Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » KMS warning log enteries
  •  
binary

Messages: 14
Karma: 0
Send a private message to this user
hi all,

well I upgraded to KMS 6.1.1. All seems to be fine except that I have entries like so in my warning log in KMS (never had this problem with 6.1.0 and mine 6.1.0 was bloody stable...) anyways the 2 quirks I see are listed below..

DNS failure while trying to find address 165.52.97.203.relays.ordb.org in blacklist ORDB
[22/Nov/2005 16:13:21] DNS failure while trying to find address 165.52.97.203.bl.spamcop.net in blacklist SpamCop
[22/Nov/2005 16:19:50] DNS failure while trying to find address 197.13.153.222.relays.ordb.org in blacklist ORDB
[22/Nov/2005 16:19:55] DNS failure while trying to find address 197.13.153.222.bl.spamcop.net in blacklist SpamCop
[22/Nov/2005 16:20:00] DNS failure while trying to find address 197.13.153.222.rhsbl.sorbs.net in blacklist SORBS RHSBL
[22/Nov/2005 16:24:13] DNS failure while trying to find address 100.147.234.205.bl.spamcop.net in blacklist SpamCop

and also I noticed when using the administration console when i select multiple users and edit the description field the console just hangs and closes. (so i need to double click the notification tray icon to log back into the console..it doesn't save the description either... ) my error log is clean..not a single entry but the warning log has alot of the DNS failure entries. all mail seems to get delivered...so can't see anything wrong...

any ideas or pointers from the gurus...

cheers.
  •  
sedell

Messages: 1168
Karma: 1
Send a private message to this user
I used to get a lot of DNS failures until I added more DNS servers. Between the blacklists, reverse lookups for hostnames, SPF checks, Caller ID, then all the standard forward lookups, KMS is pretty heavy on DNS.

If you're sure you've got sufficient DNS, you could enable the DNS resolver logging on the debug log. Look for excessive timeouts, requests regularly going on to a 2nd or third DNS server for a start. Also look for any errors in general of course, but the DNS resolver logging is a good place to start.

Scott
  •  
sedell

Messages: 1168
Karma: 1
Send a private message to this user
Speaking of DNS, has anyone else notice the DNS caching apparently not working? I just enabled my DNS resolver logs and it doesn't appear to be caching any more. We have an application that polls a mailbox via POP3 every 30 seconds looking for new mail. Every 30 seconds there's another PTR lookup.

Scott
  •  
binary

Messages: 14
Karma: 0
Send a private message to this user
thanks Scott,
sorted it out...i have entries for cache being searched.

regards.
  •  
birkoff

Messages: 13
Karma: 0
Send a private message to this user
Hi all!

I have the same log entrys...

[31/May/2006 08:13:40] DNS failure while trying to find address 213.232.117.192.argentina.blackholes.us in blacklist Argentina Spamers
[31/May/2006 14:32:55] DNS failure while trying to find address 220.122.83.220.korea.blackholes.us in blacklist Korea Spamers

But i'm wondering what is happen whith that mail/spam? In another logs i don't see activity at that time, so i think that mail/spam is blocked or rejected?


Greetings
  •  
sedell

Messages: 1168
Karma: 1
Send a private message to this user
Interesting - I'm also getting periodic DNS failures for blackholes.us lists. Perhaps they are having problems? At first I thought it was on my end.

From what I can see in the SMTP debug logs, if there's a DNS failure while looking up a blacklist, it treats the address as not being found, and continues. I can see connections that had a DNS failure while resolving the blackholes.us lookup successfully delivering mail.

Scott
  •  
birkoff

Messages: 13
Karma: 0
Send a private message to this user
Strange.. i haven't future trace of mail/spam.. therefore i'm wondering what happen with it :(

In SMTP server -> Security Options -> Additional options
i have check "Block if sender's mail domain wes not found in DNS"

So maby is mail/spam blocked? But whay is not that in log.. :S


Greetings
  •  
sedell

Messages: 1168
Karma: 1
Send a private message to this user
That's possible. It will still use any custom rules, spam filtering, SPF and all the other anti-spam measures to determine if it should be bounced or flagged as spam. It's possible one of those blocked the message. There should be a log of it somewhere though. If not in the mail log, possibly the security or spam logs.

Scott
  •  
birkoff

Messages: 13
Karma: 0
Send a private message to this user
sedell wrote on Wed, 31 May 2006 17:20

There should be a log of it somewhere though. If not in the mail log, possibly the security or spam logs.


Yes i agree with you.. but there is nothing about it in another logs... that's bothering me.. :(


Thanks
  •  
sedell

Messages: 1168
Karma: 1
Send a private message to this user
Yeah. I agree. That would bother me as well. It's possible that if something like Spam Repellent blocked it, and you don't have it set to log, it might not show up anywhere.

You could always enable the SMTP logging in the debug log to see what happens after the failure.

Scott
  •  
birkoff

Messages: 13
Karma: 0
Send a private message to this user
sedell wrote on Wed, 31 May 2006 17:35

You could always enable the SMTP logging in the debug log to see what happens after the failure.


I did. And i think i maby know what is happening..

At the start of season is here a IP check in blackilsts...

[31/May/2006 17:41:54][3748] {smtps} Server session begin; client connected from 193.189.160.132:48156
[31/May/2006 17:41:54][3748] {smtps} Looking up address 193.189.160.132 in DNS blacklist SpamCop...
[31/May/2006 17:41:54][3748] {smtps} Address 132.160.189.193.bl.spamcop.net not found in DNS blacklist SpamCop
[31/May/2006 17:41:54][3748] {smtps} Looking up address 193.189.160.132 in DNS blacklist SpamHaus SBL-XBL...
[31/May/2006 17:41:54][3748] {smtps} Address 132.160.189.193.sbl-xbl.spamhaus.org not found in DNS blacklist SpamHaus SBL-XBL

So, now i think, when form one of the blacklist in no answer for a while, remote sever just close the connection - like ping timeout.. because is spam, is wait time short.

What do you think?


Greetings




  •  
sedell

Messages: 1168
Karma: 1
Send a private message to this user
It will eventually log the DNS failure, but there will be delays:

[31/May/2006 12:16:27][5432] {smtps} Looking up address 209.191.125.60 in DNS blacklist china.blackholes.us...

Then after a delay
[31/May/2006 12:16:39][5432] {smtps} DNS failure while trying to find address 60.125.191.209.china.blackholes.us in blacklist china.blackholes.us


Scott
  •  
sedell

Messages: 1168
Karma: 1
Send a private message to this user
I just had another thought. If the remote server does drop the connection before the DNS error occurs, KMS should still log the connection either closing, or timing out.

Scott
  •  
birkoff

Messages: 13
Karma: 0
Send a private message to this user
sedell wrote on Wed, 31 May 2006 18:25

I just had another thought. If the remote server does drop the connection before the DNS error occurs, KMS should still log the connection either closing, or timing out.



Ok. Now i have setup SMTP loging and will wait for an incident :)
Then will report it here...


C'ya
birkoff

Messages: 13
Karma: 0
Send a private message to this user
HEHE i think i know what was wrong :)
In warning log is ip written backward :D Like: a.b.c.d -> d.c.b.a


Greetings
Previous Topic: spamassassin folder in the store directory
Next Topic: Nokia PC Sync and KMS
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Nov 21 09:25:11 CET 2017

Total time taken to generate the page: 0.00499 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.