Hi all,
Anyone have any idea why mail generated by Mantis being treated as Junk Mail? I tried googling around but no luck. Here's the header email received. Appreciate if someone could enlighten what configuration can I change to eliminate this problem.
----------------------------------------------------------------------------------
Received: from 60.51.251.42 by somd3.fc5.com (envelope-from <username@domain.com>, uid 89) with qmail-scanner-1.25st
(f-prot: 4.6.1/3.16.8. spamassassin: 3.0.2. perlscan: 1.25st.
Clear:RC:0(60.51.251.42):SA:1(6.0/5.0):.
Processed in 3.384999 secs); 29 Aug 2006 07:44:07 -0000
X-Spam-Status: Yes, hits=6.0 required=5.0
X-Spam-Level: ++++++
X-Spam-Report: SA TESTS
1.3 FH_RELAY_NODNS We could not determine your Reverse DNS
1.7 DATE_IN_FUTURE_06_12 Date: is 6 to 12 hours after Received: date
0.2 NORMAL_HTTP_TO_IP URI: Uses a dotted-decimal IP address in URL
1.2 IP_LINK_PLUS URI: Dotted-decimal IP address followed by CGI
1.9 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP
[60.51.251.42 listed in combined.njabl.org]
-0.3 AWL AWL: From: address is in the auto white-list
----------------------------------------------------------------------------------
Fyi, each of the email notification arrived in my mailbox have different value of X-Spam Hits.
Thank you.
Eric
Email Notification arrived at Junk Mail Folder
Moderators: Developer, Contributor
Well, the spam report told you many of the reasons.
* 1.3 FH_RELAY_NODNS We could not determine your Reverse DNS
This means that when the mail relay looked up your bugbase's ip address, it could not find a domain n ame that it liked. Are the DNS entries for your bugbase's IP address correct?
* 0.2 NORMAL_HTTP_TO_IP URI: Uses a dotted-decimal IP address in URL
Well, that answers the first question. If you were to add your bugbase server to your DNS listings (say, give it a name like mantis.mycompany.com) then this woudl be solved.
* 1.7 DATE_IN_FUTURE_06_12 Date: is 6 to 12 hours after Received: date
Make sure that your bugbase server's and email server's time and time zone settings make sense. Are the clocks on these servers synchronized using NTP?
1.9 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP
[60.51.251.42 listed in combined.njabl.org]
Oops! That IP address has some kind of server on it (with a pretty but backwards north coast of Eurasia). If you go to the web site combined.njabl.org it explains that it's a list of ip addresses that spam has been known to come from. It's time you looked at that machine's sendmail server to make sure it's not open. Does it accept mail relays from anywhere? If it does, then it's probably being used to send junk mail, and that's why it ended up on this list.
* 1.3 FH_RELAY_NODNS We could not determine your Reverse DNS
This means that when the mail relay looked up your bugbase's ip address, it could not find a domain n ame that it liked. Are the DNS entries for your bugbase's IP address correct?
* 0.2 NORMAL_HTTP_TO_IP URI: Uses a dotted-decimal IP address in URL
Well, that answers the first question. If you were to add your bugbase server to your DNS listings (say, give it a name like mantis.mycompany.com) then this woudl be solved.
* 1.7 DATE_IN_FUTURE_06_12 Date: is 6 to 12 hours after Received: date
Make sure that your bugbase server's and email server's time and time zone settings make sense. Are the clocks on these servers synchronized using NTP?
1.9 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP
[60.51.251.42 listed in combined.njabl.org]
Oops! That IP address has some kind of server on it (with a pretty but backwards north coast of Eurasia). If you go to the web site combined.njabl.org it explains that it's a list of ip addresses that spam has been known to come from. It's time you looked at that machine's sendmail server to make sure it's not open. Does it accept mail relays from anywhere? If it does, then it's probably being used to send junk mail, and that's why it ended up on this list.
Hi mroeder, thanks for enlightening. However I'm still uncertain bout something.
* 1.3 FH_RELAY_NODNS We could not determine your Reverse DNS
This means that when the mail relay looked up your bugbase's ip address, it could not find a domain n ame that it liked. Are the DNS entries for your bugbase's IP address correct?
>>> but my Mantis Server is located internally (LAN IP) accessing internet using NAT at Firewall.
