lots of bounces after server move
![](https://secure.gravatar.com/avatar/4638d691ed76ac3e88a09925855416a4.jpg?s=120&d=mm&r=g)
I just had my hosting company move our mailing list to an updated server. Now I'm suddenly getting a lot of bounces of the sort:
550 5.4.1 Recipient address rejected: Access denied and 552-5.2.2 The recipient's inbox is out of storage space and inactive. and 550-5.1.1 The email account that you tried to reach does not exist. etc.
Before the move, I downloaded the list config.pck as a precaution, and all the emails in the bounces exist in that file.
Before I start removing those user's email accounts.. what might I be missing? Perhaps something in the new server is triggering the "550 5.4.1 recipient address rejected" (a local company's employees mostly)
thanks for the help. /jim
![](https://secure.gravatar.com/avatar/56f108518d7ee2544412cc80978e3182.jpg?s=120&d=mm&r=g)
On 6/24/24 12:13, Jim Dory wrote:
This one could be because the recipient server doesn't like the new server IP.
These look like legitimate bounces, although if they weren't bouncing before the move, it's unclear why they'd be bouncing now.
If these are all from one recipient server, it would be worth contacting that server's admin to see if they will whitelist you. Also, setting
VERP_PROBES = Yes
in mm_cfg.py may keep these members from having delivery disabled and being removed if the probes don't bounce.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
![](https://secure.gravatar.com/avatar/4638d691ed76ac3e88a09925855416a4.jpg?s=120&d=mm&r=g)
Thank you Mark and Dmitri,
On 6/24/24 13:08, Mark Sapiro wrote:
We kept the same IP address, but the hostname of the domain did change. I just moved to a different server in the same hosting company.
This all has me baffled - because it wasn't happening before and started on first post to the mailing list directly after the move. But it is what it is.. I'll deal with it.
I just set this, so thanks for that.
I'm contacting the organizations to see about having them whitelist. I suppose that is all I can do at this point. There's also a couple rejections from att.net and bellsouth.net (ff-ip4-mx-vip1.prodigy.net), but I'll contact those accounts as well.
regards, jim
![](https://secure.gravatar.com/avatar/5615a372d9866f203a22b2c437527bbb.jpg?s=120&d=mm&r=g)
Hi Jim,
Not an expert here, but a thought comes to mind.
When you moved to a new domain name, did you update your DMARC, DKIM, and SPF records? (Whichever you use, if any.) Maybe the recipients think the new server is not authorized to send on your behalf.
On Mon, Jun 24, 2024 at 01:42:52PM -0800, Jim Dory wrote:
We kept the same IP address, but the hostname of the domain did change. I just moved to a different server in the same hosting company.
-- Steve
![](https://secure.gravatar.com/avatar/4638d691ed76ac3e88a09925855416a4.jpg?s=120&d=mm&r=g)
On 6/24/24 15:40, Steven D'Aprano wrote:
On 6/24/24 15:40, Steven D'Aprano wrote:
Thanks Steven,
I have not done anything yet. Under Privacy Options/Sender Filters, I have for dmarc_moderation_action : Munge,
dmarc_quarantine_moderation_action as Yes, dmarc_none_moderation_action is No, and the rest is blank. I don't really understand any of that but I think I set them so on advice.
Looks like there are no SPF records. I see this.. I'll install it per recommended by WHM, but let me know if it needs to be different. What I don't know is if it should be just for nomekennelclub.com rather than with the host name compute. On the old server, it didn't have the hostname.
Under Zone Management in WHM, there are a couple DKIM strings for various hosts like default._domainkey.nomekennelclub.com, default._domainkey.compute.nomekennelclub.com and there's some dmarc statements there.
You are probably on to something there. I just got 45 bounces saying because of "spam content" with someone trying to sell their pickup on our community annoucements/trade list, mostly from Alaska's GCI email provider this time. So adding the SPF record hopefully will help.
spf-NA.jpg
![](https://secure.gravatar.com/avatar/4638d691ed76ac3e88a09925855416a4.jpg?s=120&d=mm&r=g)
On 6/24/24 17:16, Jim Dory wrote:
One more try.. In my "sent" folder it shows the image attached. Perhaps something is blocking it. What it shows is that no SPF records exist. So it suggests as the name: compute.nomekennelclub.com. (with a period) and a value of:
v=spf1 +mx +a +ip4:198.252.100.6 ~all
So that is what I installed. I was wondering if it should be instead just for nomekennelclub.com rather than with the compute. hostname so I also added that record.
