spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Klein <ter...@web.de>
Subject Re: dns-blocklist aren't used but should be
Date Tue, 09 Jan 2018 15:15:04 GMT
Thanks for your answers.
The system spamassassin is installed on is the following: 4.9.0-4-amd64 
#1 SMP Debian 4.9.51-1 (2017-09-28) x86_64 GNU/Linux

spamassassin -V outputs this:
SpamAssassin version 3.4.1
   running on Perl version 5.24.1

I did not install spamassassin myself, however these were the 
installation steps taken:
apt-get install g++ ( needed for Encode::Detect )
apt-get install libssl-dev ( for DKIM )
in cpan:
install Net::DNS
install NetAddr::IP
install Mail::SPF
install Mail::DKIM

There is no entry in the local.cf regarding dns, so default settings 
should be used.

I did a "spamassassin -t -D < testmail | grep dns"
It outputs many lines, so here is one of the interesting parts:

Jan  8 10:31:15.456 [31076] dbg: dns: bgsend, DNS servers: [127.0.0.1]:53
Jan  8 10:31:15.456 [31076] dbg: dns: attempt 1/1, trying connect/sendto 
to [127.0.0.1]:53
Jan  8 10:31:15.456 [31076] dbg: dns: providing a callback for id: 
8553/IN/TXT/233.182.90.103.sa-accredit.habeas.com
Jan  8 10:31:15.456 [31076] dbg: async: starting: DNSBL-TXT, 
dns:TXT:233.182.90.103.sa-accredit.habeas.com (timeout 15.0s, min 3.0s)
Jan  8 10:31:15.456 [31076] dbg: dns: checking RBL zen.spamhaus.org., 
set zen-lastexternal
Jan  8 10:31:15.456 [31076] dbg: dns: IPs found: full-external: 
103.90.182.233 untrusted: 103.90.182.233 originating:
Jan  8 10:31:15.456 [31076] dbg: netset: trusted_networks cached lookup 
on 103.90.182.233, 2 networks, result: 0
Jan  8 10:31:15.456 [31076] dbg: dns: only inspecting the following IPs: 
103.90.182.233
Jan  8 10:31:15.456 [31076] dbg: async: launching 
A/233.182.90.103.zen.spamhaus.org for dns:A:233.182.90.103.zen.spamhaus.org
Jan  8 10:31:15.456 [31076] dbg: dns: bgsend, DNS servers: [127.0.0.1]:53
Jan  8 10:31:15.456 [31076] dbg: dns: attempt 1/1, trying connect/sendto 
to [127.0.0.1]:53
Jan  8 10:31:15.456 [31076] dbg: dns: providing a callback for id: 
64905/IN/A/233.182.90.103.zen.spamhaus.org
Jan  8 10:31:15.456 [31076] dbg: async: starting: DNSBL-A, 
dns:A:233.182.90.103.zen.spamhaus.org (timeout 15.0s, min 3.0s)
Jan  8 10:31:15.457 [31076] dbg: dns: checking RBL 
bb.barracudacentral.org., set brbl-lastexternal
Jan  8 10:31:15.457 [31076] dbg: dns: IPs found: full-external: 
103.90.182.233 untrusted: 103.90.182.233 originating:
Jan  8 10:31:15.457 [31076] dbg: netset: trusted_networks cached lookup 
on 103.90.182.233, 2 networks, result: 0
Jan  8 10:31:15.457 [31076] dbg: dns: only inspecting the following IPs: 
103.90.182.233
Jan  8 10:31:15.457 [31076] dbg: async: launching 
A/233.182.90.103.bb.barracudacentral.org for 
dns:A:233.182.90.103.bb.barracudacentral.org
Jan  8 10:31:15.458 [31076] dbg: dns: checking RBL zen.spamhaus.org., 
set zen-lastexternal
Jan  8 10:31:15.458 [31076] dbg: dns: IPs found: full-external: 
103.90.182.233 untrusted: 103.90.182.233 originating:
Jan  8 10:31:15.458 [31076] dbg: netset: trusted_networks cached lookup 
on 103.90.182.233, 2 networks, result: 0
Jan  8 10:31:15.458 [31076] dbg: dns: only inspecting the following IPs: 
103.90.182.233
Jan  8 10:31:15.458 [31076] dbg: dns: checking RBL iadb.isipp.com., set 
iadb-firsttrusted
Jan  8 10:31:15.458 [31076] dbg: dns: IPs found: full-external: 
103.90.182.233 untrusted: 103.90.182.233 originating:
Jan  8 10:31:15.458 [31076] dbg: dns: only inspecting the following IPs: 
103.90.182.233
Jan  8 10:31:15.458 [31076] dbg: async: launching 
A/233.182.90.103.iadb.isipp.com for dns:A:233.182.90.103.iadb.isipp.com
Jan  8 10:31:15.458 [31076] dbg: dns: bgsend, DNS servers: [127.0.0.1]:53
Jan  8 10:31:15.458 [31076] dbg: dns: attempt 1/1, trying connect/sendto 
to [127.0.0.1]:53
Jan  8 10:31:15.458 [31076] dbg: dns: providing a callback for id: 
6693/IN/A/233.182.90.103.iadb.isipp.com
Jan  8 10:31:15.459 [31076] dbg: async: starting: DNSBL-A, 
dns:A:233.182.90.103.iadb.isipp.com (timeout 15.0s, min 3.0s)
Jan  8 10:31:15.459 [31076] dbg: dns: checking A and MX for host 
murderuk.com
Jan  8 10:31:15.459 [31076] dbg: async: launching A/murderuk.com for 
