Re: OT - Hotmail/Outlook.com marking most of our email as Junk

[David B Funk]

On Wed, 20 Sep 2017, Rupert Gallagher wrote:


> 10. The emails we send are operational and notices emails to customers - 
who need them. They call on the phone and complain they haven't received 
them - just to discover they were sent, but ended up in the junk. 

Tell them to send you a copy of the header, then look for clues in their 
anti-spam report. 


Good luck with that.
Have you ever seen the kind of stuff that M$ adds to 
Hotmail/Outlook.com/Office365 etc.. messages?


Then when you try to track down any info on how to iterpret the dense pile of 
stuff in a 'x-forefront-antispam-report' header you run into this page:

https://technet.microsoft.com/en-us/library/dn205071(v=exchg.150).aspx

Note the paragraph:

 After accessing the message header information, search for
 X-Forefront-Antispam-Report and then look for these fields. Other fields in
 this header are used exclusively by the Microsoft anti-spam team for diagnostic
 purposes.

IE, we're not tellin..

Having been in the same situation as the OP (Done the full Monty monkey dance, 
MX, DKIM, SPF, abuse@, etc) the only thing that I can say is it's all VouDoo.



--
Dave Funk  University of Iowa
College of Engineering
319/335-5751   FAX: 319/384-0549   1256 Seamans Center
Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527
#include 
Better is not better, 'standard' is better. B{

Re: ISIPP - Re: bb.barracudacentral.org

[Chris]

On Wed, 2017-09-20 at 15:22 -0700, Ian Zimmerman wrote:
> On 2017-09-20 17:02, Chris wrote:
> 
> > 
> > So, IIUC it would be a good idea to remove the resolv.conf symlink
> > in
> > /run/resolvconf ?
> Definitely _not_ a good idea while the resolvconf package is
> installed.
> 
> What I meant was remove the package first, then clean up.
> 
Understand Ian, thanks

-- 
Chris
KeyID 0xE372A7DA98E6705C
31.11972; -97.90167 (Elev. 1092 ft)
19:40:09 up 22:52, 1 user, load average: 0.60, 0.58, 0.50
Description:Ubuntu 16.04.3 LTS, kernel 4.10.0-35-generic


signature.asc
Description: This is a digitally signed message part

Re: ISIPP - Re: bb.barracudacentral.org

[Chris]

On Wed, 2017-09-20 at 19:05 +0100, Martin Gregorie wrote:
> On Wed, 2017-09-20 at 08:48 -0500, Chris wrote:
> > 
> > On Wed, 2017-09-20 at 11:15 +0100, Martin Gregorie wrote:
> > > 
> > > On Tue, 2017-09-19 at 19:32 -0500, Chris wrote:
> > > > 
> > > > 
> > > > Hi Martin, here's what I see:
> > > > 
> > > > sudo systemctl status dnsmasq
> > > > [sudo] password for chris: 
> > > > ● dnsmasq.service
> > > >    Loaded: not-found (Reason: No such file or directory)
> > > >    Active: inactive (dead)
> > > > chris@localhost:~$ sudo systemctl enable dnsmasq
> > > > Failed to execute operation: No such file or directory
> > > > chris@localhost:~$ sudo systemctl status dnsmasq
> > > > ● dnsmasq.service
> > > >    Loaded: not-found (Reason: No such file or directory)
> > > >    Active: inactive (dead)
> > > > 
> > > Yes, that agrees with systemd not knowing about dnsmasq.
> > > 
> > > > 
> > > > 
> > > > I then installed dnsmasq (apparently it wasn't installed)
> > > > 
> > > I don't know why you'd want to do that since you should be
> > > running
> > > named instead of dnsmasq.
> > > 
> > I was tired and getting po'd at the whole mess. I installed via apt
> > then removed via apt and also ran apt purge.
> > 
> > > 
> > > Delete the version you just installed via the apt package manager
> > > and
> > > do a search and destroy mission to get rid of both the other copy
> > > of
> > > it
> > > and the associated configuration.
> > > 
> > > Running "updatedb; locate dnsmasq" is probably the fastest way of
> > > finding it and its associated files. Anything with a similar name
> > > in
> > > /etc/init.d is probably its launcher script, so that can go too.
> > > If
> > > you
> > > have an /etc/rc.local file, check its contents because its run as
> > > part
> > > of the sysVinit process. It shouldn't have anything about dnsmasq
> > > in
> > > it
> > > but you never know...
> > > 
> > From the locate command I found these - https://pastebin.com/ECjZGX
> > 1M
> >  
> > I'm not sure what to do with those that are associated with
> > /snap/core.
> > 
> Can't help there as I've not seen a /snap directory structure before.
> I
> don't believe any RedHat distros use it and nor does Raspbian.
> 
> How was it installed in the first place? That may give you some
> clues,
> or somebody who is more familiar Debian and its clones may know a
> safe
> way to remove it: I'd be inclined to just remove the lot but then I
> tend to go in boots and all in this sort of situation. Just take a
> backup first.
It was installed by default when upgrading from 14.04LTS to 16.04LTS