![](https://secure.gravatar.com/avatar/b273ab068bc220d17a3e4c710c401c4b.jpg?s=120&d=mm&r=g)
Just to be sure, I would try your host's name in one of the DNS/email test pages, such as https://mxtoolbox.com/emailhealth/ (there are others).
z!
![](https://secure.gravatar.com/avatar/4638d691ed76ac3e88a09925855416a4.jpg?s=120&d=mm&r=g)
On 6/25/24 09:13, Carl Zwanzig wrote:
Just to be sure, I would try your host's name in one of the DNS/email test pages, such as https://mxtoolbox.com/emailhealth/ (there are others).
Thanks Carl, a very good resource.
I put in compute.nomekennelclub.com and it shows nomekennelclub.com in the results.
I gave me several warnings. Zero Errors
DNS: Names servers on the same subnet
SMTP: Reverse DNS doesn't match SMTP Banner (The SMTP banner issued by your email server did not contain the hostname we resolved for your server’s IP address.)
SMTP: Does not support TLS
SMTP: 15.209 seconds - Not good! on Transaction Time
Reading up on this, the transaction time can cause warnings for reverse DNS and or TLS support. I did add TLSv1.3 into the Apache global config and rebuilt/restarted Apache, but still get that same warning.
As for #1 - name servers.. I don't think that is contributing to the mail rejections.
#2 - Reverse DNS - I have PTR records set for both compute.nkc.com (abbreviated) and nkc.com. So that could be a problem?
#3 - TLS - not sure what more I can do there
#4 - transaction time.. ? Not sure I have control over that.. but one thing I googled reported that one could "Introduce a delay into the SMTP transaction for unknown hosts and messages detected as spam" in Exim. Don't know about that.
/jd
![](https://secure.gravatar.com/avatar/dbf97c196d6ec08d02e175372aecc411.jpg?s=120&d=mm&r=g)
On 6/25/24 12:51, Jim Dory wrote:
#2 - Reverse DNS - I have PTR records set for both compute.nkc.com (abbreviated) and nkc.com. So that could be a problem?
DNS is Evil. A host should not have more than one PTR because if it does, it's not clear which PTR will be returned by the nameserver. Ditto for A record, becasue teh one PTR can only match one of those -- but with something like unbound that doesn't support CNAMEs, you won't have much choice. And if you do have CNAMEs, the client has to do extra work to find the A and match it to the PTR -- if it cares.
I'm guessing they are flagging it because it *should* be playing nice and sending its A hostname that has a corresp. (one) PTR record, in the SMTP banner.
Dima
![](https://secure.gravatar.com/avatar/4638d691ed76ac3e88a09925855416a4.jpg?s=120&d=mm&r=g)
On 6/25/24 15:32, Dmitri Maziuk wrote:
Thanks Dima,
I think our records are a mess, and I don't quite feel qualified to fix it. This mailing list started sometime mid 2000's and has gone thru changes that have followed us without being cleaned. We used to host the website nomekennelclub.com but they have since moved to a squarespace or somesuch server and we simply redirect to that page. I assume they get their mail services through that host, but in our records we have A records for things like webmail.nomekennelclub.com (nkc for short), mail.nkc.com, ftp.nkc.com, webdisk.nkc.com, whm.nkc.com, cpanel.nkc.com, autoconfig, autodiscover, cpcalendars, nomekennelclub.com, server, compute.nomekennelclub.com (an actual one), plus
we have A records for I think nameservers ns1 and ns2 which I don't think are being used.. in the message headers I see SE005.arandomserver.com and under mx lookups.
A couple of those A records, like cpanel may be used, not sure about the webmail one. I don't want to screw up the kennelclub if they are using it. I'll have to check, but I would like to start deleting some. Like the server one, from an older time.
As for PTR records, I'm still confused. We have 2, one for our new hostname: compute.nomekennelclub.com and for just the domain nomekennelclub.com . When I look at a header from mailing list post, I see both.