dns:A:murderuk.com
Jan  8 10:31:15.459 [31076] dbg: dns: bgsend, DNS servers: [127.0.0.1]:53
Jan  8 10:31:15.459 [31076] dbg: dns: attempt 1/1, trying connect/sendto 
to [127.0.0.1]:53
Jan  8 10:31:15.459 [31076] dbg: dns: providing a callback for id: 
46029/IN/A/murderuk.com
Jan  8 10:31:15.459 [31076] dbg: async: starting: NO_DNS_FOR_FROM, 
DNSBL-A, dns:A:murderuk.com (timeout 15.0s, min 3.0s)
Jan  8 10:31:15.459 [31076] dbg: async: launching MX/murderuk.com for 
dns:MX:murderuk.com
Jan  8 10:31:15.459 [31076] dbg: dns: bgsend, DNS servers: [127.0.0.1]:53
Jan  8 10:31:15.459 [31076] dbg: dns: attempt 1/1, trying connect/sendto 
to [127.0.0.1]:53
Jan  8 10:31:15.459 [31076] dbg: dns: providing a callback for id: 
759/IN/MX/murderuk.com
Jan  8 10:31:15.459 [31076] dbg: async: starting: NO_DNS_FOR_FROM, 
DNSBL-MX, dns:MX:murderuk.com (timeout 15.0s, min 3.0s)
Jan  8 10:31:15.459 [31076] dbg: dns: checking RBL dnsbl.sorbs.net., set 
sorbs-lastexternal
Jan  8 10:31:15.459 [31076] dbg: dns: IPs found: full-external: 
103.90.182.233 untrusted: 103.90.182.233 originating:
Jan  8 10:31:15.460 [31076] dbg: netset: trusted_networks cached lookup 
on 103.90.182.233, 2 networks, result: 0
Jan  8 10:31:15.460 [31076] dbg: dns: only inspecting the following IPs: 
103.90.182.233
Jan  8 10:31:15.460 [31076] dbg: async: launching 
A/233.182.90.103.dnsbl.sorbs.net for dns:A:233.182.90.103.dnsbl.sorbs.net
Jan  8 10:31:15.460 [31076] dbg: dns: bgsend, DNS servers: [127.0.0.1]:53
Jan  8 10:31:15.460 [31076] dbg: dns: attempt 1/1, trying connect/sendto 
to [127.0.0.1]:53
Jan  8 10:31:15.460 [31076] dbg: dns: providing a callback for id: 
11836/IN/A/233.182.90.103.dnsbl.sorbs.net
Jan  8 10:31:15.460 [31076] dbg: async: starting: DNSBL-A, 
dns:A:233.182.90.103.dnsbl.sorbs.net (timeout 15.0s, min 3.0s)
Jan  8 10:31:15.460 [31076] dbg: dns: checking RBL zen.spamhaus.org., 
set zen
Jan  8 10:31:15.460 [31076] dbg: dns: IPs found: full-external: 
103.90.182.233 untrusted: 103.90.182.233 originating:
Jan  8 10:31:15.460 [31076] dbg: netset: trusted_networks cached lookup 
on 103.90.182.233, 2 networks, result: 0
Jan  8 10:31:15.460 [31076] dbg: dns: only inspecting the following IPs: 
103.90.182.233
Jan  8 10:31:15.460 [31076] dbg: dns: checking RBL wl.mailspike.net., 
set mspikeg-firsttrusted
Jan  8 10:31:15.460 [31076] dbg: dns: IPs found: full-external: 
103.90.182.233 untrusted: 103.90.182.233 originating:
Jan  8 10:31:15.460 [31076] dbg: netset: trusted_networks cached lookup 
on 103.90.182.233, 2 networks, result: 0
Jan  8 10:31:15.460 [31076] dbg: dns: only inspecting the following IPs: 
103.90.182.233
Jan  8 10:31:15.460 [31076] dbg: async: launching 
A/233.182.90.103.wl.mailspike.net for dns:A:233.182.90.103.wl.mailspike.net
Jan  8 10:31:15.461 [31076] dbg: dns: bgsend, DNS servers: [127.0.0.1]:53
Jan  8 10:31:15.461 [31076] dbg: dns: attempt 1/1, trying connect/sendto 
to [127.0.0.1]:53
Jan  8 10:31:15.461 [31076] dbg: dns: providing a callback for id: 
18426/IN/A/233.182.90.103.wl.mailspike.net
Jan  8 10:31:15.461 [31076] dbg: async: starting: DNSBL-A, 
dns:A:233.182.90.103.wl.mailspike.net (timeout 15.0s, min 3.0s)
Jan  8 10:31:15.461 [31076] dbg: dns: checking RBL dnsbl.sorbs.net., set 
sorbs
Jan  8 10:31:15.461 [31076] dbg: dns: IPs found: full-external: 
103.90.182.233 untrusted: 103.90.182.233 originating:
Jan  8 10:31:15.461 [31076] dbg: netset: trusted_networks cached lookup 
on 103.90.182.233, 2 networks, result: 0
Jan  8 10:31:15.461 [31076] dbg: dns: only inspecting the following IPs: 
103.90.182.233
Jan  8 10:31:15.461 [31076] dbg: dns: checking RBL 
bl.score.senderscore.com., set rnbl-lastexternal
Jan  8 10:31:15.461 [31076] dbg: dns: IPs found: full-external: 
103.90.182.233 untrusted: 103.90.182.233 originating:
Jan  8 10:31:15.461 [31076] dbg: netset: trusted_networks cached lookup 
on 103.90.182.233, 2 networks, result: 0
Jan  8 10:31:15.461 [31076] dbg: dns: only inspecting the following IPs: 
103.90.182.233
Jan  8 10:31:15.461 [31076] dbg: async: launching 
A/233.182.90.103.bl.score.senderscore.com for 
dns:A:233.182.90.103.bl.score.senderscore.com


