sa-update doesn't work anymore after upgrade to spamassassin-3.3.2-4.el4.rfx
On a CentOS 4.9-x86 box I user for years, sa-update doesnt want to work anymore since I've upgraded from 3.1.3 this seems to be related to a DNS problem, but I can't find what I need to adapt to fix it, could you help me ? All that I get in DBG mode is: Mar 18 14:27:47.241 [15822] dbg: channel: attempting channel updates.spamassassin.org Mar 18 14:27:47.243 [15822] dbg: channel: update directory /var/lib/spamassassin/3.003002/updates_spamassassin_org Mar 18 14:27:47.244 [15822] dbg: channel: channel cf file /var/lib/spamassassin/3.003002/updates_spamassassin_org.cf Mar 18 14:27:47.245 [15822] dbg: channel: channel pre file /var/lib/spamassassin/3.003002/updates_spamassassin_org.pre Mar 18 14:27:47.246 [15822] dbg: channel: metadata version = 1162027 Mar 18 14:28:17.257 [15822] dbg: dns: query failed: 2.3.3.updates.spamassassin.org = SERVFAIL As long as I can see DNS is working correctly and I've also tried to use Google DNSes without success... What could I do to fix this asap ? Thanks for your help... -- (°- Bernard Lheureux Gestionnaire des MailingLists ML, TechML, LinuxML //\ http://www.bbsoft4.org/Mailinglists.htm ** MailTo:r...@bbsoft4.org v_/_ http://www.bbsoft4.org/ * http://www.portalinux.org/
Re: sa-update doesn't work anymore after upgrade to spamassassin-3.3.2-4.el4.rfx
On 3/18/2012 9:30 AM, Bernard Lheureux wrote: On a CentOS 4.9-x86 box I user for years, sa-update doesnt want to work anymore since I've upgraded from 3.1.3 this seems to be related to a DNS problem, but I can't find what I need to adapt to fix it, could you help me ? Definitely sounds like DNS. If you type dig -t txt 2.3.3.updates.spamassassin.org, what do you get? Regards, KAM
Re: sa-update doesn't work anymore after upgrade to spamassassin-3.3.2-4.el4.rfx
On 03/18/2012 02:33 PM, Kevin A. McGrail wrote: On 3/18/2012 9:30 AM, Bernard Lheureux wrote: On a CentOS 4.9-x86 box I user for years, sa-update doesnt want to work anymore since I've upgraded from 3.1.3 this seems to be related to a DNS problem, but I can't find what I need to adapt to fix it, could you help me ? Definitely sounds like DNS. If you type dig -t txt 2.3.3.updates.spamassassin.org, what do you get? Regards, KAM I get ; DiG 9.2.4 -t txt 2.3.3.updates.spamassassin.org ;; global options: printcmd ;; connection timed out; no servers could be reached But the DNS resolution works correctly, what does that mean ? -- (°- Bernard Lheureux Gestionnaire des MailingLists ML, TechML, LinuxML //\ http://www.bbsoft4.org/Mailinglists.htm ** MailTo:r...@bbsoft4.org v_/_ http://www.bbsoft4.org/ * http://www.portalinux.org/
Re: sa-update doesn't work anymore after upgrade to spamassassin-3.3.2-4.el4.rfx
On 3/18/12 9:44 AM, Bernard Lheureux wrote: I get ; DiG 9.2.4 -t txt 2.3.3.updates.spamassassin.org ;; global options: printcmd ;; connection timed out; no servers could be reached But the DNS resolution works correctly, what does that mean ? it means the DNS resolution isn't working correctly. you should get something like this: dig -t txt 2.3.3.updates.spamassassin.org ; DiG 9.3.5-P2 -t txt 2.3.3.updates.spamassassin.org ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 37105 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 3 ;; QUESTION SECTION: ;2.3.3.updates.spamassassin.org.INTXT ;; ANSWER SECTION: 2.3.3.updates.spamassassin.org.3600 INTXT1293136 ;; AUTHORITY SECTION: spamassassin.org.3600INNSa.auth-ns.sonic.net. spamassassin.org.3600INNSb.auth-ns.sonic.net. spamassassin.org.3600INNSc.auth-ns.sonic.net. spamassassin.org.3600INNSns.hyperreal.org. ;; ADDITIONAL SECTION: a.auth-ns.sonic.net.37091INA209.204.159.20 b.auth-ns.sonic.net.37091INA184.173.92.18 c.auth-ns.sonic.net.37091INA69.9.186.104 ;; Query time: 117 msec ;; SERVER: 10.70.1.2#53(10.70.1.2) ;; WHEN: Sun Mar 18 09:54:41 2012 ;; MSG SIZE rcvd: 208 -- Michael Scheidell, CTO o: 561-999-5000 d: 561-948-2259 *| *SECNAP Network Security Corporation * Best Mobile Solutions Product of 2011 * Best Intrusion Prevention Product * Hot Company Finalist 2011 * Best Email Security Product * Certified SNORT Integrator __ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.spammertrap.com/ __