Not sure what this all tells me, I've removed some of it for a bit of brevity:
Return-Path: <nome-announce-bounces@nomekennelclub.com> Delivered-To: james@dorydesign.com Received: from lax003.hawkhost.com by lax003.hawkhost.com with LMTP id YGXEJcpGfGYPMQAAva6gig (envelope-from <nome-announce-bounces@nomekennelclub.com>) for <james@dorydesign.com>; Wed, 26 Jun 2024 09:50:18 -0700 Return-path: <nome-announce-bounces@nomekennelclub.com> Envelope-to: james@dorydesign.com Delivery-date: Wed, 26 Jun 2024 09:50:18 -0700 Received: from se006.arandomserver.com ([198.252.99.2]:35800) by lax003.hawkhost.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96.2) (envelope-from <nome-announce-bounces@nomekennelclub.com>) id 1sMVqd-0005de-1Z for james@dorydesign.com; Wed, 26 Jun 2024 09:50:18 -0700 X-DKIM-Failure: bodyhash_mismatch Received: from compute.nomekennelclub.com ([198.252.100.6]) by se006.arandomserver.com with esmtps (TLSv1.3:TLS_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <nome-announce-bounces@nomekennelclub.com>) id 1sMVqb-0004Dp-0l for james@dorydesign.com; Wed, 26 Jun 2024 11:50:18 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=nomekennelclub.com; s=default; [etc] Received: from [127.0.0.1] (port=33026 helo=compute.nomekennelclub.com) by compute.nomekennelclub.com with esmtp (Exim 4.97.1) (envelope-from <nome-announce-bounces@nomekennelclub.com>) id 1sMVq9-00000000bK5-4A0o; Wed, 26 Jun 2024 16:49:49 +0000 Received: from mail-pl1-f177.google.com ([209.85.214.177]:52372) by compute.nomekennelclub.com with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256 (Exim 4.97.1) (envelope-from <redacted@alaska.edu>) id 1sMVpP-00000000bHi-0XWS for nome-announce@nomekennelclub.com; Wed, 26 Jun 2024 16:49:06 +0000 Received: by mail-pl1-f177.google.com with SMTP id d9443c01a7336-1f6fabe9da3so56661465ad.0 for <nome-announce@nomekennelclub.com>; Wed, 26 Jun 2024 09:48:42 -0700 (PDT)
To: nome-announce@nomekennelclub.com X-Spam-Status: No, score=-94.2 X-Spam-Score: -941 X-Spam-Bar: --------------------------------------------------- X-Ham-Report: Spam detection software, running on the system "compute.nomekennelclub.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see root\@localhost for details. Content preview: Join us via ZOOM for the next presentation in our Strait Science series… US COAST GUARD COMMAND CENTER: SAVING LIVES AT SEA Content analysis details: (-94.2 points, 8.0 required) pts rule name description
-0.0 USER_IN_WELCOMELIST User is listed in 'welcomelist_from' -100 USER_IN_WHITELIST DEPRECATED: See USER_IN_WELCOMELIST 5.0 BAYES_99 BODY: Bayes spam probability is 99 to 100% [score: 1.0000] 1.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% [score: 1.0000] 0.0 URIBL_DBL_BLOCKED_OPENDNS ADMINISTRATOR NOTICE: The query to dbl.spamhaus.org was blocked due to usage of an open resolver. See https://www.spamhaus.org/returnc/pub/ [URIs: alaska.edu] 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: alaska.edu] 0.0 RCVD_IN_ZEN_BLOCKED_OPENDNS RBL: ADMINISTRATOR NOTICE: The query to zen.spamhaus.org was blocked due to usage of an open resolver. See https://www.spamhaus.org/returnc/pub/ [209.85.214.177 listed in zen.spamhaus.org] 0.0 URIBL_ZEN_BLOCKED_OPENDNS ADMINISTRATOR NOTICE: The query to zen.spamhaus.org was blocked due to usage of an open resolver. See https://www.spamhaus.org/returnc/pub/ [URIs: alaska.edu] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted Colors in HTML X-Spam-Flag: NO Subject: [NA] =?utf-8?q?STRAIT_SCIENCE=3A_TOMORROW=2C_June_27_=E2=80=A2_6?= =?utf-8?q?=3A30pm_=E2=80=A2_US_COAST_GUARD_COMMAND_CENTER=3A_SAVIN?= =?utf-8?q?G_LIVES_AT_SEA?= X-BeenThere: nome-announce@nomekennelclub.com X-Mailman-Version: 2.1.39
![](https://secure.gravatar.com/avatar/b273ab068bc220d17a3e4c710c401c4b.jpg?s=120&d=mm&r=g)
On 6/25/2024 10:51 AM, Jim Dory wrote:
That itself is suspicious (to a receiving MTA). And as Dmitri pointed out, multiple PTR records is also a problem.
Remember that many email systems look for "circular resolution" where eventually an A's address matches a PTR's name.
