Re: whitelist_from_rcvd / trusted_networks
On Mon, 10 Nov 2014 23:30:28 -0500 (EST) Derek Diget wrote: > > We have a department that has subscribed to a service in the cloud > product that is sending email to us via our MX record. The problem > is that they appear to be using shared servers/IPs and thus every > once in a while mail will source from an IP address that will cause > it to score above 5. ... > I would like to use whitelist_from_rcvd as the envelope from > (RFC5321.MailFrom) and sending system is not exactly static, but > close enough that the globing should work. The issue is that SA is > running on our MXes via a milter and since SA (and these boxes) only > see MX traffic, trusted_networks and/or internal_networks are empty. > This causes the whitelist_from_rcvd to never fire. > > Our MTA does construct a synthetic "Received" header > > My question is how can I make this "Received" header "trusted" What makes you think it isn't? Most blocklists run on the last-external IP address, the fact that it's being flagged as spam based on IP address suggests it is. Try adding the following to local.cf: add_header all Relays-External _RELAYSEXTERNAL_ The first section of this header should have the parsed information from the MX server. Check that the ip and rdns fields are correct.
Re: DNS checks not being performed-
On November 11, 2014 8:48:53 PM Axb wrote: yum update -y && reboot good luck & send us a postcard... emerge @world && echo "cpan not needed in gentoo" :)
Re: Scoring numbers explained
On 12/11/14 09:45, Reindl Harald wrote: > > Am 11.11.2014 um 23:41 schrieb Tom Robinson: >> Hopefully someone can answer this simply with a link to the right >> documentation. >> >> I want to adjust the score on a test but I have no idea what the four >> numbers actually are. e.g. >> >> score AC_SPAMMY_URI_PATTERNS10 3.995 1.010 3.995 1.010 >> >> I feel so dumb as I can't find the documentation anywhere > > http://spamassassin.apache.org/full/3.3.x/doc/Mail_SpamAssassin_Conf.html#scoring_options > > in short: > if you are running SA on a server and blacklists are active, DNS is working > you need just "score > RULE points" > Ahh, thank you for returning me to my sanity. Subsequently, I found that the following works on my CentOS system: man Mail::SpamAssassin::Conf I searched the SpamAssassin Wiki but didn't find references to the doco. signature.asc Description: OpenPGP digital signature
Re: Scoring numbers explained
On Wed, 12 Nov 2014, Tom Robinson wrote: I want to adjust the score on a test but I have no idea what the four numbers actually are. e.g. score AC_SPAMMY_URI_PATTERNS10 3.995 1.010 3.995 1.010 https://spamassassin.apache.org/full/3.4.x/doc/Mail_SpamAssassin_Conf.html User Preferences -> Scoring Options -> score SYMBOLIC_TEST_NAME n.nn [ n.nn n.nn n.nn ] -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- ...to announce there must be no criticism of the President or to stand by the President right or wrong is not only unpatriotic and servile, but is morally treasonous to the American public. -- Theodore Roosevelt, 1918 --- Today: Veterans Day
Re: Scoring numbers explained
On 11/11/2014 11:41 PM, Tom Robinson wrote: Hi, Hopefully someone can answer this simply with a link to the right documentation. I want to adjust the score on a test but I have no idea what the four numbers actually are. e.g. score AC_SPAMMY_URI_PATTERNS10 3.995 1.010 3.995 1.010 I feel so dumb as I can't find the documentation anywhere. Please help. http://spamassassin.apache.org/full/3.4.x/doc/Mail_SpamAssassin_Conf.txt SCORING OPTIONS .. score SYMBOLIC_TEST_NAME n.nn [ n.nn n.nn n.nn ] ... If four valid scores are listed, then the score that is used depends on how SpamAssassin is being used. The first score is used when both Bayes and network tests are disabled (score set 0). The second score is used when Bayes is disabled, but network tests are enabled (score set 1). The third score is used when Bayes is enabled and network tests are disabled (score set 2). The fourth score is used when Bayes is enabled and network tests are enabled (score set 3). etc,e tc
Re: Scoring numbers explained
Am 11.11.2014 um 23:41 schrieb Tom Robinson: Hopefully someone can answer this simply with a link to the right documentation. I want to adjust the score on a test but I have no idea what the four numbers actually are. e.g. score AC_SPAMMY_URI_PATTERNS10 3.995 1.010 3.995 1.010 I feel so dumb as I can't find the documentation anywhere http://spamassassin.apache.org/full/3.3.x/doc/Mail_SpamAssassin_Conf.html#scoring_options in short: if you are running SA on a server and blacklists are active, DNS is working you need just "score RULE points" signature.asc Description: OpenPGP digital signature
Scoring numbers explained
Hi, Hopefully someone can answer this simply with a link to the right documentation. I want to adjust the score on a test but I have no idea what the four numbers actually are. e.g. score AC_SPAMMY_URI_PATTERNS10 3.995 1.010 3.995 1.010 I feel so dumb as I can't find the documentation anywhere. Please help. Regards, Tom signature.asc Description: OpenPGP digital signature
Re: ***UNCHECKED(Encrypted)*** Re: DNS checks not being performed-
Am 11.11.2014 um 20:41 schrieb Niamh Holding: Tuesday, November 11, 2014, 7:29:57 PM, you wrote: A> Which means? Did you run an update or not? Fail to paste error! Nov 09 13:15:19 Updated: 4:perl-5.8.8-43.el5_11.x86_64 besides my previous mail about how to handle CenTOS: it is *very* likely that you updated other packages too realted to perl and they may have overwritten your CPAN installations of the same package happened to me too in 2009 and from that day i stopped to use CPAN and build anything from there in a RPM with a higher Epoch/Release number in case i need to override a distributions version signature.asc Description: OpenPGP digital signature
Re: DNS checks not being performed-
Am 11.11.2014 um 20:41 schrieb Niamh Holding: Tuesday, November 11, 2014, 7:20:36 PM, you wrote: A> Update your ancient Centos version to Centos 5.11 That's scary... given the server is in a data centre 250 miles away! you should subscribe to the CentOS list it's multiple times explained there that there is *no support* fort older releases and especially not for update specific packages without update the rest of the system "perl-5.8.8-43.el5_11.x86_64" is part of 5.11 this is completly untested and unsupported < CentOS 5.11 CentOS is a LTS distribution and you are expected to *always* do a *full* yum upgrade - you have chosen a LTS distribution to avoid ABI/API changes and so you should trust your distributor (in fact RHEL as upstream) to know *why* they rollout updates of specific packages and that they don't without a good reason (critical and/or security relevants bugfixes) again: with update specific packages from 5.11 to < 5.11 systems you are *completly* o at your own signature.asc Description: OpenPGP digital signature
Re: DNS checks not being performed-
On 11/11/2014 08:41 PM, Niamh Holding wrote: Hello Axb, Tuesday, November 11, 2014, 7:20:36 PM, you wrote: A> Update your ancient Centos version to Centos 5.11 That's scary... given the server is in a data centre 250 miles away! real men hug their teddy before doing yum update and patching ancient, insecure servers. yum update -y && reboot good luck & send us a postcard...
Re: DNS checks not being performed-
Hello Axb, Tuesday, November 11, 2014, 7:20:36 PM, you wrote: A> Update your ancient Centos version to Centos 5.11 That's scary... given the server is in a data centre 250 miles away! -- Best regards, Niamhmailto:ni...@fullbore.co.uk pgpzrFhHwg7hr.pgp Description: PGP signature
Re: ***UNCHECKED(Encrypted)*** Re: DNS checks not being performed-
Hello Axb, Tuesday, November 11, 2014, 7:29:57 PM, you wrote: A> Which means? Did you run an update or not? Fail to paste error! Nov 09 13:15:19 Updated: 4:perl-5.8.8-43.el5_11.x86_64 -- Best regards, Niamhmailto:ni...@fullbore.co.uk pgplxkltbXGIG.pgp Description: PGP signature
Re: ***UNCHECKED(Encrypted)*** Re: DNS checks not being performed-
On 11/11/2014 08:25 PM, Niamh Holding wrote: Hello Axb, Tuesday, November 11, 2014, 6:37:05 PM, you wrote: A> Did I miss this? Do we know what OS & version are you using? This yum update "might" be connected to the problem... Which means? Did you run an update or not? Pls be specific to help us help you.