> 
> OTOH, since there's apparently nothing that starts dnsmasq at boot
> time
> apart from NetworkManager you can always just leave it there and
> accept
> that it will continue to occupy space on disk. Then:
> 
> - do as others have said and reconfigure NetworkManager so it doesn't
>   start anything.
> 
I have stopped Network Manager. I've not disabled or removed it yet as
I'm watching to see how named does the queries now.

> - configure named as a recursive nameserver if that isn't already
> done
> 
> - set up systemd to start named at boot time:
>    systemctl enable named# This makes it start at boot time
>    systemctl start named # Start it now
>    systemctl status named# see if it started OK
> 
It already starts at boot.

> - if it didn't like the current /etc/named.conf or it it isn't doing
>   what you want, modify its configuration and:
> 
>    systemctl restart named# kills named and restarts it with
> the
>   # new config
>    systemctl status named # See what its gdoing
> 
>   and repeat until its right
> 
> 
> Martin
> 
systemctl status bind9
● bind9.service - BIND Domain Name Server
   Loaded: loaded (/etc/systemd/system/bind9.service; enabled; vendor
preset: enabled)
  Drop-In: /run/systemd/generator/bind9.service.d
   └─50-insserv.conf-$named.conf
   Active: active (running) since Wed 2017-09-20 17:57:18 CDT; 3min 6s
ago
 Docs: man:named(8)
  Process: 19195 ExecStop=/usr/sbin/rndc stop (code=exited,
status=0/SUCCESS)
 Main PID: 19203 (named)
   CGroup: /system.slice/bind9.service
   └─19203 /usr/sbin/named -4 -f -u bind

localhost named[19203]: automatic empty zone: EMPTY.AS112.ARPA
localhost named[19203]: configuring command channel from
'/etc/bind/rndc.key'
localhost named[19203]: command channel listening on 127.0.0.1#953
localhost named[19203]: managed-keys-zone: loaded serial 602
localhost named[19203]: zone localhost/IN: loaded serial 2
localhost named[19203]: zone 255.in-addr.arpa/IN: loaded serial 1
localhost named[19203]: zone 127.in-addr.arpa/IN: loaded serial 1
localhost named[19203]: zone 0.in-addr.arpa/IN: loaded serial 1
localhost named[19203]: all zones loaded
localhost named[19203]: running

/etc/named.conf is simply

# OPTIONS="-4 -u bind"
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
# 

Re: ISIPP - Re: bb.barracudacentral.org

[Ian Zimmerman]

On 2017-09-20 17:02, Chris wrote:

> So, IIUC it would be a good idea to remove the resolv.conf symlink in
> /run/resolvconf ?

Definitely _not_ a good idea while the resolvconf package is installed.

What I meant was remove the package first, then clean up.

-- 
Please don't Cc: me privately on mailing lists and Usenet,
if you also post the followup to the list or newsgroup.
Do obvious transformation on domain to reply privately _only_ on Usenet.

Re: ISIPP - Re: bb.barracudacentral.org

[Chris]

On Wed, 2017-09-20 at 08:01 -0700, Ian Zimmerman wrote:
> On 2017-09-20 11:15, Martin Gregorie wrote:
> 
> > 
> > I don't know why you'd want to do that since you should be running
> > named instead of dnsmasq.
> > 
> > Delete the version you just installed via the apt package manager
> > and
> > do a search and destroy mission to get rid of both the other copy
> > of
> > it and the associated configuration.
> > 
> > Running "updatedb; locate dnsmasq" is probably the fastest way of
> > finding it and its associated files. Anything with a similar name
> > in
> > /etc/init.d is probably its launcher script, so that can go too. If
> > you have an /etc/rc.local file, check its contents because its run
> > as
> > part of the sysVinit process. It shouldn't have anything about
> > dnsmasq
> > in it but you never know...
> Another thing to check in this kind of mess (and I think it wasn't
> mentioned yet) is the state of /etc/resolv.conf.  In Debian (and so
> in
> Ubuntu, too) packages that provide DNS daemons, whether authoritative
> or
> caching only, attempt to manage that file automatically, if the
> resolvconf (traditionally) or openresolv package is also
> installed.  If
> you do something "unexpected" you can end up with /etc/resolv.conf in
> a
> strange state.
> 
Hi Ian, my /etc/resolv.conf is linked to /run/resolvconf/resolv.conf.
Both appear to be the same. I don't know why the nameserver line is
there twice.

/run/resolvconf/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by
resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1
nameserver 127.0.0.1
search PK5001Z

The /etc/resolv.conf is exactly the same. 
> To avoid that, on my Debian hosts I usually purge
> resolvconf/openresolv,
> make sure that /etc/resolv.conf is a real file (not a symlink), and
> manually edit it to the correct state.  If the host is on DHCP I also
> make sure the ISC DHCP client is in use (not dhcpcd which seems to be
> much less flexible), and change /etc/dhcp/dhclient.conf to not
> request
> (or override) the DNS info provided by DHCP, as that also messes with
> resolv.conf.
> 
So, IIUC it would be a good idea to remove the resolv.conf symlink in
/run/resolvconf ?

> Finally (and getting really OT), it helps to keep relevant /etc files
> under version control, so you know when the system helpfully shifts
> the
> ground under you.
> 
-- 
Chris
KeyID 0xE372A7DA98E6705C
31.11972; -97.90167 (Elev. 1092 ft)
16:42:52 up 19:55, 1 user, load average: 0.65, 0.59, 0.83
Description:Ubuntu 16.04.3 LTS, kernel 4.10.0-35-generic


signature.asc
Description: This is a digitally signed message part

Re: OT - Hotmail/Outlook.com marking most of our email as Junk

[Rupert Gallagher]

> 10. The emails we send are operational and notices emails to customers -
who need them. They call on the phone and complain they haven't received
them - just to discover they were sent, but ended up in the junk.

Tell them to send you a copy of the header, then look for clues in their 
anti-spam report.

Sent from ProtonMail Mobile

Re: OT - Hotmail/Outlook.com marking most of our email as Junk

[Rupert Gallagher]

Allow incoming to postmaster@ and abuse@.