Example: lists.x.com -> smtp.x.com (CNAME) smtp.x.com -> 1.2.3.4 (A) 1.2.3.4 -> mail.p.com (PTR) mail.p.com -> 1.2.3.4 (A) ("equilibrium has been reached")
If 1.2.3.4 resolves to both mail.x.com and maybe mailhost.x.com (which might not have a matching A record), sometimes the magic smoke will come out :).
z!
![](https://secure.gravatar.com/avatar/56f108518d7ee2544412cc80978e3182.jpg?s=120&d=mm&r=g)
On 6/24/24 12:13, Jim Dory wrote:
This one could be because the recipient server doesn't like the new server IP.
These look like legitimate bounces, although if they weren't bouncing before the move, it's unclear why they'd be bouncing now.
If these are all from one recipient server, it would be worth contacting that server's admin to see if they will whitelist you. Also, setting
VERP_PROBES = Yes
in mm_cfg.py may keep these members from having delivery disabled and being removed if the probes don't bounce.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
![](https://secure.gravatar.com/avatar/4638d691ed76ac3e88a09925855416a4.jpg?s=120&d=mm&r=g)
Thank you Mark and Dmitri,
On 6/24/24 13:08, Mark Sapiro wrote:
We kept the same IP address, but the hostname of the domain did change. I just moved to a different server in the same hosting company.
This all has me baffled - because it wasn't happening before and started on first post to the mailing list directly after the move. But it is what it is.. I'll deal with it.
I just set this, so thanks for that.
I'm contacting the organizations to see about having them whitelist. I suppose that is all I can do at this point. There's also a couple rejections from att.net and bellsouth.net (ff-ip4-mx-vip1.prodigy.net), but I'll contact those accounts as well.
regards, jim
![](https://secure.gravatar.com/avatar/5615a372d9866f203a22b2c437527bbb.jpg?s=120&d=mm&r=g)
Hi Jim,
Not an expert here, but a thought comes to mind.
When you moved to a new domain name, did you update your DMARC, DKIM, and SPF records? (Whichever you use, if any.) Maybe the recipients think the new server is not authorized to send on your behalf.
On Mon, Jun 24, 2024 at 01:42:52PM -0800, Jim Dory wrote:
We kept the same IP address, but the hostname of the domain did change. I just moved to a different server in the same hosting company.
-- Steve
![](https://secure.gravatar.com/avatar/4638d691ed76ac3e88a09925855416a4.jpg?s=120&d=mm&r=g)
On 6/24/24 15:40, Steven D'Aprano wrote:
On 6/24/24 15:40, Steven D'Aprano wrote:
Thanks Steven,
I have not done anything yet. Under Privacy Options/Sender Filters, I have for dmarc_moderation_action : Munge,
dmarc_quarantine_moderation_action as Yes, dmarc_none_moderation_action is No, and the rest is blank. I don't really understand any of that but I think I set them so on advice.
Looks like there are no SPF records. I see this.. I'll install it per recommended by WHM, but let me know if it needs to be different. What I don't know is if it should be just for nomekennelclub.com rather than with the host name compute. On the old server, it didn't have the hostname.
Under Zone Management in WHM, there are a couple DKIM strings for various hosts like default._domainkey.nomekennelclub.com, default._domainkey.compute.nomekennelclub.com and there's some dmarc statements there.
You are probably on to something there. I just got 45 bounces saying because of "spam content" with someone trying to sell their pickup on our community annoucements/trade list, mostly from Alaska's GCI email provider this time. So adding the SPF record hopefully will help.
spf-NA.jpg
![](https://secure.gravatar.com/avatar/4638d691ed76ac3e88a09925855416a4.jpg?s=120&d=mm&r=g)
On 6/24/24 17:16, Jim Dory wrote:
One more try.. In my "sent" folder it shows the image attached. Perhaps something is blocking it. What it shows is that no SPF records exist. So it suggests as the name: compute.nomekennelclub.com. (with a period) and a value of:
v=spf1 +mx +a +ip4:198.252.100.6 ~all
So that is what I installed. I was wondering if it should be instead just for nomekennelclub.com rather than with the compute. hostname so I also added that record.
![](https://secure.gravatar.com/avatar/b273ab068bc220d17a3e4c710c401c4b.jpg?s=120&d=mm&r=g)
Just to be sure, I would try your host's name in one of the DNS/email test pages, such as https://mxtoolbox.com/emailhealth/ (there are others).
z!