Re: ***UNCHECKED(Encrypted)*** Re: DNS checks not being performed-
Hello Axb, Tuesday, November 11, 2014, 6:37:05 PM, you wrote: A> Did I miss this? Do we know what OS & version are you using? This yum update "might" be connected to the problem... -- Best regards, Niamhmailto:ni...@fullbore.co.uk pgpARfMki3D5J.pgp Description: PGP signature
Re: DNS checks not being performed-
On 11/11/2014 08:06 PM, Niamh Holding wrote: Hello Axb, Tuesday, November 11, 2014, 6:37:05 PM, you wrote: A> Did I miss this? Do we know what OS & version are you using? cat /etc/*release CentOS release 5.4 here's an idea: remove the /root/.cpan/ dir... Update your ancient Centos version to Centos 5.11 reboot and see if the the problem automagically goes away. If it doesn't we start again and this time we don't do cpan parties, ignore ppl using Fedora, etc, only help you find the right rpms so you get back to normal operation. deal?
Re: DNS checks not being performed-
Hello Reindl, Tuesday, November 11, 2014, 6:55:22 PM, you wrote: RH> nobody knows where you expect "Socket.pm" loaded from base so where tells me which is loaded? -- Best regards, Niamhmailto:ni...@fullbore.co.uk pgpXUw5neK_Ve.pgp Description: PGP signature
Re: DNS checks not being performed-
Hello Reindl, Tuesday, November 11, 2014, 6:46:37 PM, you wrote: RH> so mentioning "/root/.cpan/build/" make sno sense at all find / -name Socket.pm -- Best regards, Niamhmailto:ni...@fullbore.co.uk pgp51oScErvzv.pgp Description: PGP signature
Re: ***UNCHECKED(Encrypted)*** Re: DNS checks not being performed-
Hello Axb, Tuesday, November 11, 2014, 6:37:05 PM, you wrote: A> Did I miss this? Do we know what OS & version are you using? cat /etc/*release CentOS release 5.4 -- Best regards, Niamhmailto:ni...@fullbore.co.uk pgp9XHgbBFk2l.pgp Description: PGP signature
Re: DNS checks not being performed-
Reindl Harald wrote: BTW: what is the "Re: ***UNCHECKED(Encrypted)***" in your subjects?\ Sorry, my fault. Forgot to remove this from a Subject when replying. It was added here because the posting includes a PGP signature and the file(1) utility cannot distinguish a PGP/GPG encrypted message MIME part from a standalone signature, so 'just in case' the message is labeled as potentially unchecked. Just started to write an enhancement report to the file(1) development list ... Mark
Re: DNS checks not being performed-
Am 11.11.2014 um 19:49 schrieb Niamh Holding: Hello Reindl, Tuesday, November 11, 2014, 6:38:08 PM, you wrote: RH> *you* wrote And you made an accusation... you mis-use the word "accusation" i just read the infos you offer and bring them in a context - in fact until now nobody knows where you expect "Socket.pm" loaded from base don your quote below _ NH> Socket version 1.97 required--this is only version 1.78 at NH> /usr/lib/perl5/site_perl/5.8.8/IO/Socket/IP.pm line 30. OK, looks like it's using /usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/Socket.pm But /root/.cpan/build/Socket-2.016-h4Od19/Socket.pm is our $VERSION = '2.016'; signature.asc Description: OpenPGP digital signature
Re: DNS checks not being performed-
Hello Reindl, Tuesday, November 11, 2014, 6:38:08 PM, you wrote: RH> *you* wrote And you made an accusation... -- Best regards, Niamhmailto:ni...@fullbore.co.uk pgpGURXZr8Iud.pgp Description: PGP signature
Re: DNS checks not being performed-
Am 11.11.2014 um 19:43 schrieb Quanah Gibson-Mount: --On November 11, 2014 at 7:38:08 PM +0100 Reindl Harald wrote: What do you think I specifically installed in arandom location and in root's homedir? *you* wrote OK, looks like it's using /usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/Socket.pm /root/.cpan/build/Socket-2.016-h4Od19/Socket.pm That's where it was built, not where it was installed. When you build via CPAN, it creates a .cpan in the ~user directory. So all this means is, they built Socket.pm using the cpan utility as the "root" user. It says nothing about where the resulting build was installed so mentioning "/root/.cpan/build/" make sno sense at all the real question is *where* it is installed, which permissions have file sand folders, is the path respected by system perl and so on as statet: that is why you should not mix packages and CPAN building packages is not rocket scienece and offers a sane system state as well as *clean* updates and *downgrades if needed* https://fedoraproject.org/wiki/How_to_create_an_RPM_package signature.asc Description: OpenPGP digital signature
Re: DNS checks not being performed-
--On November 11, 2014 at 7:38:08 PM +0100 Reindl Harald wrote: What do you think I specifically installed in arandom location and in root's homedir? *you* wrote OK, looks like it's using /usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/Socket.pm /root/.cpan/build/Socket-2.016-h4Od19/Socket.pm That's where it was built, not where it was installed. When you build via CPAN, it creates a .cpan in the ~user directory. So all this means is, they built Socket.pm using the cpan utility as the "root" user. It says nothing about where the resulting build was installed. --Quanah -- Quanah Gibson-Mount Platform Architect Zimbra, Inc Zimbra :: the leader in open source messaging and collaboration
Re: DNS checks not being performed-
Am 11.11.2014 um 19:33 schrieb Niamh Holding: Hello Reindl, Tuesday, November 11, 2014, 6:27:05 PM, you wrote: RH> not install software on random locations RH> * especially not in the root's homedir What do you think I specifically installed in arandom location and in root's homedir? *you* wrote OK, looks like it's using /usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/Socket.pm /root/.cpan/build/Socket-2.016-h4Od19/Socket.pm is our $VERSION = '2.016'; signature.asc Description: OpenPGP digital signature
Re: ***UNCHECKED(Encrypted)*** Re: DNS checks not being performed-
On 11/11/2014 07:12 PM, Niamh Holding wrote: Hello Niamh, Tuesday, November 11, 2014, 4:24:23 PM, you wrote: NH> Socket version 1.97 required--this is only version 1.78 at NH> /usr/lib/perl5/site_perl/5.8.8/IO/Socket/IP.pm line 30. OK, looks like it's using /usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/Socket.pm But /root/.cpan/build/Socket-2.016-h4Od19/Socket.pm is our $VERSION = '2.016'; Did I miss this? Do we know what OS & version are you using?
Re: DNS checks not being performed-
Hello Reindl, Tuesday, November 11, 2014, 6:27:05 PM, you wrote: RH> not install software on random locations RH> * especially not in the root's homedir What do you think I specifically installed in arandom location and in root's homedir? RH> BTW: what is the "Re: ***UNCHECKED(Encrypted)***" in your subjects? Ask the list manager why it's being added! -- Best regards, Niamhmailto:ni...@fullbore.co.uk pgp2QQblnUwR7.pgp Description: PGP signature
Re: DNS checks not being performed-
Am 11.11.2014 um 19:12 schrieb Niamh Holding: Hello Niamh, Tuesday, November 11, 2014, 4:24:23 PM, you wrote: NH> Socket version 1.97 required--this is only version 1.78 at NH> /usr/lib/perl5/site_perl/5.8.8/IO/Socket/IP.pm line 30. OK, looks like it's using /usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/Socket.pm But /root/.cpan/build/Socket-2.016-h4Od19/Socket.pm is our $VERSION = '2.016'; that's why * you should not mix packages and CPAN * not install software on random locations * especially not in the root's homedir * not build as root how do you imagine /root/ accessed and if it could be consider running SA as root is a good idea? Sa runs fine as own user in a own group BTW: what is the "Re: ***UNCHECKED(Encrypted)***" in your subjects? signature.asc Description: OpenPGP digital signature
Re: ***UNCHECKED(Encrypted)*** Re: DNS checks not being performed-
Hello Niamh, Tuesday, November 11, 2014, 4:24:23 PM, you wrote: NH> Socket version 1.97 required--this is only version 1.78 at NH> /usr/lib/perl5/site_perl/5.8.8/IO/Socket/IP.pm line 30. OK, looks like it's using /usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/Socket.pm But /root/.cpan/build/Socket-2.016-h4Od19/Socket.pm is our $VERSION = '2.016'; -- Best regards, Niamhmailto:ni...@fullbore.co.uk pgp4mBSEup7rj.pgp Description: PGP signature
Re: ***UNCHECKED(Encrypted)*** Re: DNS checks not being performed-
Niamh Holding wrote: MUf> ... as it was already said: do NOT mix manually installed CPAN modules with MUf> packages of any kind. use either one or the other. so don't use yum and cpan? Well, you probably can - if you are careful. But using an 8 years old version of perl you'd be safer with pre-packaged modules. Mark
Re: DNS checks not being performed-
Hello Matus, Tuesday, November 11, 2014, 4:47:10 PM, you wrote: MUf> ... as it was already said: do NOT mix manually installed CPAN modules with MUf> packages of any kind. use either one or the other. so don't use yum and cpan? -- Best regards, Niamhmailto:ni...@fullbore.co.uk pgpEX5AEKc8ag.pgp Description: PGP signature
Re: DNS checks not being performed-
Tuesday, November 11, 2014, 4:02:33 PM, you wrote: MUf> what exactly do you install from source: perl or SA? On 11.11.14 16:10, Niamh Holding wrote: SA on 30 Oct 2014 MUf> ...What did you do yesterday? 23 4 * * * sa-update -D --gpgkey 6C6191E3 --channel sought.rules.yerp.org --channel updates.spamassassin.org && /sbin/service spamassassin restart with 3.3.2 I see last update ran on Oct 30 and current ad Nov 11. which means, anything you could do between SA install and this morning could cause your problem. ... as it was already said: do NOT mix manually installed CPAN modules with packages of any kind. use either one or the other. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "They say when you play that M$ CD backward you can hear satanic messages." "That's nothing. If you play it forward it will install Windows."