Am 07.01.2018 um 20:44 schrieb Tobi:
> Use spamassassin -D <message.eml and look for lines regarding dns/rbl
>
> ----- Originale Nachricht -----
> Von: Jan Klein <teremy@web.de>
> Gesendet: 07.01.18 - 16:26
> An: users@spamassassin.apache.org
> Betreff: dns-blocklist aren't used but should be
>
>> Hi.
>>
>> For work I am investigating an issue where none of the dns blacklists
>> are used.
>> We are using the current spamassassin version and also current version
>> of Net::DNS.
>>
>> It is installed on a current version debian system.
>> We run a local nameserver using bind.
>> We invoke spamassassin via "spamassassin -t < testmail" where testmail
>> is a spam mail.
>>
>> The weird thing is that a "dig" command works fine on the debian system,
>> so name resolving is actually working outside of spamassassin. And after
>> using the dig command to check the origin of the mail: dig
>> xxx.xxx.xxx.xxx.zen.spamhaus.org
>> Then after using that command, spamassassin will then consider spamhaus
>> when checking the testmail. Probably because the dns entry is cached for
>> a while or something. It will work for some minutes. Same thing with
>> other blacklists. After a dig command spamassassin will start using the
>> respective rule.
>>
>> What is going on? It seems to be DNS related. I've read that Net::DNS is
>> responsible for dns resolving for spamassassin. How can I check if it is
>> working correctly? In my /etc/resolv.conf there is only one entry:
>> 127.0.0.1 since we are running a local nameserver (again: dig or host
>> command work just fine for name resolving ).
>>


Mime
View raw message