![](https://secure.gravatar.com/avatar/4638d691ed76ac3e88a09925855416a4.jpg?s=120&d=mm&r=g)
On 6/25/24 09:13, Carl Zwanzig wrote:
Just to be sure, I would try your host's name in one of the DNS/email test pages, such as https://mxtoolbox.com/emailhealth/ (there are others).
Thanks Carl, a very good resource.
I put in compute.nomekennelclub.com and it shows nomekennelclub.com in the results.
I gave me several warnings. Zero Errors
DNS: Names servers on the same subnet
SMTP: Reverse DNS doesn't match SMTP Banner (The SMTP banner issued by your email server did not contain the hostname we resolved for your server’s IP address.)
SMTP: Does not support TLS
SMTP: 15.209 seconds - Not good! on Transaction Time
Reading up on this, the transaction time can cause warnings for reverse DNS and or TLS support. I did add TLSv1.3 into the Apache global config and rebuilt/restarted Apache, but still get that same warning.
As for #1 - name servers.. I don't think that is contributing to the mail rejections.
#2 - Reverse DNS - I have PTR records set for both compute.nkc.com (abbreviated) and nkc.com. So that could be a problem?
#3 - TLS - not sure what more I can do there
#4 - transaction time.. ? Not sure I have control over that.. but one thing I googled reported that one could "Introduce a delay into the SMTP transaction for unknown hosts and messages detected as spam" in Exim. Don't know about that.
/jd
![](https://secure.gravatar.com/avatar/dbf97c196d6ec08d02e175372aecc411.jpg?s=120&d=mm&r=g)
On 6/25/24 12:51, Jim Dory wrote:
#2 - Reverse DNS - I have PTR records set for both compute.nkc.com (abbreviated) and nkc.com. So that could be a problem?
DNS is Evil. A host should not have more than one PTR because if it does, it's not clear which PTR will be returned by the nameserver. Ditto for A record, becasue teh one PTR can only match one of those -- but with something like unbound that doesn't support CNAMEs, you won't have much choice. And if you do have CNAMEs, the client has to do extra work to find the A and match it to the PTR -- if it cares.
I'm guessing they are flagging it because it *should* be playing nice and sending its A hostname that has a corresp. (one) PTR record, in the SMTP banner.
Dima
![](https://secure.gravatar.com/avatar/4638d691ed76ac3e88a09925855416a4.jpg?s=120&d=mm&r=g)
On 6/25/24 15:32, Dmitri Maziuk wrote:
Thanks Dima,
I think our records are a mess, and I don't quite feel qualified to fix it. This mailing list started sometime mid 2000's and has gone thru changes that have followed us without being cleaned. We used to host the website nomekennelclub.com but they have since moved to a squarespace or somesuch server and we simply redirect to that page. I assume they get their mail services through that host, but in our records we have A records for things like webmail.nomekennelclub.com (nkc for short), mail.nkc.com, ftp.nkc.com, webdisk.nkc.com, whm.nkc.com, cpanel.nkc.com, autoconfig, autodiscover, cpcalendars, nomekennelclub.com, server, compute.nomekennelclub.com (an actual one), plus
we have A records for I think nameservers ns1 and ns2 which I don't think are being used.. in the message headers I see SE005.arandomserver.com and under mx lookups.
A couple of those A records, like cpanel may be used, not sure about the webmail one. I don't want to screw up the kennelclub if they are using it. I'll have to check, but I would like to start deleting some. Like the server one, from an older time.
As for PTR records, I'm still confused. We have 2, one for our new hostname: compute.nomekennelclub.com and for just the domain nomekennelclub.com . When I look at a header from mailing list post, I see both.
