Hi,
some of our users have received spam/phishing email in INBOX.
Investigating I found that the cause is the time that spamassassin spent
to returna result, 30 seconds in the dkim adsp:
[...]
Reply-To: server-admin@mailserverupgrader.xyz
From: "MEssage Center -? companyname.it"
<server-admin@mailserverupgrader.xyz>
To: name.surname@companyname.it
[...]
Oct 20 16:22:41.142 [27900] dbg: FreeMail: RULE (FREEMAIL_FROM)
check_freemail_from
Oct 20 16:22:41.142 [27900] dbg: FreeMail: all from-addresses:
cindy.vandwest@gmail.com, server-admin@mailserverupgrader.xyz
Oct 20 16:22:41.142 [27900] dbg: FreeMail: HIT! cindy.vandwest@gmail.com
is freemail
Oct 20 16:22:41.153 [27900] dbg: dkim: using Mail::DKIM version 0.39
Oct 20 16:22:41.154 [27900] dbg: dkim: performing public key lookup and
signature verification
Oct 20 16:22:51.155 [27900] dbg: dkim: FAILED DKIM,
i=@serverupgrader.xyz, d=serverupgrader.xyz, s=default, a=rsa-sha1,
c=relaxed/relaxed, unknown key size, invalid, does not match author domain
Oct 20 16:22:51.155 [27900] dbg: dkim: signature verification result:
INVALID (PUBLIC KEY: DNS QUERY TIMEOUT FOR
DEFAULT._DOMAINKEY.SERVERUPGRADER.XYZ)
Oct 20 16:22:51.155 [27900] dbg: dkim: adsp: performing lookup on
_adsp._domainkey.mailserverupgrader.xyz
[ NOTE 30 seconds here ]
Oct 20 16:23:11.155 [27900] dbg: dkim: adsp: fetch or parse on domain
mailserverupgrader.xyz failed: DNS query timeout for mailserverupgrader.xyz
Oct 20 16:23:11.156 [27900] dbg: dkim: signing practices on
mailserverupgrader.xyz unavailable
Oct 20 16:23:11.156 [27900] dbg: dkim: adsp result: U/unknown (dns: no
result), author domain 'mailserverupgrader.xyz'
Oct 20 16:23:11.156 [27900] dbg: rules: uri host enlisted
(SUSP_URI_NTLD): serverupgrader.xyz (xyz)
Oct 20 16:23:11.156 [27900] dbg: rules: ran eval rule PDS_OTHER_BAD_TLD
======> got hit (1)
Oct 20 16:23:11.157 [27900] dbg: eval: From 2nd level domain:
mailserverupgrader.xyz, EnvelopeFrom 2nd level domain: gmail.com
Oct 20 16:23:11.157 [27900] dbg: rules: ran eval rule
HEADER_FROM_DIFFERENT_DOMAINS ======> got hit (1)
Oct 20 16:23:11.157 [27900] dbg: spf: already checked for Received-SPF
headers, proceeding with DNS based checks
Oct 20 16:23:11.157 [27900] dbg: spf: found Envelope-From in first
external Received header
Can it be a tactic?
How can I configure this timeout to 5 seconds or similar?
Thanks
--
Alessio Cecchi
Postmaster @ http://www.qboxmail.it
https://www.linkedin.com/in/alessice
some of our users have received spam/phishing email in INBOX.
Investigating I found that the cause is the time that spamassassin spent
to returna result, 30 seconds in the dkim adsp:
[...]
Reply-To: server-admin@mailserverupgrader.xyz
From: "MEssage Center -? companyname.it"
<server-admin@mailserverupgrader.xyz>
To: name.surname@companyname.it
[...]
Oct 20 16:22:41.142 [27900] dbg: FreeMail: RULE (FREEMAIL_FROM)
check_freemail_from
Oct 20 16:22:41.142 [27900] dbg: FreeMail: all from-addresses:
cindy.vandwest@gmail.com, server-admin@mailserverupgrader.xyz
Oct 20 16:22:41.142 [27900] dbg: FreeMail: HIT! cindy.vandwest@gmail.com
is freemail
Oct 20 16:22:41.153 [27900] dbg: dkim: using Mail::DKIM version 0.39
Oct 20 16:22:41.154 [27900] dbg: dkim: performing public key lookup and
signature verification
Oct 20 16:22:51.155 [27900] dbg: dkim: FAILED DKIM,
i=@serverupgrader.xyz, d=serverupgrader.xyz, s=default, a=rsa-sha1,
c=relaxed/relaxed, unknown key size, invalid, does not match author domain
Oct 20 16:22:51.155 [27900] dbg: dkim: signature verification result:
INVALID (PUBLIC KEY: DNS QUERY TIMEOUT FOR
DEFAULT._DOMAINKEY.SERVERUPGRADER.XYZ)
Oct 20 16:22:51.155 [27900] dbg: dkim: adsp: performing lookup on
_adsp._domainkey.mailserverupgrader.xyz
[ NOTE 30 seconds here ]
Oct 20 16:23:11.155 [27900] dbg: dkim: adsp: fetch or parse on domain
mailserverupgrader.xyz failed: DNS query timeout for mailserverupgrader.xyz
Oct 20 16:23:11.156 [27900] dbg: dkim: signing practices on
mailserverupgrader.xyz unavailable
Oct 20 16:23:11.156 [27900] dbg: dkim: adsp result: U/unknown (dns: no
result), author domain 'mailserverupgrader.xyz'
Oct 20 16:23:11.156 [27900] dbg: rules: uri host enlisted
(SUSP_URI_NTLD): serverupgrader.xyz (xyz)
Oct 20 16:23:11.156 [27900] dbg: rules: ran eval rule PDS_OTHER_BAD_TLD
======> got hit (1)
Oct 20 16:23:11.157 [27900] dbg: eval: From 2nd level domain:
mailserverupgrader.xyz, EnvelopeFrom 2nd level domain: gmail.com
Oct 20 16:23:11.157 [27900] dbg: rules: ran eval rule
HEADER_FROM_DIFFERENT_DOMAINS ======> got hit (1)
Oct 20 16:23:11.157 [27900] dbg: spf: already checked for Received-SPF
headers, proceeding with DNS based checks
Oct 20 16:23:11.157 [27900] dbg: spf: found Envelope-From in first
external Received header
Can it be a tactic?
How can I configure this timeout to 5 seconds or similar?
Thanks
--
Alessio Cecchi
Postmaster @ http://www.qboxmail.it
https://www.linkedin.com/in/alessice