Re: sa-update doesn't work anymore after upgrade to spamassassin-3.3.2-4.el4.rfx
I get ; DiG 9.2.4 -t txt 2.3.3.updates.spamassassin.org ;; global options: printcmd ;; connection timed out; no servers could be reached But the DNS resolution works correctly, what does that mean ? It means DNS is not working correctly for you. Here's an old ISP in my areas's DNS server. What do you get? dig -t txt 2.3.3.updates.spamassassin.org @ns.erols.com ;; QUESTION SECTION: ;2.3.3.updates.spamassassin.org.IN TXT ;; ANSWER SECTION: 2.3.3.updates.spamassassin.org. 3600 IN TXT 1293136 ;; AUTHORITY SECTION: spamassassin.org. 86400 IN NS ns.hyperreal.org. spamassassin.org. 86400 IN NS c.auth-ns.sonic.net. spamassassin.org. 86400 IN NS a.auth-ns.sonic.net. spamassassin.org. 86400 IN NS b.auth-ns.sonic.net. ;; ADDITIONAL SECTION: a.auth-ns.sonic.net.49101 IN A 209.204.159.20 a.auth-ns.sonic.net.49101 IN 2001:5a8:0:3::1 b.auth-ns.sonic.net.49101 IN A 184.173.92.18 b.auth-ns.sonic.net.49101 IN 2607:f0d0:1102:f::2 c.auth-ns.sonic.net.49101 IN A 69.9.186.104 c.auth-ns.sonic.net.49101 IN 2001:48c8:1:1::2 ;; Query time: 22 msec ;; SERVER: 207.172.3.8#53(207.172.3.8) ;; WHEN: Sun Mar 18 09:45:41 2012 ;; MSG SIZE rcvd: 292
Re: sa-update doesn't work anymore after upgrade to spamassassin-3.3.2-4.el4.rfx
On 03/18/2012 02:59 PM, Kevin A. McGrail wrote: Could this be related to a firewall rule that should be blocking it ? Which ports should I open to ensure it works not only port 53 udp and tcp ? I get ; DiG 9.2.4 -t txt 2.3.3.updates.spamassassin.org ;; global options: printcmd ;; connection timed out; no servers could be reached But the DNS resolution works correctly, what does that mean ? It means DNS is not working correctly for you. Here's an old ISP in my areas's DNS server. What do you get? dig -t txt 2.3.3.updates.spamassassin.org @ns.erols.com ;; QUESTION SECTION: ;2.3.3.updates.spamassassin.org. IN TXT ;; ANSWER SECTION: 2.3.3.updates.spamassassin.org. 3600 IN TXT "1293136" ;; AUTHORITY SECTION: spamassassin.org. 86400 IN NS ns.hyperreal.org. spamassassin.org. 86400 IN NS c.auth-ns.sonic.net. spamassassin.org. 86400 IN NS a.auth-ns.sonic.net. spamassassin.org. 86400 IN NS b.auth-ns.sonic.net. ;; ADDITIONAL SECTION: a.auth-ns.sonic.net. 49101 IN A 209.204.159.20 a.auth-ns.sonic.net. 49101 IN 2001:5a8:0:3::1 b.auth-ns.sonic.net. 49101 IN A 184.173.92.18 b.auth-ns.sonic.net. 49101 IN 2607:f0d0:1102:f::2 c.auth-ns.sonic.net. 49101 IN A 69.9.186.104 c.auth-ns.sonic.net. 49101 IN 2001:48c8:1:1::2 ;; Query time: 22 msec ;; SERVER: 207.172.3.8#53(207.172.3.8) ;; WHEN: Sun Mar 18 09:45:41 2012 ;; MSG SIZE rcvd: 292 -- M$-Internet Exploder est le cancer de l'Internet, voyez pourquoi ici: http://www.aful.org/ressources/documentations/msie-problemes-securite -- (- Bernard Lheureux Gestionnaire des MailingLists ML, TechML, LinuxML //\ http://www.bbsoft4.org/Mailinglists.htm ** MailTo:r...@bbsoft4.org v_/_ http://www.bbsoft4.org/ * http://www.portalinux.org/
Re: sa-update doesn't work anymore after upgrade to spamassassin-3.3.2-4.el4.rfx