Re: DNS checks not being performed-
Am 11.11.2014 um 17:24 schrieb Niamh Holding: Tuesday, November 11, 2014, 4:19:28 PM, you wrote: MM> perl -le 'use IO::Socket::IP; print IO::Socket::IP->VERSION' Socket version 1.97 required--this is only version 1.78 at /usr/lib/perl5/site_perl/5.8.8/IO/Socket/IP.pm line 30. BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.8/IO/Socket/IP.pm line 30. Compilation failed in require at -e line 1. BEGIN failed--compilation aborted at -e line 1 that sounds like a mix of packages, CPAN and manuall installed been there, done that, never ever again anything that doe snot exist as RPM is built as RPM here including perl packages anything which can't be packaed in a RPM can't be used here that's how you survive 11 dist-upgrades in 6 years in production without mess things signature.asc Description: OpenPGP digital signature
Re: ***UNCHECKED(Encrypted)*** Re: DNS checks not being performed-
Hello Mark, Tuesday, November 11, 2014, 4:19:28 PM, you wrote: MM> perl -le 'use IO::Socket::IP; print IO::Socket::IP->VERSION' Socket version 1.97 required--this is only version 1.78 at /usr/lib/perl5/site_perl/5.8.8/IO/Socket/IP.pm line 30. BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.8/IO/Socket/IP.pm line 30. Compilation failed in require at -e line 1. BEGIN failed--compilation aborted at -e line 1. -- Best regards, Niamhmailto:ni...@fullbore.co.uk pgpeWsN4zODQJ.pgp Description: PGP signature
Re: ***UNCHECKED(Encrypted)*** Re: DNS checks not being performed-
Is your IO::Socket::IP at version 0.21 or older? $ perl -le 'use IO::Socket::IP; print IO::Socket::IP->VERSION' 0.21 CHANGES: * Ensure that IO::Socket->new( Domain => ... ) definitely returns a socket in the right family Mark
Re: DNS checks not being performed-
Hello Matus, Tuesday, November 11, 2014, 4:02:33 PM, you wrote: MUf> what exactly do you install from source: perl or SA? SA on 30 Oct 2014 MUf> ...What did you do yesterday? 23 4 * * * sa-update -D --gpgkey 6C6191E3 --channel sought.rules.yerp.org --channel updates.spamassassin.org && /sbin/service spamassassin restart -- Best regards, Niamhmailto:ni...@fullbore.co.uk pgpUlQVK6L38c.pgp Description: PGP signature
Re: DNS checks not being performed-
Tuesday, November 11, 2014, 2:51:14 PM, you wrote: KAM> These two sound like you are missing Perl modules for SA. Not sure if KAM> they are relevant but they definitely irk me. Are you installing from KAM> source or from a package? On 11.11.14 14:59, Niamh Holding wrote: From source, but 3.4.0 was working fine until yesterday. what exactly do you install from source: perl or SA? Do you install perl modules as packages or via CPAN? combining packages and CPAN is usually not a good idea... ...What did you do yesterday? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Saving Private Ryan... Private Ryan exists. Overwrite? (Y/N)
Re: DNS checks not being performed-
Hello Kevin, Tuesday, November 11, 2014, 3:46:51 PM, you wrote: KAM> Did that fix the BigNum and RSA error you logged? No -- Best regards, Niamhmailto:ni...@fullbore.co.uk pgpesAE2KAyQJ.pgp Description: PGP signature
Re: DNS checks not being performed-
Hello Niamh, Tuesday, November 11, 2014, 3:08:49 PM, you wrote: NH> OK startup now logs - And a message check logs- Nov 11 15:41:42 nitrogen spamd[29852]: spamd: connection from 127.0.0.1 [127.0.0.1]:59387 to port 783, fd 5 Nov 11 15:41:42 nitrogen spamd[29852]: spamd: setuid to spamtest succeeded Nov 11 15:41:42 nitrogen spamd[29852]: spamd: processing message <365035240.2014154...@fullbore.co.uk> for spamtest:1028 Nov 11 15:41:42 nitrogen spamd[29852]: dns: checking RBL bl.spamcop.net., set spamcop Nov 11 15:41:42 nitrogen spamd[29852]: dns: IPs found: full-external: 140.211.11.3, 140.211.11.136, 217.146.107.40, 46.33.145.131, 140.211.11.3 untrusted: 140.211.11.3, 140.211.11.136, 217.146.107.40, 46.33.145.131 originating: 140.211.11.3 Nov 11 15:41:42 nitrogen spamd[29852]: dns: only inspecting the following IPs: 140.211.11.136, 140.211.11.3 Nov 11 15:41:42 nitrogen spamd[29852]: dns: bgsend, DNS servers: [127.0.0.1]:53 Nov 11 15:41:42 nitrogen spamd[29852]: dns: attempt 1/1, trying connect/sendto to [127.0.0.1]:53 Nov 11 15:41:42 nitrogen spamd[29852]: dns: connect_sock, resolver: yes Nov 11 15:41:42 nitrogen spamd[29852]: dns: LocalAddr: 0.0.0.0, name server(s): [127.0.0.1]:53 Nov 11 15:41:42 nitrogen spamd[29852]: dns: 53959 configured local ports for DNS queries Nov 11 15:41:42 nitrogen spamd[29852]: dns: checking RBL rbl.holtain.net., set holtrbl-lastexternal Nov 11 15:41:42 nitrogen spamd[29852]: dns: IPs found: full-external: 140.211.11.3, 140.211.11.136, 217.146.107.40, 46.33.145.131, 140.211.11.3 untrusted: 140.211.11.3, 140.211.11.136, 217.146.107.40, 46.33.145.131 originating: 140.211.11.3 Nov 11 15:41:42 nitrogen spamd[29852]: dns: only inspecting the following IPs: 140.211.11.3 Nov 11 15:41:42 nitrogen spamd[29852]: dns: bgsend, DNS servers: [127.0.0.1]:53 Nov 11 15:41:42 nitrogen spamd[29852]: dns: attempt 1/1, trying connect/sendto to [127.0.0.1]:53 Nov 11 15:41:42 nitrogen spamd[29852]: dns: connect_sock, resolver: yes Nov 11 15:41:42 nitrogen spamd[29852]: dns: LocalAddr: 0.0.0.0, name server(s): [127.0.0.1]:53 Nov 11 15:41:42 nitrogen spamd[29852]: dns: 53959 configured local ports for DNS queries Nov 11 15:41:42 nitrogen spamd[29852]: dns: checking A and MX for host spamassassin.apache.org Nov 11 15:41:42 nitrogen spamd[29852]: dns: bgsend, DNS servers: [127.0.0.1]:53 Nov 11 15:41:42 nitrogen spamd[29852]: dns: attempt 1/1, trying connect/sendto to [127.0.0.1]:53 Nov 11 15:41:42 nitrogen spamd[29852]: dns: connect_sock, resolver: yes Nov 11 15:41:42 nitrogen spamd[29852]: dns: LocalAddr: 0.0.0.0, name server(s): [127.0.0.1]:53 Nov 11 15:41:42 nitrogen spamd[29852]: dns: 53959 configured local ports for DNS queries Nov 11 15:41:42 nitrogen spamd[29852]: rules: failed to run NO_DNS_FOR_FROM RBL test, skipping: Nov 11 15:41:42 nitrogen spamd[29852]: (IO: [...]:Socket: Cannot configure a generic socket at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/DnsResolver.pm line 414) Nov 11 15:41:42 nitrogen spamd[29852]: dns: checking RBL zen.spamhaus.org., set zen-lastexternal Nov 11 15:41:42 nitrogen spamd[29852]: dns: IPs found: full-external: 140.211.11.3, 140.211.11.136, 217.146.107.40, 46.33.145.131, 140.211.11.3 untrusted: 140.211.11.3, 140.211.11.136, 217.146.107.40, 46.33.145.131 originating: 140.211.11.3 Nov 11 15:41:42 nitrogen spamd[29852]: dns: only inspecting the following IPs: 140.211.11.3 Nov 11 15:41:42 nitrogen spamd[29852]: dns: bgsend, DNS servers: [127.0.0.1]:53 Nov 11 15:41:42 nitrogen spamd[29852]: dns: attempt 