Sent from ProtonMail Mobile

On Tue, Sep 19, 2017 at 8:25 AM, Sebastian Arcus  wrote:

> This is a bit off topic as it is not directly related to SA, but I'm hoping 
> that with the email and spam expertise on this group, someone might throw in 
> a useful idea - which would be much appreciated. I have this problem on one 
> site where most emails we send to Hotmail/Outlook.com/Live.com email 
> addresses end up in Junk at the recipient's end. Things I have tried: 1. I've 
> setup SPF, DKIM, DMARC (and set it to 'reject'). 2. We used to smart relay 
> outbound email through the hosting provider (1and1), but now changed to send 
> directly from our own IP address, so that we can control the reputation of 
> the sending IP - no change. 3. I've checked our public IP and the domain name 
> at mxtoolbox.com - all tests pass (the public IP has been delisted from the 
> Spamhaus non-MX/end-user IP database). 4. I've setup forward and reverse DNS 
> entries for our IP address. 5. I've checked with all DNS 
> blocklists/blacklists I could find - our domain or IP address is not flagged 
> up anywhere. 6. This is a small network which I've been managing for years - 
> the domain name has not been used to send marketing/lists email of any sort - 
> so the historic reputation should be fine. 7. I've setup a monitor and block 
> on port 25 outbound on the network firewall - in case there is a trojan on a 
> machine on the network sending out spam and ruining the reputation of our IP 
> - it's never been triggered. 8. I've checked the contents of outgoing emails 
> - this is an accountants practice - the email content is standard, there is 
> nothing there which should trigger bayesian filters. 9. I've sent emails to 
> other servers under my control running SA - the scores come out perfect at 
> the receiving end. 10. The emails we send are operational and notices emails 
> to customers - who need them. They call on the phone and complain they 
> haven't received them - just to discover they were sent, but ended up in the 
> junk. 11. Emails we send to any other domains are never a problem spam-wise. 
> I can't really think of anything else to try - have I missed anything? Are 
> Hotmail/Outlook.com spam filters a complete lottery?

Re: ISIPP - Re: bb.barracudacentral.org

[Martin Gregorie]

On Wed, 2017-09-20 at 08:01 -0700, Ian Zimmerman wrote:
> Finally (and getting really OT), it helps to keep relevant /etc files
> under version control, so you know when the system helpfully shifts
> the ground under you.
> 
Really good advice.

I keep a copy of all the configuration files I've manually created or
changed. These are held in a normal user in a directory structure that
mimics /etc, which makes it easier to manage and to put my versions
back as and when needed. These copies are under version control and so
are automatically backed up whenever /home is backed up.

Martin

Re: ISIPP - Re: bb.barracudacentral.org

[Martin Gregorie]

On Wed, 2017-09-20 at 08:48 -0500, Chris wrote:
> On Wed, 2017-09-20 at 11:15 +0100, Martin Gregorie wrote:
> > On Tue, 2017-09-19 at 19:32 -0500, Chris wrote:
> > > 
> > > Hi Martin, here's what I see:
> > > 
> > > sudo systemctl status dnsmasq
> > > [sudo] password for chris: 
> > > ● dnsmasq.service
> > >    Loaded: not-found (Reason: No such file or directory)
> > >    Active: inactive (dead)
> > > chris@localhost:~$ sudo systemctl enable dnsmasq
> > > Failed to execute operation: No such file or directory
> > > chris@localhost:~$ sudo systemctl status dnsmasq
> > > ● dnsmasq.service
> > >    Loaded: not-found (Reason: No such file or directory)
> > >    Active: inactive (dead)
> > > 
> > 
> > Yes, that agrees with systemd not knowing about dnsmasq.
> > 
> > > 
> > > I then installed dnsmasq (apparently it wasn't installed)
> > > 
> > 
> > I don't know why you'd want to do that since you should be running
> > named instead of dnsmasq.
> > 
> 
> I was tired and getting po'd at the whole mess. I installed via apt
> then removed via apt and also ran apt purge.
> 
> > Delete the version you just installed via the apt package manager
> > and
> > do a search and destroy mission to get rid of both the other copy
> > of
> > it
> > and the associated configuration.
> > 
> > Running "updatedb; locate dnsmasq" is probably the fastest way of
> > finding it and its associated files. Anything with a similar name
> > in
> > /etc/init.d is probably its launcher script, so that can go too. If
> > you
> > have an /etc/rc.local file, check its contents because its run as
> > part
> > of the sysVinit process. It shouldn't have anything about dnsmasq
> > in
> > it
> > but you never know...
> > 
> 
> From the locate command I found these - https://pastebin.com/ECjZGX1M
>  
> I'm not sure what to do with those that are associated with
> /snap/core.
>
Can't help there as I've not seen a /snap directory structure before. I
don't believe any RedHat distros use it and nor does Raspbian.

How was it installed in the first place? That may give you some clues,
or somebody who is more familiar Debian and its clones may know a safe
way to remove it: I'd be inclined to just remove the lot but then I
tend to go in boots and all in this sort of situation. Just take a
backup first.

OTOH, since there's apparently nothing that starts dnsmasq at boot time
apart from NetworkManager you can always just leave it there and accept
that it will continue to occupy space on disk. Then:

- do as others have said and reconfigure NetworkManager so it doesn't
  start anything.

- configure named as a recursive nameserver if that isn't already done

- set up systemd to start named at boot time:
   systemctl enable named# This makes it start at boot time
   systemctl start named # Start it now
   systemctl status named# see if it started OK

- if it didn't like the current /etc/named.conf or it it isn't doing
  what you want, modify its configuration and:

   systemctl restart named  # kills named and restarts it with
the
# new config
   systemctl status named   # See what its gdoing

  and repeat until its right


Martin

Re: Testing Spamminess of Own Mail

[Benny Pedersen]

Jerry Malcolm skrev den 2017-09-20 17:32:

I didn't "misguide" anyone.  Even if you can't think of a reason to
use it or don't want to use it, then don't use it.  There's no reason
to disparage the service.  It found all kinds of problems with my
email.  I fixed them.  I haven't had any problems since.


so you added a MX to solve it ?, plenti of fools out there, does that 
mean i have to be one ?


i am happy still it helped you

Re: Testing Spamminess of Own Mail

[David Jones]

On 09/20/2017 09:51 AM, Benny Pedersen wrote:

RW skrev den 2017-01-11 16:11:


Try mail-tester.com


it have badly working MX checks, MX rr is only needed if mailserver is 
diffrent ip then A/ records, i wont trust it as long this error is 
there




While it may be technically true in an RFC that a domain doesn't need MX 
records to receive mail, today it's not a good idea to rely on A records 
for inbound mail for a number of reasons.



and why use a mail-tester if it gets URIBL_BLOCKED



This must be new as it wasn't hitting that before.  That doesn't mean 
the whole site is invalid, possibly just more popular recently.  Those 
guys that run the site are open to feedback and will probably fix this 
quickly.


One could simply check their own outbound IP address on 
http://multirbl.valli.org to determine if RBL listings are an issue.



its silly

dont missguide people


We are not misguiding people.  Multiple users on this list have 
recommended using this site after it helped them improve their delivery 
reliability.  I recommend it to my customers all of the time and they 
have told me it helped them too.


--
David Jones

Re: Testing Spamminess of Own Mail

[Jerry Malcolm]

I didn't "misguide" anyone.  Even if you can't think of a reason to use 
it or don't want to use it, then don't use it.  There's no reason to 
disparage the service.  It found all kinds of problems with my email.  I 
fixed them.  I haven't had any problems since.


Don't misguide people!


On 9/20/2017 9:51 AM, Benny Pedersen wrote:

RW skrev den 2017-01-11 16:11:


Try mail-tester.com


it have badly working MX checks, MX rr is only needed if mailserver is 
diffrent ip then A/ records, i wont trust it as long this error is 
there


and why use a mail-tester if it gets URIBL_BLOCKED

its silly

dont missguide people

Re: ISIPP - Re: bb.barracudacentral.org

[Bill Cole]

On 20 Sep 2017, at 9:48, Chris wrote:

> From the locate command I found these - https://pastebin.com/ECjZGX1M 

AHA!

