3.1"
2009-02-06,15:51:33,448,3,"#00001fcc","#000019fc","info ","DNSRBL","IP 192.168.3.1 was found in cache: 'closed-relay'"
2009-02-06,15:51:33,448,3,"#00001fcc","#000019fc","info ","DNSRBL","<< CheckOpenRelay (returning ham)"
2009-02-06,15:51:33,448,3,"#00001fcc","#000019fc","info ","DNSRBL","Writing SpamFlag: 0"
2009-02-06,15:51:33,448,3,"#00001fcc","#000019fc","info ","DNSRBL","<< ProcessMessage [0]"
2009-02-06,15:51:33,448,3,"#00001fcc","#000019fc","info ","DNSRBL","<< CHeaderChecking"
2009-02-06,15:51:33,448,3,"#00001fcc","#000019fc","info ","DNSRBL","::MTAM_UnInitMessage, MID = 197232416"
2009-02-06,15:51:33,448,3,"#00001fcc","#000019fc","info ","DNSRBL","[this = 0BC18720],CMTAMMessage::UnInitMessage"
2009-02-06,15:51:33,448,3,"#00001fcc","#000019fc","info ","DNSRBL","releasing CMTAMMessage"
That it means - Failed while Getting connecting IP from InfoRetiever????
Therefore DNSRBL uses my DMZ mail server IP (192.168.3.1) as DNSRBL target :( that is not so good
In a body of the message I see spam IP, but why DNSRBL does not find it???????
|
|
|
|
|
RE: DNSRBL - Failed while Getting connecting IP from In... - 6.Feb.2009 8:02:35 AM
|
|
|
RSP
Posts: 1270
Joined: 31.Oct.2006
From: The East Riding of Yorkshire, UK
Status: offline
|
quote:
Some times DNSRBL check fail to determinate sender IP address, using zen.spamhouse.org
Is this a typo? Should be: zen.spamhaus.org
It's probably not this that's wrong, but just eliminating it.
|
|
|
|
|
RE: DNSRBL - Failed while Getting connecting IP from In... - 8.Feb.2009 11:25:54 PM
|
|
|
NNM
Posts: 16
Joined: 13.Aug.2008
Status: offline
|
quote:
ORIGINAL: RSP
quote:
Some times DNSRBL check fail to determinate sender IP address, using zen.spamhouse.org
Is this a typo? Should be: zen.spamhaus.org
It's probably not this that's wrong, but just eliminating it.
Yes, zen.spamhaus.org is in DNSBL GFI config, not zen.spamhouse.org :)
|
|
|
|
|
RE: DNSRBL - Failed while Getting connecting IP from In... - 11.Feb.2009 4:27:40 PM
|
|
|
John Letourneau
Posts: 1659
Joined: 28.Apr.2008
Status: offline
|
NNM,
Would it be possible to post the header of a message that is having a problem?
_____________________________
Regards,
John Letourneau - Technical Support Team Lead
GFI Software - www.gfi.com
|
|
|
|
|
RE: DNSRBL - Failed while Getting connecting IP from In... - 26.Feb.2009 1:54:04 AM
|
|
|
NNM
Posts: 16
Joined: 13.Aug.2008
Status: offline
|
Sorry, I was late with the answer.
Not absolutely that error, but same problem:
"DNSRBL","Version: DNSRBL - Version 18"
2009-02-26,12:28:46,811,3,"#00000670","#00000a0c","info ","DNSRBL","INFO: Subject: Приглашаем на конференцию"
2009-02-26,12:28:46,811,3,"#00000670","#00000a0c","info ","DNSRBL","INFO: From: "Гриньковa" <tandy2810spyros@techlawadvisor.com>"
2009-02-26,12:28:46,811,3,"#00000670","#00000a0c","info ","DNSRBL","INFO: Sender: "
2009-02-26,12:28:46,811,3,"#00000670","#00000a0c","info ","DNSRBL","INFO: MessageID: <0aa9019dbac1$6dd8cd65$04e88800@techlawadvisor.com>"
2009-02-26,12:28:46,811,3,"#00000670","#00000a0c","info ","DNSRBL","INFO: Content type: multipart/alternative; boundary="----=_NextPart_000_0023_05_E465DC41.A39FBF99"; charset="windows-1251""
2009-02-26,12:28:46,811,3,"#00000670","#00000a0c","info ","DNSRBL","INFO: SMTP Sender: tandy2810spyros@techlawadvisor.com"
2009-02-26,12:28:46,811,3,"#00000670","#00000a0c","info ","DNSRBL","INFO: SMTP Recipient: NNM@mydomain.ru"
2009-02-26,12:28:46,811,3,"#00000670","#00000a0c","info ","DNSRBL","INFO: Mime From display name: Гриньковa"
2009-02-26,12:28:46,811,3,"#00000670","#00000a0c","info ","DNSRBL","INFO: Message recipients: 1"
2009-02-26,12:28:46,811,3,"#00000670","#00000a0c","info ","DNSRBL","Recipient 'NNM@mydomain.ru' belongs to a local domain (mydomain.ru)"
2009-02-26,12:28:46,811,3,"#00000670","#00000a0c","info ","DNSRBL",">> CHeaderChecking"
2009-02-26,12:28:46,811,3,"#00000670","#00000a0c","info ","DNSRBL","Processing Message : DNS Blacklist"
2009-02-26,12:28:46,811,3,"#00000670","#00000a0c","info ","DNSRBL","Successfully retrieved Email InfoRetriever from Propertybag"
2009-02-26,12:28:46,811,3,"#00000670","#00000a0c","info ","DNSRBL","Getting connecting IP from InfoRetiever"
2009-02-26,12:28:46,811,3,"#00000670","#00000a0c","info ","DNSRBL","Failed while Getting connecting IP from InfoRetiever"
2009-02-26,12:28:46,811,3,"#00000670","#00000a0c","info ","DNSRBL","No last IP could be extracted. Using connection IP address."
2009-02-26,12:28:46,811,3,"#00000670","#00000a0c","info ","DNSRBL","GFI_MTAMSGPROPS_CONNECTION_SERVER_IP_ADDRESS is 192.168.0.1"
2009-02-26,12:28:46,811,3,"#00000670","#00000a0c","info ","DNSRBL","Performing Zombie Check on the following IP: 192.168.0.1"
2009-02-26,12:28:46,811,3,"#00000670","#00000a0c","info ","DNSRBL",">> CheckOpenRelay"
2009-02-26,12:28:46,811,3,"#00000670","#00000a0c","info ","DNSRBL","Cache size: 3283"
2009-02-26,12:28:46,811,3,"#00000670","#00000a0c","info ","DNSRBL","Checking: 192.168.0.1"
2009-02-26,12:28:46,811,3,"#00000670","#00000a0c","info ","DNSRBL","IP 192.168.0.1 was found in cache: 'closed-relay'"
2009-02-26,12:28:46,811,3,"#00000670","#00000a0c","info ","DNSRBL","<< CheckOpenRelay (returning ham)"
2009-02-26,12:28:46,811,3,"#00000670","#00000a0c","info ","DNSRBL","Writing SpamFlag: 0"
2009-02-26,12:28:46,811,3,"#00000670","#00000a0c","info ","DNSRBL","<< ProcessMessage [0]"
2009-02-26,12:28:46,811,3,"#00000670","#00000a0c","info ","DNSRBL","<< CHeaderChecking"
2009-02-26,12:28:46,811,3,"#00000670","#00000a0c","info ","DNSRBL","::MTAM_UnInitMessage, MID = 257244176"
2009-02-26,12:28:46,811,3,"#00000670","#00000a0c","info ","DNSRBL","[this = 0F553C10],CMTAMMessage::UnInitMessage"
2009-02-26,12:28:46,811,3,"#00000670","#00000a0c","info ","DNSRBL","releasing CMTAMMessage"
2009-02-26,12:28:46,811,3,"#00000670","#00000a0c","info ","DNSRBL","[this = 0F553C10],CMTAMMessage::~CMTAMMessage"
2009-02-26,12:28:46,811,3,"#00000670","#00000a0c","info ","DNSRBL","CMTAMMessage released"
2009-02-26,12:28:46,811,3,"#00000670","#00000a0c","info ","DNSRBL","::MTAM_UnInitMessage,[returning]"
2009-02-26,12:28:55,030,3,"#00000670","#00001744","info ","DNSRBL","::MTAM_InitMessage"
2009-02-26,12:28:55,030,3,"#00000670","#00001744","info ","DNSRBL","[this = 0F553C10],CMTAMMessage::CMTAMMessage"
2009-02-26,12:28:55,030,3,"#00000670","#00001744","info ","DNSRBL","[this = 0F553C10] = CMTAMMessage::InitMessage"
2009-02-26,12:28:55,030,3,"#00000670","#00001744","info ","DNSRBL","[CMTAMMessage::InitMessage] refresh context?"