1/1, trying connect/sendto to [127.0.0.1]:53 Nov 11 15:41:42 nitrogen spamd[29852]: dns: connect_sock, resolver: yes Nov 11 15:41:42 nitrogen spamd[29852]: dns: LocalAddr: 0.0.0.0, name server(s): [127.0.0.1]:53 Nov 11 15:41:42 nitrogen spamd[29852]: dns: 53959 configured local ports for DNS queries Nov 11 15:41:42 nitrogen spamd[29852]: dns: checking RBL dnsbl.sorbs.net., set sorbs-lastexternal Nov 11 15:41:42 nitrogen spamd[29852]: dns: IPs found: full-external: 140.211.11.3, 140.211.11.136, 217.146.107.40, 46.33.145.131, 140.211.11.3 untrusted: 140.211.11.3, 140.211.11.136, 217.146.107.40, 46.33.145.131 originating: 140.211.11.3 Nov 11 15:41:42 nitrogen spamd[29852]: dns: only inspecting the following IPs: 140.211.11.3 Nov 11 15:41:42 nitrogen spamd[29852]: dns: bgsend, DNS servers: [127.0.0.1]:53 Nov 11 15:41:42 nitrogen spamd[29852]: dns: attempt 1/1, trying connect/sendto to [127.0.0.1]:53 Nov 11 15:41:42 nitrogen spamd[29852]: dns: connect_sock, resolver: yes Nov 11 15:41:42 nitrogen spamd[29852]: dns: LocalAddr: 0.0.0.0, name server(s): [127.0.0.1]:53 Nov 11 15:41:42 nitrogen spamd[29852]: dns: 53959 configured local ports for DNS queries Nov 11 15:41:42 nitrogen spamd[29852]: dns: checking RBL dnsbl.sorbs.net., set sorbs Nov 11 15:41:42 nitrogen spamd[29852]: dns: IPs found: full-external: 140.211.11.3, 140.211.11.136, 217.146.107.40, 46.33.145.131, 140.211.11.3 untrusted: 140.211.11.3, 140.211.11.136, 2
Re: DNS checks not being performed-
On 11/11/2014 10:40 AM, Niamh Holding wrote: Hello Kevin, Tuesday, November 11, 2014, 3:03:12 PM, you wrote: KAM> I would start with KAM> cpan Crypt::OpenSSL::RSA and see if you don't find a bunch of module dependencies. Crypt::OpenSSL::RSA is up to date. Did that fix the BigNum and RSA error you logged?
Re: DNS checks not being performed-
Hello Kevin, Tuesday, November 11, 2014, 3:03:12 PM, you wrote: KAM> I would start with KAM> cpan Crypt::OpenSSL::RSA and see if you don't find a bunch of module dependencies. Crypt::OpenSSL::RSA is up to date. -- Best regards, Niamhmailto:ni...@fullbore.co.uk pgpuShoSnjd4_.pgp Description: PGP signature
Re: DNS checks not being performed-
On 11/11/2014 9:59 AM, Niamh Holding wrote: Hello Kevin, Tuesday, November 11, 2014, 2:51:14 PM, you wrote: KAM> These two sound like you are missing Perl modules for SA. Not sure if KAM> they are relevant but they definitely irk me. Are you installing from KAM> source or from a package? From source, but 3.4.0 was working fine until yesterday. Did you upgrade your system version of perl? I would like run cpan to install some of the modules to see if the dependencies can be fixed? I would start with cpan Crypt::OpenSSL::RSA and see if you don't find a bunch of module dependencies. regards, KAM
Re: DNS checks not being performed-
Hello Martin, Tuesday, November 11, 2014, 3:03:10 PM, you wrote: MG> Start by seeing if your setup has a copy of /etc/sysconfig/spamassassin. OK startup now logs - Nov 11 15:06:25 nitrogen spamd[29594]: spamd: server killed by SIGTERM, shutting down Nov 11 15:06:28 nitrogen spamd[29849]: logger: removing stderr method Nov 11 15:06:28 nitrogen spamd[29851]: Can't locate Crypt/OpenSSL/Bignum.pm in @INC (@INC contains: /usr/lib/perl5/site_perl/5.8.8 /usr/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/site_perl /usr/lib64/perl5/vendor_perl/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl /usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/5.8.8) at /usr/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread-multi/Crypt/OpenSSL/RSA.pm line 17. Nov 11 15:06:29 nitrogen spamd[29851]: dns: socket module IO::Socket::IP is available, but no host support for IPv6 Nov 11 15:06:29 nitrogen spamd[29851]: dns: EDNS, UDP payload size 4096 Nov 11 15:06:29 nitrogen spamd[29851]: dns: servers obtained from Net::DNS : [127.0.0.1]:53 Nov 11 15:06:29 nitrogen spamd[29851]: dns: nameservers set to 127.0.0.1 Nov 11 15:06:29 nitrogen spamd[29851]: dns: using socket module: IO::Socket::IP, forced IPv4 Nov 11 15:06:29 nitrogen spamd[29851]: dns: is Net::DNS::Resolver available? yes Nov 11 15:06:29 nitrogen spamd[29851]: dns: Net::DNS version: 0.72 Nov 11 15:06:29 nitrogen spamd[29851]: dns: clear_resolver Nov 11 15:06:29 nitrogen spamd[29851]: dns: socket module IO::Socket::IP is available, but no host support for IPv6 Nov 11 15:06:29 nitrogen spamd[29851]: dns: EDNS, UDP payload size 4096 Nov 11 15:06:29 nitrogen spamd[29851]: dns: nameservers set to 127.0.0.1 Nov 11 15:06:29 nitrogen spamd[29851]: dns: using socket module: IO::Socket::IP, forced IPv4 Nov 11 15:06:29 nitrogen spamd[29851]: dns: is Net::DNS::Resolver available? yes Nov 11 15:06:29 nitrogen spamd[29851]: dns: Net::DNS version: 0.72 Nov 11 15:06:29 nitrogen spamd[29851]: dns: dns_available set to yes in config file, skipping test Nov 11 15:06:29 nitrogen spamd[29851]: dns: checking RBL bl.spamcop.net., set spamcop Nov 11 15:06:29 nitrogen spamd[29851]: dns: checking RBL rbl.holtain.net., set holtrbl-lastexternal Nov 11 15:06:29 nitrogen spamd[29851]: dns: checking RBL zen.spamhaus.org., set zen-lastexternal Nov 11 15:06:29 nitrogen spamd[29851]: dns: checking RBL dnsbl.sorbs.net., set sorbs-lastexternal Nov 11 15:06:29 nitrogen spamd[29851]: dns: checking RBL dnsbl.sorbs.net., set sorbs Nov 11 15:06:29 nitrogen spamd[29851]: dns: checking RBL bl.mailspike.net., set mspikeb-lastexternal Nov 11 15:06:29 nitrogen spamd[29851]: dns: checking RBL bl.score.senderscore.com., set rnbl-lastexternal Nov 11 15:06:29 nitrogen spamd[29851]: dns: checking RBL zen.spamhaus.org., set zen-lastexternal Nov 11 15:06:29 nitrogen spamd[29851]: dns: checking RBL psbl.surriel.com., set psbl-lastexternal Nov 11 15:06:29 nitrogen spamd[29851]: dns: checking RBL list.dnswl.org., set dnswl-firsttrusted Nov 11 15:06:29 nitrogen spamd[29851]: dns: checking RBL bb.barracudacentral.org., set brbl-lastexternal Nov 11 15:06:29 nitrogen spamd[29851]: dns: checking RBL wl.mailspike.net., set mspikeg-firsttrusted Nov 11 15:06:29 nitrogen spamd[29851]: dns: checking RBL rbl.holtain.net., set holtrbl-lastexternal Nov 11 15:06:29 nitrogen spamd[29851]: dns: checking RBL sa-trusted.bondedsender.org., set ssc-firsttrusted Nov 11 15:06:29 nitrogen spamd[29851]: dns: checking RBL zen.spamhaus.org., set zen Nov 11 15:06:29 nitrogen spamd[29851]: dns: checking RBL sa-accredit.habeas.com., set ssc-firsttrusted Nov 11 15:06:29 nitrogen spamd[29851]: dns: checking RBL iadb.isipp.com., set iadb-firsttrusted Nov 11 15:06:29 nitrogen spamd[29851]: dns: harvest_dnsbl_queries Nov 11 15:06:30 nitrogen spamd[29851]: spamd: server started on IO::Socket::INET6 [127.0.0.1]:783, IO::Socket::INET6 [::1]:783 (running version 3.4.0) Nov 11 15:06:30 nitrogen spamd[29851]: spamd: server pid: 29851 Nov 11 15:06:30 nitrogen spamd[29851]: spamd: server successfully spawned child process, pid 29852 Nov 11 15:06:30 nitrogen spamd[29851]: spamd: server successfully spawned child process, pid 29854 Nov 11 15:06:30 nitrogen spamd[29851]: prefork: child states: II -- Best regards, Niamhmailto:ni...@fullbore.co.uk pgpISRUKwvjMi.pgp Description: PGP signature