Apparently Ubuntu (and Debian?) has a package called "dnsmasq-base" which is 
installed as a dependency of libvirt, which manages it independently and 
autocratically...

2 maybe useful links:

https://wiki.ubuntu.com/SecurityTeam/TestingEnvironment#Tell_systemd-resolved_to_use_libvirt.27s_dnsmasq_for_VMs_only_.2817.04.2B-.29

https://help.ubuntu.com/community/Dnsmasq

In short: this looks like a platform-specific situation grounded in trying to 
use one system for both spam filtering and running virtual machines.

> I'm not sure what to do with those that are associated with /snap/core.

No idea. Looks like an Ubuntuism I am unfamiliar with.

> There's nothing in /etc/init.d for dnsmasq.

No, there wouldn't be. THIS dnsmasq is libvirtd's pet. It should be irrelevant 
to your SpamAssassin resolution issues. As long as BIND's 'named' process is 
binding to 127.0.0.1:53 before dnsmasq tries to do so, you should only need to 
look at what named is doing.

signature.asc
Description: OpenPGP digital signature

Re: ISIPP - Re: bb.barracudacentral.org

[Ian Zimmerman]

On 2017-09-20 11:15, Martin Gregorie wrote:

> I don't know why you'd want to do that since you should be running
> named instead of dnsmasq.
> 
> Delete the version you just installed via the apt package manager and
> do a search and destroy mission to get rid of both the other copy of
> it and the associated configuration.
> 
> Running "updatedb; locate dnsmasq" is probably the fastest way of
> finding it and its associated files. Anything with a similar name in
> /etc/init.d is probably its launcher script, so that can go too. If
> you have an /etc/rc.local file, check its contents because its run as
> part of the sysVinit process. It shouldn't have anything about dnsmasq
> in it but you never know...

Another thing to check in this kind of mess (and I think it wasn't
mentioned yet) is the state of /etc/resolv.conf.  In Debian (and so in
Ubuntu, too) packages that provide DNS daemons, whether authoritative or
caching only, attempt to manage that file automatically, if the
resolvconf (traditionally) or openresolv package is also installed.  If
you do something "unexpected" you can end up with /etc/resolv.conf in a
strange state.

To avoid that, on my Debian hosts I usually purge resolvconf/openresolv,
make sure that /etc/resolv.conf is a real file (not a symlink), and
manually edit it to the correct state.  If the host is on DHCP I also
make sure the ISC DHCP client is in use (not dhcpcd which seems to be
much less flexible), and change /etc/dhcp/dhclient.conf to not request
(or override) the DNS info provided by DHCP, as that also messes with
resolv.conf.

Finally (and getting really OT), it helps to keep relevant /etc files
under version control, so you know when the system helpfully shifts the
ground under you.

-- 
Please don't Cc: me privately on mailing lists and Usenet,
if you also post the followup to the list or newsgroup.
Do obvious transformation on domain to reply privately _only_ on Usenet.

Re: Testing Spamminess of Own Mail

[Benny Pedersen]

RW skrev den 2017-01-11 16:11:


Try mail-tester.com


it have badly working MX checks, MX rr is only needed if mailserver is 
diffrent ip then A/ records, i wont trust it as long this error is 
there


and why use a mail-tester if it gets URIBL_BLOCKED

its silly

dont missguide people

Re: ISIPP - Re: bb.barracudacentral.org

[Chris]

On Tue, 2017-09-19 at 21:32 -0700, Ian Zimmerman wrote:
> On 2017-09-19 19:53, David B Funk wrote:
> 
> > 
> > So now you have -two- dnsmasq kits, one installed by "apt" and
> > managed
> > thru the "systemctl" tools, and another one that somebody put there
> > which is outside the realm of "apt" & "systemctl" (thus they don't
> > know how to manange it).
> > 
> > You should really pick one method of installing/managing software
> > and
> > stick with it.
> > 
> > This is similar to the mess you get when you mix CPAN with
> > yum/yast/rpm/apt for installing Perl modules.
> Similar but worse, as you can have a safe CPAN + distro mix with
> local::lib.
> 
As I've said in a previous post I 'only' install official Ubuntu pkgs
via apt except I have a beta of fetchmail currently in use.