On 03/18/2012 04:24 PM, Bernard Lheureux wrote: I found why, that was related to my firewall, now everything is OK... I simply had to disable the outgoing rules for DNS-OUT, because OUT is allowed from all, and now all is OK Thanks a lot to all of you ! On 03/18/2012 03:40 PM, Kevin A. McGrail wrote: Which ports should I open to ensure it works not only port 53 udp and tcp ? I'm assuming dig -t txt 2.3.3.updates.spamassassin.org @ns.erols.com doesn't work for you either. http://systembash.com/content/dns-server-firewall-open-ports/ Has a good list of ports but it's basically 53 tcp/udp and every single upper port because of the back channel. If your firewall automatically recognizes and opens back channels, you might be ok. My FW is a Watchguard Firebox III/700 and ALL is open for OUTGOING, then I don't think this could be caused by this... But I cannot find why this answers always: [root@myserver ~]# dig -t txt 2.3.3.updates.spamassassin.org ; DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5 -t txt 2.3.3.updates.spamassassin.org ;; global options: printcmd ;; connection timed out; no servers could be reached I use my own Bind9 DNS server which is running OK for a long time ago... And the 2 forwarders on this server are the 2 DNSes of my ISP what could be wrong ? Do you know if I could try to use public DNS as forwarders ? If yes, which ones ? -- (°- Bernard Lheureux Gestionnaire des MailingLists ML, TechML, LinuxML //\ http://www.bbsoft4.org/Mailinglists.htm ** MailTo:r...@bbsoft4.org v_/_ http://www.bbsoft4.org/ * http://www.portalinux.org/ -- M$-Internet Exploder est le cancer de l'Internet, voyez pourquoi ici: http://www.aful.org/ressources/documentations/msie-problemes-securite -- (°- Bernard Lheureux Gestionnaire des MailingLists ML, TechML, LinuxML //\ http://www.bbsoft4.org/Mailinglists.htm ** MailTo:r...@bbsoft4.org v_/_ http://www.bbsoft4.org/ * http://www.portalinux.org/
Re: sa-update doesn't work anymore after upgrade to spamassassin-3.3.2-4.el4.rfx
18.3.2012 17:24, Bernard Lheureux kirjoitti: I use my own Bind9 DNS server which is running OK for a long time ago... And the 2 forwarders on this server are the 2 DNSes of my ISP what could be wrong ? Do you know if I could try to use public DNS as forwarders ? If yes, which ones ? Try namebench and find it out! http://code.google.com/p/namebench/ it may be available in your repo if you use Linux. -- Think twice before speaking, but don't say think think click click. signature.asc Description: OpenPGP digital signature
Re: Better phish detection
Joseph Brennan wrote: --On Thursday, March 15, 2012 19:21 -0700 sporkman sp...@bway.net wrote: -envelope-from is not from our domain, From: line in the message is, being able to clobber that pattern would be quite helpful by itself. Imagine one of your users sending mail to a list that another of your users subscribes to. I can't quite see the case there. My rule specifically matches a mismatch between the envelope-from and From: only when the From: purports to be one our staff/role accounts. I had it in testing for the last few days with a low score and it's doing pretty well. Always open to more ideas though... Charles -- View this message in context: http://old.nabble.com/Better-phish-detection-tp33478328p33529003.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Better phish detection
On 3/18/2012 8:16 PM, sporkman wrote: Joseph Brennan wrote: Imagine one of your users sending mail to a list that another of your users subscribes to. I can't quite see the case there. My rule specifically matches a mismatch between the envelope-from and From: only when the From: purports to be one our staff/role accounts. I had it in testing for the last few days with a low score and it's doing pretty well. Well consider your email (the one to which I'm replying): Return-path:users-return-#-lists=hireahit@spamassassin.apache.org From: sporkmansp...@bway.net That would be a FROM header that mentions one of your staff accounts (assuming you're using such a qualifying account now. If not, use a bit of imagination) with a completely different MAIL command. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren
