I think you are making an assumption it's doing a lookup. To me, it appears to be looking at information parsed from the received headers:
header __RDNS_NONE X-Spam-Relays-External =~ /^[^\]]+ rdns= / meta RDNS_NONE (__RDNS_NONE && !__CGATE_RCVD && !__DOMINO_RCVD) That appears to be parsed out of the received headers not using a lookup. Regards, KAM -- Kevin A. McGrail VP Fundraising, Apache Software Foundation Chair Emeritus Apache SpamAssassin Project https://www.linkedin.com/in/kmcgrail - 703.798.0171 On Wed, Sep 26, 2018 at 3:35 AM Dan Malm <d...@one.com> wrote: > Hi, > > I've been getting some complaints from users about mails received being > flagged with the HDR_ORDER_FTSDMCXX_NORDNS rule where the sender appears > to have correct RDNS. While trying to figure this out I found that it > seems like the SpamAssassin version I have doesn't actually do any PTR > check, and thus all mails will hit the RDNS_NONE rule. > > To verify I've installed a clean version of SpamAssassin 3.4.1 on a VPS > running Ubuntu 18.04. I sent myself an email from gmail, who definitely > does have correct RDNS, and then ran the source > (https://pastebin.com/gE0qauf1) through SpamAssassin with a user_prefs > score set for RDNS_NONE > > The debug info show no RDNS for any relay: > > Sep 26 07:16:07.890 [21117] dbg: metadata: X-Spam-Relays-Internal: [ > ip=10.27.26.11 rdns= helo=mx1.pub.mailpod3-cph3.one.com > by=mailstorage0.cst.mailpod3-cph3.one.com ident= envfrom= intl=1 > id=SNkcMEAqq1uBjAAAhMrzvA auth= msa=0 ] > Sep 26 07:16:07.891 [21117] dbg: metadata: X-Spam-Relays-External: [ > ip=209.85.166.170 rdns= helo=mail-it1-f170.google.com > by=mx1.pub.mailpod3-cph3.one.com ident= envfrom= intl=0 > id=49846d91-c157-11e8-afca-e0d84894a001 auth= msa=0 ] > > A tcpdump (udp port 53) shows no attempt to do a query for PTR: > https://pastebin.com/DDwdW9gu > As a reference, if I do a dig -x 209.85.166.170 I get this while doing > the same tcpdump: > IP 188.166.16.195.54095 > 67.207.67.3.53: 17606+ [1au] PTR? > 170.166.85.209.in-addr.arpa. (56) > IP 188.166.16.195.48750 > 67.207.67.2.53: 23774+ [1au] PTR? > 170.166.85.209.in-addr.arpa. (56) > IP 67.207.67.2.53 > 188.166.16.195.48750: 23774 1/0/1 PTR > mail-it1-f170.google.com. (94) > IP 67.207.67.3.53 > 188.166.16.195.54095: 17606 1/0/1 PTR > mail-it1-f170.google.com. (94) > > And it does hit the RDNS_NONE rule > > Is anyone else seeing the same, or have I missed something? > > -- > BR/Mvh. Dan Malm, Systems Engineer, One.com > >