I'm not sure if removing certain snap pkgs I have installed will also
remove dnsmasq or not or if it was automatically installed when 'core'
was installed.

/snap/core/2925/etc/dnsmasq.d
/snap/core/2925/etc/dbus-1/system.d/dnsmasq.conf
/snap/core/2925/etc/dnsmasq.d/ubuntu-fan
/snap/core/2925/run/dnsmasq
/snap/core/2925/usr/sbin/dnsmasq
/snap/core/2925/usr/share/dnsmasq-base
/snap/core/2925/usr/share/dnsmasq-base/trust-anchors.conf

core 16-2.28~rc3 2925  canonical  core
dwarf-fortress   0.43.05 2 mterry -
nethack  3.4.2-2 2 ogra   -
pubip0.6 28thibran-
snappy-debug 0.31.4-snapd2.26.9  70canonical  -
snapweb  0.26-11-dev 307   canonical  -
speed-test   1.8.0   16bartaz -
wallpaperdownloader  2.8 16egarcia-

-- 
Chris
KeyID 0xE372A7DA98E6705C
31.11972; -97.90167 (Elev. 1092 ft)
08:58:22 up 12:11, 1 user, load average: 0.47, 0.57, 0.71
Description:Ubuntu 16.04.3 LTS, kernel 4.10.0-35-generic


signature.asc
Description: This is a digitally signed message part

Re: ISIPP - Re: bb.barracudacentral.org

[Chris]

On Tue, 2017-09-19 at 23:04 -0400, Bill Cole wrote:
> On 19 Sep 2017, at 22:36, Chris wrote:
> 
> > 
> > On Wed, 2017-09-20 at 04:31 +0200, Reindl Harald wrote:
> > > 
> > > 
> > > Am 20.09.2017 um 02:32 schrieb Chris:
> > > > 
> > > > 
> > > > I then installed dnsmasq (apparently it wasn't installed)
> > > frankly clean up your mess - you recently posted dnsmasq as well
> > > as 
> > > named listening on different interfaces for DNS, now you say
> > > dnsmasq
> > > was 
> > > not installed
> > Will do, sorry for all the noise the last few days. I'll see if I
> > can
> > figure this out myself.
> Everyone here started clueless and when we obtained a little
> knowledge, got dangerous: mostly to ourselves. No apologies needed.

Thanks Bill, I guess in my 68yrs I've really gotten dangerous.

> 
> You have clearly done something on your system that confuse the
> specific problem you're having with SpamAssassin. I suspect the root
> issue is installing dnsmasq from the upstream source distribution
> (and maybe BIND also?) rather than using the Debian/Ubuntu package(s)
> via the apt and/or dpkg tools. That's not an uncommon class of
> mistake, but it is an especially risky move on a systemd-managed
> platform and especially on anything Debian-based because Debian makes
> substantial changes to some open source software which can cause
> unusual problems which are unique to the platform. The bottom line:
> on Ubuntu, use the Ubuntu software installation tools and do not try
> to install anything from upstream source that has a Ubuntu package.
> 
Both BIND and last night dnsmasq were installed via apt and dnsmasq was
removed via apt remove and apt purge. In fact I make it a point to
install packages via apt unless it can't be helped such as the beta of
fetchmail I'm currently running. The odd/bad thing about this whole
mess is that the issue of queries to isipp and bb.barracuda have been
going on for quite awhile now. I just finally decided to try and do
something about it. The issue with the isipp query going to the
incorrect ip only started a few days ago though.