Re: DNS checks not being performed-
Hello Martin, Tuesday, November 11, 2014, 3:03:10 PM, you wrote: MG> In Fedora 18 SA is managed this way, so editing MG> /etc/sysconfig/spamassasin is the best way to do it for Linuxes that MG> use sysVinit daemon management. Cheers, probably the same for CentOS -- Best regards, Niamhmailto:ni...@fullbore.co.uk pgpSFGVMBlnSU.pgp Description: PGP signature
Re: DNS checks not being performed-
On Tue, 2014-11-11 at 15:11 +0100, Axb wrote: > You need to add "-D dns" (without the quotes) option to the spamassassin > init script > > (depending on your distro it may be /etc/init.d/spamassassin) > On current Fedora Linux systems /etc/sysconfig/spamassassin contains a single line: SPAMDOPTIONS="-c -m5 -H" Who reads it depends on how your system starts daemons: - some daemons are still managed by a script in /etc/init.d In these cases the script sets its shell variables by using the '.' or 'source' command to override the default options, which are hard coded in the daemon management script, by reading the appropriate file from /etc/sysconfig. If you simply edit SPAMDOPTIONS in /etc/init.d/spamassassin and there a copy of /etc/sysconfig/spamassassin exists, your change will not be acted on because you edited the defaults and these got overwritten when the script read in /etc/sysconfig/spamassassin before it started SA. In Fedora 18 SA is managed this way, so editing /etc/sysconfig/spamassasin is the best way to do it for Linuxes that use sysVinit daemon management. - daemons that are directly managed as a systemd service are a little different. In Fedora 20 SA is now managed as a systemd service. The service definition for SA is /usr/lib/systemd/spamassassin.service, which declares the SA EnvironmentFile to be /etc/sysconfig/spamassassin, so the way to change the SA options is still by editing /etc/sysconfig/spamassassin I'd imagine most Linuxes use a similar set-up, regardless of whether they manage their daemons via systemd or the sysVinit system that Linux originally inherited from Unix. Start by seeing if your setup has a copy of /etc/sysconfig/spamassassin. If so, edit that. Otherwise 'locate' is your friend. Its a lot faster that running 'find . -name spamassassin' from the root directory! HTH Martin
Re: DNS checks not being performed-
Hello Kevin, Tuesday, November 11, 2014, 2:51:14 PM, you wrote: KAM> These two sound like you are missing Perl modules for SA. Not sure if KAM> they are relevant but they definitely irk me. Are you installing from KAM> source or from a package? From source, but 3.4.0 was working fine until yesterday. -- Best regards, Niamhmailto:ni...@fullbore.co.uk pgpS8N5l24isx.pgp Description: PGP signature
Re: DNS checks not being performed-
On 11/11/2014 9:48 AM, Niamh Holding wrote: Hello Axb, Tuesday, November 11, 2014, 2:29:19 PM, you wrote: A> SPAMDOPTIONS="-d -c -m5 -H -D dns" A> should do the trick... And a message logs- Nov 11 14:42:41 nitrogen spamd[29405]: logger: removing stderr method Nov 11 14:42:41 nitrogen spamd[29407]: Can't locate Crypt/OpenSSL/Bignum.pm in @INC (@INC contains: /usr/lib/perl5/site_perl/5.8.8 /usr/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/site_perl /usr/lib64/perl5/vendor_perl/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl /usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/5.8.8) at /usr/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread-multi/Crypt/OpenSSL/RSA.pm line 17. These two sound like you are missing Perl modules for SA. Not sure if they are relevant but they definitely irk me. Are you installing from source or from a package? Regards, KAM
Re: DNS checks not being performed-
Bignum.pm Am 11.11.2014 um 15:48 schrieb Niamh Holding: Hello Axb, Tuesday, November 11, 2014, 2:29:19 PM, you wrote: A> SPAMDOPTIONS="-d -c -m5 -H -D dns" A> should do the trick... And a message logs- Nov 11 14:42:41 nitrogen spamd[29405]: logger: removing stderr method Nov 11 14:42:41 nitrogen spamd[29407]: Can't locate Crypt/OpenSSL/Bignum.pm in @INC (@INC contains: /usr/lib/perl5/site_perl/5.8.8 /usr/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/site_perl /usr/lib64/perl5/vendor_perl/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl /usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/5.8.8) at /usr/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread-multi/Crypt/OpenSSL/RSA.pm line 17. [root@localhost:~]$ rpm -q --file /usr/lib64/perl5/vendor_perl/Crypt/OpenSSL/Bignum.pm perl-Crypt-OpenSSL-Bignum-0.04-19.fc20.x86_64 Nov 11 14:42:42 nitrogen spamd[29407]: spamd: server started on IO::Socket::INET6 [127.0.0.1]:783, IO::Socket::INET6 [::1]:783 (running version 3.4.0) [root@localhost:~]$ rpm -qa | grep perl | grep -i socket perl-IO-Socket-SSL-1.955-2.fc20.noarch perl-IO-Socket-INET6-2.71-3.fc20.noarch perl-Socket6-0.25-1.fc20.x86_64 perl-Socket-2.016-1.fc20.x86_64 perl-IO-Socket-IP-0.30-2.fc20.noarch [root@mail-gw:~]$ yum info perl-IO-Socket-IP Geladene Plugins: protectbase, tsflags 0 packages excluded due to repository protections Installierte Pakete Name : perl-IO-Socket-IP Architektur : noarch Version: 0.30 Ausgabe: 2.fc20 Größe : 88 k Quelle : installed Zusammenfassung: Drop-in replacement for IO::Socket::INET supporting both IPv4 and IPv6 URL: http://search.cpan.org/dist/IO-Socket-IP/ Lizenz : GPL+ or Artistic Beschreibung: This module provides a protocol-independent way to use IPv4 and IPv6 : sockets, as a drop-in replacement for IO::Socket::INET. Most constructor : arguments and methods are provided in a backward-compatible way. signature.asc Description: OpenPGP digital signature
Re: DNS checks not being performed-