2009-02-26,12:28:55,030,3,"#00000670","#00001744","info ","DNSRBL","[CMTAMMessage::InitMessage] keep a copy of the message"
2009-02-26,12:28:55,030,3,"#00000670","#00001744","info ","DNSRBL","[CMTAMMessage::InitMessage] default action config is <log: 1 block: 1 type: 0 NDR: 0 Tag: 0 Exchange: Inbox/DNSBlackList>"
2009-02-26,12:28:55,030,3,"#00000670","#00001744","info ","DNSRBL","::MTAM_ProcessMessage"
2009-02-26,12:28:55,030,3,"#00000670","#00001744","info ","DNSRBL",",>> ProcessMessage [this = 0XF553C10]"
After [No last IP could be extracted. Using connection IP address], GFI start to use my DMZ mail server IP (192.168.0.1) as source IP address and it fail with RBL check :(
Here message header:
relay.mydomain.ru - DMZ mail server
mailserver1.mydomain.local - internal mail server with exchange 2007 & GFI v 12
Received: from relay.mydomain.ru (192.168.0.1) by mailserver1.mydomain.local
(172.1.1.1) with Microsoft SMTP Server id 8.1.336.0; Thu, 26 Feb 2009
12:28:46 +0500
Received: from 94.96.101.235.dynamic.saudi.net.sa
(94.96.101.235.dynamic.saudi.net.sa [94.96.101.235] (may be forged)) by
relay.mydomain.ru (8.13.8/8.13.8) with ESMTP id n1Q7Sf5k004344 for
<NNM@mydomain.ru>; Thu, 26 Feb 2009 12:28:43 +0500
Message-ID: <0aa9019dbac1$6dd8cd65$04e88800@techlawadvisor.com>
From: =?windows-1251?B?w/Do7fzq7uJh?= <tandy2810spyros@techlawadvisor.com>
To: <NNM@mydomain.ru>
Subject: =?windows-1251?B?z/Do4+vg+ODl7CDt4CDq7u305fDl7fbo/g==?=
Date: Thu, 25 Feb 3610 10:31:07 +0300
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0023_05_E465DC41.A39FBF99"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
Return-Path: tandy2810spyros@techlawadvisor.com
X-GFI-SMTP-Submission: 1
X-GFI-SMTP-HelloDomain: relay.mydomain.ru
X-GFI-SMTP-RemoteIP: 192.168.0.1
I can see spammers IP 94.96.101.235 and if i check it with spamhouse.org It will be a spamers IP
So, whi GFI can`t get source IP from message header?
< Message edited by NNM -- 26.Feb.2009 1:58:16 AM >
|
|
|
|
|
RE: DNSRBL - Failed while Getting connecting IP from In... - 8.Jul.2009 1:59:09 AM
|
|
|
NNM
Posts: 16
Joined: 13.Aug.2008
Status: offline
|
UP
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
|
Printable Version