Not sure what this all tells me, I've removed some of it for a bit of brevity:
Return-Path: <nome-announce-bounces@nomekennelclub.com> Delivered-To: james@dorydesign.com Received: from lax003.hawkhost.com by lax003.hawkhost.com with LMTP id YGXEJcpGfGYPMQAAva6gig (envelope-from <nome-announce-bounces@nomekennelclub.com>) for <james@dorydesign.com>; Wed, 26 Jun 2024 09:50:18 -0700 Return-path: <nome-announce-bounces@nomekennelclub.com> Envelope-to: james@dorydesign.com Delivery-date: Wed, 26 Jun 2024 09:50:18 -0700 Received: from se006.arandomserver.com ([198.252.99.2]:35800) by lax003.hawkhost.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96.2) (envelope-from <nome-announce-bounces@nomekennelclub.com>) id 1sMVqd-0005de-1Z for james@dorydesign.com; Wed, 26 Jun 2024 09:50:18 -0700 X-DKIM-Failure: bodyhash_mismatch Received: from compute.nomekennelclub.com ([198.252.100.6]) by se006.arandomserver.com with esmtps (TLSv1.3:TLS_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <nome-announce-bounces@nomekennelclub.com>) id 1sMVqb-0004Dp-0l for james@dorydesign.com; Wed, 26 Jun 2024 11:50:18 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=nomekennelclub.com; s=default; [etc] Received: from [127.0.0.1] (port=33026 helo=compute.nomekennelclub.com) by compute.nomekennelclub.com with esmtp (Exim 4.97.1) (envelope-from <nome-announce-bounces@nomekennelclub.com>) id 1sMVq9-00000000bK5-4A0o; Wed, 26 Jun 2024 16:49:49 +0000 Received: from mail-pl1-f177.google.com ([209.85.214.177]:52372) by compute.nomekennelclub.com with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256 (Exim 4.97.1) (envelope-from <redacted@alaska.edu>) id 1sMVpP-00000000bHi-0XWS for nome-announce@nomekennelclub.com; Wed, 26 Jun 2024 16:49:06 +0000 Received: by mail-pl1-f177.google.com with SMTP id d9443c01a7336-1f6fabe9da3so56661465ad.0 for <nome-announce@nomekennelclub.com>; Wed, 26 Jun 2024 09:48:42 -0700 (PDT)
To: nome-announce@nomekennelclub.com X-Spam-Status: No, score=-94.2 X-Spam-Score: -941 X-Spam-Bar: --------------------------------------------------- X-Ham-Report: Spam detection software, running on the system "compute.nomekennelclub.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see root\@localhost for details. Content preview: Join us via ZOOM for the next presentation in our Strait Science series… US COAST GUARD COMMAND CENTER: SAVING LIVES AT SEA Content analysis details: (-94.2 points, 8.0 required) pts rule name description
-0.0 USER_IN_WELCOMELIST User is listed in 'welcomelist_from' -100 USER_IN_WHITELIST DEPRECATED: See USER_IN_WELCOMELIST 5.0 BAYES_99 BODY: Bayes spam probability is 99 to 100% [score: 1.0000] 1.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% [score: 1.0000] 0.0 URIBL_DBL_BLOCKED_OPENDNS ADMINISTRATOR NOTICE: The query to dbl.spamhaus.org was blocked due to usage of an open resolver. See https://www.spamhaus.org/returnc/pub/ [URIs: alaska.edu] 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: alaska.edu] 0.0 RCVD_IN_ZEN_BLOCKED_OPENDNS RBL: ADMINISTRATOR NOTICE: The query to zen.spamhaus.org was blocked due to usage of an open resolver. See https://www.spamhaus.org/returnc/pub/ [209.85.214.177 listed in zen.spamhaus.org] 0.0 URIBL_ZEN_BLOCKED_OPENDNS ADMINISTRATOR NOTICE: The query to zen.spamhaus.org was blocked due to usage of an open resolver. See https://www.spamhaus.org/returnc/pub/ [URIs: alaska.edu] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted Colors in HTML X-Spam-Flag: NO Subject: [NA] =?utf-8?q?STRAIT_SCIENCE=3A_TOMORROW=2C_June_27_=E2=80=A2_6?= =?utf-8?q?=3A30pm_=E2=80=A2_US_COAST_GUARD_COMMAND_CENTER=3A_SAVIN?= =?utf-8?q?G_LIVES_AT_SEA?= X-BeenThere: nome-announce@nomekennelclub.com X-Mailman-Version: 2.1.39
![](https://secure.gravatar.com/avatar/b273ab068bc220d17a3e4c710c401c4b.jpg?s=120&d=mm&r=g)
On 6/25/2024 10:51 AM, Jim Dory wrote:
That itself is suspicious (to a receiving MTA). And as Dmitri pointed out, multiple PTR records is also a problem.
Remember that many email systems look for "circular resolution" where eventually an A's address matches a PTR's name.
Example: lists.x.com -> smtp.x.com (CNAME) smtp.x.com -> 1.2.3.4 (A) 1.2.3.4 -> mail.p.com (PTR) mail.p.com -> 1.2.3.4 (A) ("equilibrium has been reached")
If 1.2.3.4 resolves to both mail.x.com and maybe mailhost.x.com (which might not have a matching A record), sometimes the magic smoke will come out :).
z!
participants (5)
-
Carl Zwanzig
-
Dmitri Maziuk
-
Jim Dory
-
Mark Sapiro
-
Steven D'Aprano