Hello Axb, Tuesday, November 11, 2014, 2:29:19 PM, you wrote: A> SPAMDOPTIONS="-d -c -m5 -H -D dns" A> should do the trick... And a message logs- Nov 11 14:42:41 nitrogen spamd[29405]: logger: removing stderr method Nov 11 14:42:41 nitrogen spamd[29407]: Can't locate Crypt/OpenSSL/Bignum.pm in @INC (@INC contains: /usr/lib/perl5/site_perl/5.8.8 /usr/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/site_perl /usr/lib64/perl5/vendor_perl/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl /usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/5.8.8) at /usr/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread-multi/Crypt/OpenSSL/RSA.pm line 17. Nov 11 14:42:42 nitrogen spamd[29407]: spamd: server started on IO::Socket::INET6 [127.0.0.1]:783, IO::Socket::INET6 [::1]:783 (running version 3.4.0) Nov 11 14:42:42 nitrogen spamd[29407]: spamd: server pid: 29407 Nov 11 14:42:42 nitrogen spamd[29407]: spamd: server successfully spawned child process, pid 29408 Nov 11 14:42:42 nitrogen spamd[29407]: spamd: server successfully spawned child process, pid 29410 Nov 11 14:42:42 nitrogen spamd[29407]: prefork: child states: II Nov 11 14:47:17 nitrogen spamd[29408]: spamd: connection from 127.0.0.1 [127.0.0.1]:57431 to port 783, fd 5 Nov 11 14:47:17 nitrogen spamd[29408]: spamd: setuid to spamtest succeeded Nov 11 14:47:17 nitrogen spamd[29408]: spamd: processing message <1579442359.2014144...@fullbore.co.uk> for spamtest:1028 Nov 11 14:47:17 nitrogen spamd[29408]: plugin: eval failed: IO::Socket: Cannot configure a generic socket at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/DnsResolver.pm line 414 Nov 11 14:47:17 nitrogen spamd[29408]: rules: failed to run NO_DNS_FOR_FROM RBL test, skipping: Nov 11 14:47:17 nitrogen spamd[29408]: (IO: [...]:Socket: Cannot configure a generic socket at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/DnsResolver.pm line 414) Nov 11 14:47:17 nitrogen spamd[29408]: rules: failed to run DKIM_ADSP_DISCARD test, skipping: Nov 11 14:47:17 nitrogen spamd[29408]: (IO: [...]:Socket: Cannot configure a generic socket at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/DnsResolver.pm line 414 Nov 11 14:47:17 nitrogen spamd[29408]: ) Nov 11 14:47:17 nitrogen spamd[29408]: spf: lookup failed: IO::Socket: Cannot configure a generic socket at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/DnsResolver.pm line 414. Nov 11 14:47:17 nitrogen spamd[29408]: spf: lookup failed: IO::Socket: Cannot configure a generic socket at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/DnsResolver.pm line 414. Nov 11 14:47:18 nitrogen spamd[29408]: spamd: clean message (-3.2/4.5) for spamtest:1028 in 1.2 seconds, 5609 bytes. Nov 11 14:47:18 nitrogen spamd[29408]: spamd: result: . -3 - AWL,BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,RP_MATCHES_RCVD scantime=1.2,size=5609,user=spamtest,uid=1028,required_score=4.5,rhost=127.0.0.1,raddr=127.0.0.1,rport=57431,mid=<1579442359.2014144...@fullbore.co.uk>,bayes=0.00,autolearn=ham autolearn_force=no Nov 11 14:47:18 nitrogen spamd[29407]: prefork: child states: II -- Best regards, Niamhmailto:ni...@fullbore.co.uk
Re: DNS checks not being performed-
Hello Axb, Tuesday, November 11, 2014, 2:29:19 PM, you wrote: A> should do the trick... service spamassassin start logs- Nov 11 14:42:41 nitrogen spamd[29405]: logger: removing stderr method Nov 11 14:42:41 nitrogen spamd[29407]: Can't locate Crypt/OpenSSL/Bignum.pm in @INC (@INC contains: /usr/lib/perl5/site_perl/5.8.8 /usr/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/site_perl /usr/lib64/perl5/vendor_perl/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl /usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/5.8.8) at /usr/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread-multi/Crypt/OpenSSL/RSA.pm line 17. Nov 11 14:42:42 nitrogen spamd[29407]: spamd: server started on IO::Socket::INET6 [127.0.0.1]:783, IO::Socket::INET6 [::1]:783 (running version 3.4.0) Nov 11 14:42:42 nitrogen spamd[29407]: spamd: server pid: 29407 Nov 11 14:42:42 nitrogen spamd[29407]: spamd: server successfully spawned child process, pid 29408 Nov 11 14:42:42 nitrogen spamd[29407]: spamd: server successfully spawned child process, pid 29410 Nov 11 14:42:42 nitrogen spamd[29407]: prefork: child states: II -- Best regards, Niamhmailto:ni...@fullbore.co.uk pgpFBO8jDFKxz.pgp Description: PGP signature
Re: DNS checks not being performed-
On 11/11/2014 03:26 PM, Niamh Holding wrote: Hello Axb, Tuesday, November 11, 2014, 2:11:39 PM, you wrote: A> You need to add "-D dns" (without the quotes) option to the spamassassin A> init script So daemon $NICELEVEL spamd $SPAMDOPTIONS -r $SPAMD_PID becomes daemon $NICELEVEL spamd -D dns $SPAMDOPTIONS -r $SPAMD_PID or do I set SPAMDOPTIONS="-d -c -m5 -H- D dns" watch out for stray spaces. SPAMDOPTIONS="-d -c -m5 -H -D dns" should do the trick...
Re: DNS checks not being performed-
Hello Axb, Tuesday, November 11, 2014, 2:11:39 PM, you wrote: A> You need to add "-D dns" (without the quotes) option to the spamassassin A> init script So daemon $NICELEVEL spamd $SPAMDOPTIONS -r $SPAMD_PID becomes daemon $NICELEVEL spamd -D dns $SPAMDOPTIONS -r $SPAMD_PID or do I set SPAMDOPTIONS="-d -c -m5 -H- D dns" -- Best regards, Niamhmailto:ni...@fullbore.co.uk pgp4ixMVHqvX3.pgp Description: PGP signature
Re: DNS checks not being performed-
On 11/11/2014 03:01 PM, Niamh Holding wrote: Hello Mark, Tuesday, November 11, 2014, 1:55:42 PM, you wrote: MM> Start spamd with option -D dns and compare its dns debuging So what's the command instead of service spamassassin start? You need to add "-D dns" (without the quotes) option to the spamassassin init script (depending on your distro it may be /etc/init.d/spamassassin)
Re: DNS checks not being performed-
Hello Mark, Tuesday, November 11, 2014, 1:55:42 PM, you wrote: MM> Start spamd with option -D dns and compare its dns debuging So what's the command instead of service spamassassin start? -- Best regards, Niamhmailto:ni...@fullbore.co.uk pgpc5cY9k_gpO.pgp Description: PGP signature
Re: DNS checks not being performed-
Niamh Holding wrote: spamd[26862]: spamd: connection from 127.0.0.1 [127.0.0.1]:46489 to port 783, fd 5 spamd[26862]: spamd: setuid to spamtest succeeded spamd[26862]: spamd: processing message <2014121508.3321875.277...@sailthru.com> for spamtest:1028 spamd[26862]: plugin: eval failed: IO::Socket: Cannot configure a generic socket at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/DnsResolver.pm line 414 spamd[26862]: rules: failed to run NO_DNS_FOR_FROM RBL test, skipping: spamd[26862]: (IO: [...]:Socket: Cannot configure a generic socket at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/DnsResolver.pm line 414) NH> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/DnsResolver.pm line 414. $sock = $io_socket_module_name->new(%args); And a quick test script suggests that $io_socket_module_name = IO::Socket::INET6 Start spamd with option -D dns and compare its dns debuging to what you obtained by running spamassassin -D dns . The 'Cannot configure a generic socket' in IO::Socket means that it could not determine which 'domain' (i.e. protocol family) it should use. Mark
Re: DMARC policy check with AskDNS posible?