* 0.2 NORMAL_HTTP_TO_IP URI: Uses a dotted-decimal IP address in URL
Well, that answers the first question. If you were to add your bugbase server to your DNS listings (say, give it a name like mantis.mycompany.com) then this woudl be solved.
>>> I do not have own DNS. I'm using DNS provided by my ISP.
* 1.7 DATE_IN_FUTURE_06_12 Date: is 6 to 12 hours after Received: date
Make sure that your bugbase server's and email server's time and time zone settings make sense. Are the clocks on these servers synchronized using NTP?
>>> I'm sending email notification using sendmail. Yes the clock on my server is synchronized.
1.9 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP
[60.51.251.42 listed in combined.njabl.org]
Oops! That IP address has some kind of server on it (with a pretty but backwards north coast of Eurasia). If you go to the web site combined.njabl.org it explains that it's a list of ip addresses that spam has been known to come from. It's time you looked at that machine's sendmail server to make sure it's not open. Does it accept mail relays from anywhere? If it does, then it's probably being used to send junk mail, and that's why it ended up on this list.
>>> Actually 60.51.251.42 is my public ip which used for NAT.
Currently I informed my mail provider to create a rules to move all email coming from mantis server to inbox for all users. However I'm interested to know more about this. Advice is highly appreciated.
Cheers,
Eric
* 1.3 FH_RELAY_NODNS We could not determine your Reverse DNS
This means that when the mail relay looked up your bugbase's ip address, it could not find a domain n ame that it liked. Are the DNS entries for your bugbase's IP address correct?
>>> but my Mantis Server is located internally (LAN IP) accessing internet using NAT at Firewall.
* 0.2 NORMAL_HTTP_TO_IP URI: Uses a dotted-decimal IP address in URL
Well, that answers the first question. If you were to add your bugbase server to your DNS listings (say, give it a name like mantis.mycompany.com) then this woudl be solved.
>>> I do not have own DNS. I'm using DNS provided by my ISP.
* 1.7 DATE_IN_FUTURE_06_12 Date: is 6 to 12 hours after Received: date
Make sure that your bugbase server's and email server's time and time zone settings make sense. Are the clocks on these servers synchronized using NTP?
>>> I'm sending email notification using sendmail. Yes the clock on my server is synchronized.
1.9 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP
[60.51.251.42 listed in combined.njabl.org]
Oops! That IP address has some kind of server on it (with a pretty but backwards north coast of Eurasia). If you go to the web site combined.njabl.org it explains that it's a list of ip addresses that spam has been known to come from. It's time you looked at that machine's sendmail server to make sure it's not open. Does it accept mail relays from anywhere? If it does, then it's probably being used to send junk mail, and that's why it ended up on this list.
>>> Actually 60.51.251.42 is my public ip which used for NAT.
Currently I informed my mail provider to create a rules to move all email coming from mantis server to inbox for all users. However I'm interested to know more about this. Advice is highly appreciated.
Cheers,
Eric
My guess is that your NAT/firewall ip address does not have an entry in your DNS tables. You have two solutions: ask your email administrator to make it accept email forwarding from your firewall server or give your firewall ip address a legitimate DNS entry thatthe mailserver will recognize.
The problem is that this makes your email server look like an open relay from inside your firewall. If any of your workstations gets infected by a spambot virus, you want your firewall to prevent it sending out spam. To prevent this, you will have to program your firewall to forward that kind of mail packet only fron your bugbase. And if your bugbase is running Windows, turn on its firewall and never run Outlook or Outlook Express on it.
These issues get complex pretty quickly.
I'm still worried about the NJABL thing. You should research them and try to convince them to remove your server from their list. Find out how it got on their list to begin with and make sure you don't have any spambots running in your domain.
The problem is that this makes your email server look like an open relay from inside your firewall. If any of your workstations gets infected by a spambot virus, you want your firewall to prevent it sending out spam. To prevent this, you will have to program your firewall to forward that kind of mail packet only fron your bugbase. And if your bugbase is running Windows, turn on its firewall and never run Outlook or Outlook Express on it.
These issues get complex pretty quickly.
I'm still worried about the NJABL thing. You should research them and try to convince them to remove your server from their list. Find out how it got on their list to begin with and make sure you don't have any spambots running in your domain.