Strange work of DHA - ORF Forums

Strange work of DHA RSS Back to forum

1

I've configured DHA protection but log seems strange to me.
I can't understand how after ip block by DHA there are still Recipient is not valid reply to some letters from this ip, also I've set 5 try before block of ip in DHA settings, but log show a lot more try before DHA activated:

2/25/2011 2:08:13 PM Reject 77.123.40.181 Recipient is not valid.
2/25/2011 2:08:28 PM Reject 77.123.40.181 Recipient is not valid.
2/25/2011 2:09:18 PM Reject 77.123.40.181 Recipient is not valid.
2/25/2011 2:09:34 PM Reject 77.123.40.181 Blacklisted by the Reverse DNS test (no reverse name).
2/25/2011 2:10:23 PM Reject 77.123.40.181 Blacklisted by the Reverse DNS test (no reverse name).
2/25/2011 2:10:38 PM Reject 77.123.40.181 Blacklisted by the Reverse DNS test (no reverse name).
2/25/2011 2:11:28 PM Reject 77.123.40.181 Blacklisted by the Reverse DNS test (no reverse name).
2/25/2011 2:11:57 PM Reject 77.123.40.181 Blacklisted by the Reverse DNS test (no reverse name).
2/25/2011 2:12:33 PM Reject 77.123.40.181 Blacklisted by the Reverse DNS test (no reverse name).
2/25/2011 2:13:02 PM Reject 77.123.40.181 Blacklisted by the Reverse DNS test (no reverse name).
2/25/2011 2:13:47 PM Reject 77.123.40.181 Blacklisted by the Reverse DNS test (no reverse name).
2/25/2011 2:14:07 PM Reject 77.123.40.181 Blacklisted by the Reverse DNS test (no reverse name).
2/25/2011 2:14:52 PM Reject 77.123.40.181 Blacklisted by the Reverse DNS test (no reverse name).
2/25/2011 2:15:12 PM Reject 77.123.40.181 Blacklisted by the Reverse DNS test (no reverse name).
2/25/2011 2:15:57 PM Reject 77.123.40.181 Blacklisted by the Reverse DNS test (no reverse name).
2/25/2011 2:16:17 PM Reject 77.123.40.181 Recipient is not valid.
2/25/2011 2:17:02 PM Reject 77.123.40.181 Recipient is not valid.
2/25/2011 2:17:27 PM Reject 77.123.40.181 Blacklisted by the Reverse DNS test (no reverse name).
2/25/2011 2:18:07 PM Reject 77.123.40.181 Recipient is not valid.
2/25/2011 2:18:32 PM Reject 77.123.40.181 Blacklisted by the DHA Protection Test.
2/25/2011 2:19:24 PM Reject 77.123.40.181 Blacklisted by the DHA Protection Test.
2/25/2011 2:19:37 PM Reject 77.123.40.181 Blacklisted by the DHA Protection Test.
2/25/2011 2:20:29 PM Reject 77.123.40.181 Blacklisted by the DHA Protection Test.
2/25/2011 2:20:59 PM Reject 77.123.40.181 Blacklisted by the DHA Protection Test.
2/25/2011 2:21:34 PM Reject 77.123.40.181 Blacklisted by the DHA Protection Test.
2/25/2011 2:22:01 PM Reject 77.123.40.181 Blacklisted by the DHA Protection Test.
2/25/2011 2:22:49 PM Reject 77.123.40.181 Recipient is not valid.
2/25/2011 2:23:17 PM Reject 77.123.40.181 Blacklisted by the DHA Protection Test.
2/25/2011 2:23:54 PM Reject 77.123.40.181 Recipient is not valid.
2/25/2011 2:24:59 PM Reject 77.123.40.181 Recipient is not valid.

by Sergey Dashko 8 years ago
2

@Sergey Dashko: Can you please email complete log files (.log extension) to ? Thank you.

by Peter Karsai (ORF Team) 8 years ago
(in reply to this post)

3

@Sergey Dashko: Thank you. I have checked your logs and found that DHA Protection is probably working properly. This is a side effect of the ORF test order - I suspect the Recipient Validation test is configured as a whitelist test exception on your system and the DHA Protection test is not (Configuration / Tests / Tests / Whitelist Test Exceptions).

Due to the above configuration, the Recipient Validation test runs first and will stop an email with an invalid recipient before the DHA Protection Test would have the chance to run. With valid recipients, the Recipient Validation test is passed and the test evaluation eventually reaches the DHA Protection Test, which will blacklist the email.

In other words, in the above configuration some emails will be caught by the Recipient Validation (and maybe some other) tests first, because of the test order. If they pass the preceeding tests, the DHA Protection test will catch them.

The order of tests is documented in the "Test Order and Priority" topic of the ORF Help.

You can eliminate the above issue by making the DHA Protection Test excepted, but that change will be cosmetic only, not making the filtering any better. In fact, it may reduce the system throughput a little, given validating a recipient is quite fast compared to database operations (at least with ORF External Databases).

Please let me know if that helped.

by Peter Karsai (ORF Team) 8 years ago
(in reply to this post)

4

It seems strange to me.
Why whitelist test exception influence the work of DHA?
I haven't this ip in whitelist.
But I have set DHA Protection Test excepted.
Thank you for your help.

by Sergey Dashko 8 years ago
5

@Sergey Dashko: It is because of the test order. ORF executes its tests in a specific, fixed order, which can be slightly modified by whitelist test exceptions. Once a test determines the status of the email, the evaluation stops right there.

When you make a test excepted, it changes the test order, making it one of the very first tests run, even before the whitelist tests (note that some blacklists are excepted by default). When you have two blacklists, one excepted and one not excepted, the evaluation order will look like this:

* Excepted Blacklist
* Whitelists
* Non-Excepted Blacklists

If the Recipient Validation Test is excepted, but the DHA Protection Test is not, the Recipient Validation Test is always evaluated before the DHA Protection Test. If the recipient does not exist, the evaluation stops right at the Recipient Validation Test. Only if that test allows through the email and no intermediate test determines the email status will the DHA Protection Test reached.

I hope that makes sense.

by Peter Karsai (ORF Team) 8 years ago
(in reply to this post)

6

Thank you for explanation.
I understood how it is, but I think it would be good to be able to modify tests order in future version.

by Sergey Dashko 8 years ago

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

It will not be published.
hnp1 | hnp2