-- 
Chris
KeyID 0xE372A7DA98E6705C
31.11972; -97.90167 (Elev. 1092 ft)
08:49:39 up 12:02, 1 user, load average: 2.38, 1.31, 0.93
Description:Ubuntu 16.04.3 LTS, kernel 4.10.0-35-generic


signature.asc
Description: This is a digitally signed message part

Re: ISIPP - Re: bb.barracudacentral.org

[Chris]

On Wed, 2017-09-20 at 11:15 +0100, Martin Gregorie wrote:
> On Tue, 2017-09-19 at 19:32 -0500, Chris wrote:
> > 
> > Hi Martin, here's what I see:
> > 
> > sudo systemctl status dnsmasq
> > [sudo] password for chris: 
> > ● dnsmasq.service
> >    Loaded: not-found (Reason: No such file or directory)
> >    Active: inactive (dead)
> > chris@localhost:~$ sudo systemctl enable dnsmasq
> > Failed to execute operation: No such file or directory
> > chris@localhost:~$ sudo systemctl status dnsmasq
> > ● dnsmasq.service
> >    Loaded: not-found (Reason: No such file or directory)
> >    Active: inactive (dead)
> > 
> Yes, that agrees with systemd not knowing about dnsmasq.
> 
> > 
> > I then installed dnsmasq (apparently it wasn't installed)
> > 
> I don't know why you'd want to do that since you should be running
> named instead of dnsmasq.
> 
I was tired and getting po'd at the whole mess. I installed via apt
then removed via apt and also ran apt purge.

> Delete the version you just installed via the apt package manager and
> do a search and destroy mission to get rid of both the other copy of
> it
> and the associated configuration.
> 
> Running "updatedb; locate dnsmasq" is probably the fastest way of
> finding it and its associated files. Anything with a similar name in
> /etc/init.d is probably its launcher script, so that can go too. If
> you
> have an /etc/rc.local file, check its contents because its run as
> part
> of the sysVinit process. It shouldn't have anything about dnsmasq in
> it
> but you never know...
> 
From the locate command I found these - https://pastebin.com/ECjZGX1M 
I'm not sure what to do with those that are associated with /snap/core.
There's nothing in /etc/init.d for dnsmasq.

Chris


-- 
Chris
KeyID 0xE372A7DA98E6705C
31.11972; -97.90167 (Elev. 1092 ft)
08:07:59 up 11:20, 1 user, load average: 0.08, 0.07, 0.08
Description:Ubuntu 16.04.3 LTS, kernel 4.10.0-35-generic


signature.asc
Description: This is a digitally signed message part

Re: ISIPP - Re: bb.barracudacentral.org

[Martin Gregorie]

On Tue, 2017-09-19 at 19:32 -0500, Chris wrote:
> Hi Martin, here's what I see:
> 
> sudo systemctl status dnsmasq
> [sudo] password for chris: 
> ● dnsmasq.service
>    Loaded: not-found (Reason: No such file or directory)
>    Active: inactive (dead)
> chris@localhost:~$ sudo systemctl enable dnsmasq
> Failed to execute operation: No such file or directory
> chris@localhost:~$ sudo systemctl status dnsmasq
> ● dnsmasq.service
>    Loaded: not-found (Reason: No such file or directory)
>    Active: inactive (dead)
> 
Yes, that agrees with systemd not knowing about dnsmasq.

> I then installed dnsmasq (apparently it wasn't installed)
> 
I don't know why you'd want to do that since you should be running
named instead of dnsmasq.

Delete the version you just installed via the apt package manager and
do a search and destroy mission to get rid of both the other copy of it
and the associated configuration.

Running "updatedb; locate dnsmasq" is probably the fastest way of
finding it and its associated files. Anything with a similar name in
/etc/init.d is probably its launcher script, so that can go too. If you
have an /etc/rc.local file, check its contents because its run as part
of the sysVinit process. It shouldn't have anything about dnsmasq in it
but you never know...


Martin