DNS error. Test: "RDNS/PTR", built-in DNS resolver, domain: "162.250.98.114", record type: PTR. DNS response: DNS server or domain failure (SERVFAIL, RCODE 2). - ORF Forums

DNS error. Test: "RDNS/PTR", built-in DNS resolver, domain: "162.250.98.114", record type: PTR. DNS response: DNS server or domain failure (SERVFAIL, RCODE 2). RSS Back to forum

1

DNS error. Test: "RDNS/PTR", built-in DNS resolver, domain: "162.250.98.114", record type: PTR. DNS response: DNS server or domain failure (SERVFAIL, RCODE 2).

Spam is getting through with this error every 5-6 minutes. Per the Online Knowledge Database I am using the built in DNS resolver. Any ideas? Thanks in advance for any help.

by michael.mulhern 3 years ago
2

I'll chime in since ORF support may not get back to you until tomorrow. They may override my answer but this can get you started today.

I think this error is normal for an IP that does not support Reverse DNS (it is up to the ISP that controls that IP and perhaps the user via their account management to be sure reverse DNS is supported).

Some of us choose to "Enable Sender IP Reverse Name Validation" in the Reverse DNS test to avoid accepting emails from IP's with no reverse DNS. You can decide if that is what you want.

Here is what I get when I checked RDNS for that IP (confirming there is no Reverse DNS for that IP published)

Microsoft Windows [Version 10.0.10586]
(c) 2015 Microsoft Corporation. All rights reserved.

C:\Users\...>nslookup

> server 8.8.8.8
Default Server: google-public-dns-a.google.com
Address: 8.8.8.8

> type=ptr
Server: google-public-dns-a.google.com
Address: 8.8.8.8

*** google-public-dns-a.google.com can't find type=ptr: Non-existent domain
> 162.250.98.114
Server: google-public-dns-a.google.com
Address: 8.8.8.8

*** google-public-dns-a.google.com can't find 162.250.98.114: Server failed
>

by Sam Russo 3 years ago
3

@Sam Russo: Thank you for your reply Sam. I do have "Enable Sender IP Reverse Name Validation" enabled in the Reverse DNS test. But I also have enabled 'Sender Domain Validation.' Maybe both should not be enabled? An either/or proposition?

by michael.mulhern 3 years ago
(in reply to this post)

4

@michael.mulhern: I also have both enabled so no, I don't think that is a problem.

You may want to consider an IP Range Blacklist entry as a stopgap until tomorrow when Vamsoft can get back to you.

Using tcpiputils.com you can see that this IP range is assigned to Fevvo. Depending on what you want you can set a tight or loose range.
162.250.96.0/21 - loose
162.250.98.114/24 - tight

You can view your logs to see if you get legit email from this range before setting an IP blacklist. Its up to you but this should take care of the immediate blast until tomorrow.

Good luck,
Sam

by Sam Russo 3 years ago
(in reply to this post)

5

@michael.mulhern: If you are not already using them, I would recommend subscribing to SpamHaus. They are good for IP reputation although it takes an hour or more for new IPs to appear in their list so if your spammer likes to jump around to new IP ranges it may not help much.

by Sam Russo 3 years ago
(in reply to this post)

6

@michael.mulhern: A multi-layer approach works best here too: I see *.top spam from that range you cited and I've been catching it with a Sender Blacklist for common top-level domains that are spammy. You may need to customize this for your own needs. It is a regex in the form of (?!exceptions)(?=targets)

(?!.*(berlitz|linkedin))(?=.*\@.+\.(asia|(co|or)\.at|biz|bg|cc|email|ga|gdn|kz|link|in\.net|ml|pt|rocks|tk|co\.tz|top|website|win|us)$)

I have other rules regarding garbage TLDs but that's another story.

Not sure how much experience you have with ORF but it takes a while to build up the rules to make it effective for your user base.

by Sam Russo 3 years ago
(in reply to this post)

7

@michael.mulhern: Hello Michael,

Sam is absolutely right in regard to the RDNS/PTR issue and his last suggestion might very well solve your spam issue. In fact, I would strongly suggest adding at least a similar "Top-Level Domain (TLD) filter" to the Sender Blacklist if you see a lot of spam coming from low-reputation garbage TLDs, such as .top, .download, .win, etc.

That being said, if you see the "SERVFAIL, RCODE2" error message logged for most of the DNS-based tests, I suggest that you consult the following Knowledge Base article for possible solutions and troubleshooting tips: http://vamsoft.com/support/docs/knowledge-base/servfail-rcode2

However, in case you keep receiving spam that ORF is seemingly unable to deal with, please send us (to ) a few recent ORF log files (e.g. orfee-2016-08-09.log) and the ORF configuration file (called orfent.ini) for analysis and we will get back to you with our findings as soon as possible. The requested files can be found in the ORF program directory by default (\Program Files (x86)\ORF Fusion).

by Daniel Novak (Vamsoft) 3 years ago
(in reply to this post)

8

Thank you for your suggestions. I'll play around with the TLD Filter and see where it takes me. Thanks again!

by michael.mulhern 3 years ago

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

It will not be published.
hnp1 | hnp2