After a couple of iterations and re-reading the policy syntax in a DMARC draft, I ended up with the following set of rules ( based on https://issues.apache.org/SpamAssassin/show_bug.cgi?id=7099 ): ifplugin Mail::SpamAssassin::Plugin::AskDNS askdns __DMARC_POLICY_NONE _dmarc._AUTHORDOMAIN_ TXT /^v\s*=DMARC1 (?=\s*;) .* ;\s* p\s*=\s*none \s*(?:;|\z)/x askdns __DMARC_POLICY_QUAR _dmarc._AUTHORDOMAIN_ TXT /^v\s*=DMARC1 (?=\s*;) .* ;\s* p\s*=\s*quarantine \s*(?:;|\z)/x askdns __DMARC_POLICY_REJECT _dmarc._AUTHORDOMAIN_ TXT /^v\s*=DMARC1 (?=\s*;) .* ;\s* p\s*=\s*reject \s*(?:;|\z)/x meta__DMARC_REJECT !(DKIM_VALID_AU || SPF_PASS) && __DMARC_POLICY_REJECT meta__DMARC_QUAR !(DKIM_VALID_AU || SPF_PASS) && __DMARC_POLICY_QUAR meta__DMARC_NONE !(DKIM_VALID_AU || SPF_PASS) && __DMARC_POLICY_NONE metaDMARC_REJECT__DMARC_REJECT && !__VIA_ML score DMARC_REJECT2.1 metaDMARC_REJECT_ML __DMARC_REJECT && __VIA_ML score DMARC_REJECT_ML 0.8 metaDMARC_QUAR __DMARC_QUAR && !__VIA_ML score DMARC_QUAR 1.8 metaDMARC_QUAR_ML __DMARC_QUAR && __VIA_ML score DMARC_QUAR_ML 0.7 endif Mark
Re: DNS checks not being performed-
Hello Niamh, Tuesday, November 11, 2014, 12:20:31 PM, you wrote: NH> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/DnsResolver.pm line 414. $sock = $io_socket_module_name->new(%args); And a quick test script suggests that $io_socket_module_name = IO::Socket::INET6 -- Best regards, Niamhmailto:ni...@fullbore.co.uk pgpsUItUu18Z5.pgp Description: PGP signature
Re: DNS checks not being performed-
Hello Axb, Tuesday, November 11, 2014, 11:26:50 AM, you wrote: A> what do you see maillog shows Nov 11 12:15:16 nitrogen spamd[26862]: spamd: connection from 127.0.0.1 [127.0.0.1]:46489 to port 783, fd 5 Nov 11 12:15:16 nitrogen spamd[26862]: spamd: setuid to spamtest succeeded Nov 11 12:15:16 nitrogen spamd[26862]: spamd: processing message <2014121508.3321875.277...@sailthru.com> for spamtest:1028 Nov 11 12:15:16 nitrogen spamd[26862]: plugin: eval failed: IO::Socket: Cannot configure a generic socket at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/DnsResolver.pm line 414 Nov 11 12:15:16 nitrogen spamd[26862]: rules: failed to run NO_DNS_FOR_FROM RBL test, skipping: Nov 11 12:15:16 nitrogen spamd[26862]: (IO: [...]:Socket: Cannot configure a generic socket at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/DnsResolver.pm line 414) Nov 11 12:15:17 nitrogen spamd[26862]: rules: failed to run DKIM_ADSP_DISCARD test, skipping: Nov 11 12:15:17 nitrogen spamd[26862]: (IO: [...]:Socket: Cannot configure a generic socket at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/DnsResolver.pm line 414 Nov 11 12:15:17 nitrogen spamd[26862]: ) Nov 11 12:15:17 nitrogen spamd[26862]: spf: lookup failed: IO::Socket: Cannot configure a generic socket at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/DnsResolver.pm line 414. Nov 11 12:15:17 nitrogen spamd[26862]: spf: lookup failed: IO::Socket: Cannot configure a generic socket at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/DnsResolver.pm line 414. Nov 11 12:15:18 nitrogen spamd[26862]: spamd: clean message (-0.8/4.5) for spamtest:1028 in 1.3 seconds, 133790 bytes. Nov 11 12:15:18 nitrogen spamd[26862]: spamd: result: . 0 - AWL,BAD_CREDIT,BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,HTML_FONT_LOW_CONTRAST,HTML_MESSAGE,RP_MATCHES_RCVD scantime=1.3,size=133790,user=spamtest,uid=1028,required_score=4.5,rhost=127.0.0.1,raddr=127.0.0.1,rport=46489,mid=<2014121508.3321875.277...@sailthru.com>,bayes=0.00,autolearn=no autolearn_force=no Nov 11 12:15:18 nitrogen spamd[26861]: prefork: child states: II -- Best regards, Niamhmailto:ni...@fullbore.co.uk pgpGyhHqrwfWX.pgp Description: PGP signature
Re: DNS checks not being performed-
Hello Niamh, Tuesday, November 11, 2014, 11:59:05 AM, you wrote: NH> RBL rules hit... but they aren't showing under normal checks. That message of mine has- X-Spam-Report: * 0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail * domains are different * -0.5 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain * 2.7 SPOOF_COM2OTH URI: URI contains ".com" in middle * -2.0 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.] * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's * domain * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * -2.8 AWL AWL: From: address is in the auto white-list -- Best regards, Niamhmailto:ni...@fullbore.co.uk pgpD15jSbiEtJ.pgp Description: PGP signature
Re: DNS checks not being performed-
Hello Axb, Tuesday, November 11, 2014, 11:26:50 AM, you wrote: A> cat msg.eml | spamassassin -D dns RBL rules hit... but they aren't showing under normal checks. cat /tmp/0001.eml | spamassassin -D dns Nov 11 11:44:11.031 [26084] warn: config: created user preferences file: /root/.spamassassin/user_prefs Nov 11 11:44:12.146 [26084] dbg: dns: EDNS, UDP payload size 4096 Nov 11 11:44:12.146 [26084] dbg: dns: servers obtained from Net::DNS : [127.0.0.1]:53 Nov 11 11:44:12.146 [26084] dbg: dns: nameservers set to 127.0.0.1 Nov 11 11:44:12.146 [26084] dbg: dns: using socket module: IO::Socket::INET6 Nov 11 11:44:12.146 [26084] dbg: dns: is Net::DNS::Resolver available? yes Nov 11 11:44:12.146 [26084] dbg: dns: Net::DNS version: 0.72 Nov 11 11:44:12.167 [26084] dbg: dns: clear_resolver Nov 11 11:44:12.168 [26084] dbg: dns: EDNS, UDP payload size 4096 Nov 11 11:44:12.168 [26084] dbg: dns: nameservers set to 127.0.0.1 Nov 11 11:44:12.168 [26084] dbg: dns: using socket module: IO::Socket::INET6 Nov 11 11:44:12.168 [26084] dbg: dns: is Net::DNS::Resolver available? yes Nov 11 11:44:12.168 [26084] dbg: dns: Net::DNS version: 0.72 Nov 11 11:44:12.168 [26084] dbg: dns: dns_available set to yes in config file, skipping test Nov 11 11:44:12.171 [26084] dbg: dns: bgsend, DNS servers: [127.0.0.1]:53 Nov 11 11:44:12.171 [26084] dbg: dns: attempt 1/1, trying connect/sendto to [127.0.0.1]:53 Nov 11 11:44:12.172 [26084] dbg: dns: connect_sock, resolver: yes Nov 11 11:44:12.172 [26084] dbg: dns: LocalAddr: 0.0.0.0, name server(s): [127.0.0.1]:53 Nov 11 11:44:12.176 [26084] dbg: dns: 53959 configured local ports for DNS queries Nov 11 11:44:12.176 [26084] dbg: dns: resolver socket rx buffer size is 129024 bytes, local port 60347 Nov 11 11:44:12.177 [26084] dbg: dns: providing a callback for id: 26759/IN/A/dnswl.org.multi.surbl.org Nov 11 11:44:12.177 [26084] dbg: dns: URIBL_PH_SURBL lookup start Nov 11 11:44:12.177 [26084] dbg: dns: bgsend, DNS servers: [127.0.0.1]:53 Nov 11 11:44:12.177 [26084] dbg: dns: attempt 1/1, trying connect/sendto to [127.0.0.1]:53 Nov 11 11:44:12.177 [26084] dbg: dns: providing a callback for id: 25051/IN/A/dnswl.org.multi.uribl.com Nov 11 11:44:12.177 [26084] dbg: dns: URIBL_BLACK lookup start Nov 11 11:44:12.177 [26084] dbg: dns: bgsend, DNS servers: [127.0.0.1]:53 Nov 11 11:44:12.177 [26084] dbg: dns: attempt 1/1, trying connect/sendto to [127.0.0.1]:53 Nov 11 11:44:12.178 [26084] dbg: dns: providing a callback for id: 17541/IN/A/dnswl.org.fresh.spameatingmonkey.net Nov 11 11:44:12.178 [26084] dbg: dns: SEM_FRESH lookup start Nov 11 11:44:12.178 [26084] dbg: dns: URIBL_RED lookup start Nov 11 11:44:12.178 [26084] dbg: dns: bgsend, DNS servers: [127.0.0.1]:53 Nov 11 11:44:12.178 [26084] dbg: dns: attempt 1/1, trying connect/sendto to [127.0.0.1]:53 Nov 11 11:44:12.178 [26084] dbg: dns: providing a callback for id: 44555/IN/A/dnswl.org.dob.sibl.support-intelligence.net Nov 11 11:44:12.178 [26084] dbg: dns: URIBL_RHS_DOB lookup start Nov 11 11:44:12.178 [26084] dbg: dns: URIBL_GREY lookup start Nov 11 11:44:12.178 [26084] dbg: dns: URIBL_MW_SURBL lookup start Nov 11 11:44:12.178 [26084] dbg: dns: URIBL_SC_SURBL lookup start Nov 11 11:44:12.179 [26084] dbg: dns: bgsend, DNS servers: [127.0.0.1]:53 Nov 11 11:44:12.179 [26084] dbg: dns: attempt 1/1, trying connect/sendto to [127.0.0.1]:53 Nov 11 11:44:12.179 [26084] dbg: dns: providing a callback for id: 15549/IN/A/dnswl.org.urired.spameatingmonkey.net Nov 11 11:44:12.179 [26084] dbg: dns: SEM_URIRED lookup start Nov 11 11:44:12.179 [26084] dbg: dns: URIBL_JP_SURBL lookup start Nov 11 11:44:12.179 [26084] dbg: dns: URIBL_AB_SURBL lookup start Nov 11 11:44:12.179 [26084] dbg: dns: URIBL_WS_SURBL lookup start Nov 11 11:44:12.179 [26084] dbg: dns: URIBL_BLOCKED lookup start Nov 11 11:44:12.179 [26084] dbg: dns: bgsend, DNS servers: [127.0.0.1]:53 Nov 11 11:44:12.179 [26084] dbg: dns: attempt 1/1, trying connect/sendto to [127.0.0.1]:53 Nov 11 11:44:12.180 [26084] dbg: dns: providing a callback for id: 18978/IN/A/dnswl.org.dbl.spamhaus.org Nov 11 11:44:12.180 [26084] dbg: dns: URIBL_DBL_ABUSE_REDIR lookup start Nov 11 11:44:12.180 [26084] dbg: dns: URIBL_DBL_ABUSE_BOTCC lookup start Nov 11 11:44:12.180 [26084] dbg: dns: URIBL_DBL_ERROR lookup start Nov 11 11:44:12.180 [26084] dbg: dns: URIBL_DBL_ABUSE_SPAM lookup start Nov 11 11:44:12.180 [26084] dbg: dns: URIBL_DBL_PHISH lookup start Nov 11 11:44:12.180 [26084] dbg: dns: URIBL_DBL_BOTNETCC lookup start Nov 11 11:44:12.180 [26084] dbg: dns: URIBL_DBL_SPAM lookup start Nov 11 11:44:12.180 [26084] dbg: dns: URIBL_DBL_ABUSE_PHISH lookup start Nov 11 11:44:12.180 [26084] dbg: dns: URIBL_DBL_ABUSE_MALW lookup start Nov 11 11:44:12.180 [26084] dbg: dns: URIBL_DBL_MALWARE lookup start Nov 11 11:44:12.180 [26084] dbg: dns: URIBL_DBL_REDIR lookup start Nov 11 11:44:12.181 [26084] dbg: dns: bgsend, DNS servers: [127.0.0.1]:53 Nov 11 11:44:12.181 [26084] dbg: dns: attempt 1/1, trying connect/s
Re: DNS checks not being performed-
Hello Niamh, Tuesday, November 11, 2014, 11:20:59 AM, I wrote: NH> Seems like since the last rules update DNS rules aren't being checked Last update- Nov 10 04:23:02.028 [3867] dbg: dns: 0.4.3.sought.rules.yerp.org => 3402014020421, parsed as 3402014020421 Nov 10 04:23:02.333 [3867] dbg: dns: 0.4.3.updates.spamassassin.org => 1637637, parsed as 1637637 Nov 10 04:23:02.452 [3867] dbg: dns: socket module IO::Socket::IP is available, but no host support for IPv6 Nov 10 04:23:02.453 [3867] dbg: dns: EDNS, UDP payload size 4096 Nov 10 04:23:02.453 [3867] dbg: dns: servers obtained from Net::DNS : [127.0.0.1]:53 Nov 10 04:23:02.453 [3867] dbg: dns: nameservers set to 127.0.0.1 Nov 10 04:23:02.453 [3867] dbg: dns: using socket module: IO::Socket::IP, forced IPv4 Nov 10 04:23:02.453 [3867] dbg: dns: is Net::DNS::Resolver available? yes Nov 10 04:23:02.453 [3867] dbg: dns: Net::DNS version: 0.72 Nov 10 04:23:02.461 [3867] dbg: dns: is DNS available? 0 Nov 10 04:23:02.462 [3867] dbg: dns: harvest_dnsbl_queries Nov 10 04:23:05.319 [3867] dbg: dns: socket module IO::Socket::IP is available, but no host support for IPv6 Nov 10 04:23:05.319 [3867] dbg: dns: EDNS, UDP payload size 4096 Nov 10 04:23:05.319 [3867] dbg: dns: servers obtained from Net::DNS : [127.0.0.1]:53 Nov 10 04:23:05.320 [3867] dbg: dns: nameservers set to 127.0.0.1 Nov 10 04:23:05.320 [3867] dbg: dns: using socket module: IO::Socket::IP, forced IPv4 Nov 10 04:23:05.320 [3867] dbg: dns: is Net::DNS::Resolver available? yes Nov 10 04:23:05.320 [3867] dbg: dns: Net::DNS version: 0.72 Nov 10 04:23:05.559 [3867] dbg: dns: harvest_dnsbl_queries -- Best regards, Niamhmailto:ni...@fullbore.co.uk pgpwOabHKARPq.pgp Description: PGP signature
Re: DNS checks not being performed-
On 11/11/2014 12:20 PM, Niamh Holding wrote: Hello Seems like since the last rules update DNS rules aren't being checked given that 209.85.216.51 is listed in list.dnswl.org the relevant rule should show- ;; QUESTION SECTION: ;51.216.85.209.list.dnswl.org. IN A ;; ANSWER SECTION: 51.216.85.209.list.dnswl.org. 28800 IN A 127.0.5.1 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on nitrogen.huntingdon.holtain.net X-Spam-Level: X-Spam-Status: No, score=-1.8 required=4.5 autolearn=unavailable autolearn_force=no what do you see if you do cat msg.eml | spamassassin -D dns
DNS checks not being performed-
Hello Seems like since the last rules update DNS rules aren't being checked given that 209.85.216.51 is listed in list.dnswl.org the relevant rule should show- ;; QUESTION SECTION: ;51.216.85.209.list.dnswl.org. IN A ;; ANSWER SECTION: 51.216.85.209.list.dnswl.org. 28800 IN A 127.0.5.1 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on nitrogen.huntingdon.holtain.net X-Spam-Level: X-Spam-Status: No, score=-1.8 required=4.5 autolearn=unavailable autolearn_force=no X-Spam-Report: * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider * (globalmedicaldevices[at]gmail.com) * 0.0 NORMAL_HTTP_TO_IP URI: URI host has a public dotted-decimal IPv4 * address * -2.0 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.] * 0.0 HTML_MESSAGE BODY: HTML included in message * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's * domain * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * 0.3 AWL AWL: From: address is in the auto white-list X-Spam-Relays-Untrusted: [ ip=209.85.216.51 rdns=mail-qa0-f51.google.com helo=mail-qa0-f51.google.com by=nitrogen.huntingdon.holtain.net ident= envfrom= intl=0 id= auth= msa=0 ] [ ip=122.177.47.159 rdns= helo=!192.168.1.1! by=mx.google.com ident= envfrom= intl=0 id=78sm17138522qgp.2.2014.11.10.18.52.19 auth=ESMTPSA msa=0 ] [ ip=209.85.216.51 rdns= helo= by= ident= envfrom= intl=0 id= auth= msa=0 ] -- Best regards, Niamh mailto:ni...@fullbore.co.uk pgpdzu0vwE62r.pgp Description: PGP signature