Re: spamhaus.net. type=A class=IN) failed: a domain name contains a null label
What version of spamassassin-dqs do you run? Make sure it is at least v1.0.2, i.e. has the rdns chop [1] in the module. > Here's the message complete with body - https://pastebin.com/CW7Vj7Yh > This written to my syslog - https://pastebin.com/M12PS1fK [1] https://github.com/spamhaus/spamassassin-dqs/blob/master/SH.pm#L666
Re: spamhaus.net. type=A class=IN) failed: a domain name contains a null label
On Tue, 6 Oct 2020, Chris wrote:
On Wed, 2020-10-07 at 03:40 +, Riccardo Alfieri wrote:
Hi Chris,
spamd[435769]: dns: new_dns_packet
(domain=o279.send.iheartdogs.com..x
x/db
l.dq
.spamhaus.net. type=A class=IN) failed: a domain name
contains
a null
label
Can you check how the DQS lookups are defined in the .cf files?
The correct sytax would be, ie:
urirhssub URIBL_DBL_SPAM .dbl.dq.spamhaus.net. A
127.0.1.2
From what appears in the logs it may be that you have an extra dot
somewhere, possibly before the DQS key
I checked my sh.cf in /etc/mail/spamassassin Riccardo and see no extra
'.' anywhere.
Do you find a urirhssub line for {anything}dbl.dq.spamhaus.net there?
Did you check *all* of the local .cf files?
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
---
Ignorance is no excuse for a law.
---
Tomorrow: the 449th anniversary of the muslim Ottoman defeat at Lepanto
Re: spamhaus.net. type=A class=IN) failed: a domain name contains a null label
On 07/10/20 05:55, Chris wrote: I checked my sh.cf in /etc/mail/spamassassin Riccardo and see no extra '.' anywhere. I tested your email in my 3.4.4 installation with DQS and I don't see issues. So, if you want, send me your .cf files and I'll have a look at them, but before that be absolutely sure that you are running the latest rules from: https://github.com/spamhaus/spamassassin-dqs We only support the latest version -- Best regards, Riccardo Alfieri Spamhaus Technology https://www.spamhaustech.com/
Re: spamhaus.net. type=A class=IN) failed: a domain name contains a null label
On Tue, 2020-10-06 at 20:52 -0700, John Hardin wrote: > On Wed, 7 Oct 2020, Riccardo Alfieri wrote: > > > Hi Chris, > > > > > > > > > > > spamd[435769]: dns: new_dns_packet > > > > > > > (domain=o279.send.iheartdogs.com..xxx > > > > > > > xxx/db > > > > > > > l.dq > > > > > > > .spamhaus.net. type=A class=IN) failed: a domain name > > > > > > > contains > > > > > > > a null > > > > > > > label > > Can you check how the DQS lookups are defined in the .cf files? > > > > The correct sytax would be, ie: > > > > urirhssub URIBL_DBL_SPAM .dbl.dq.spamhaus.net. A > > 127.0.1.2 > > > > From what appears in the logs it may be that you have an extra dot > > somewhere, > > possibly before the DQS key > > That's *very* plausible if the "x" stuff in what you've been > providing is your obfuscated key. Yes it is. > > Please note when you do things like that - not all of us have > experience > with paid feeds, and wouldn't be able to detect the obfuscation... > (like > me, for instance. I got to the same place but it wasn't as direct for > me > as it was for Riccardo.) > > If that is indeed the cause, then it might be worthwhile to open a > bug to > strip leading dot(s) from urirhssub config lines to avoid this, or > at > least generate a lint warning if they are present. > > As I just told Riccardo I've inspected my sh.cf file and I see no extra '.' anywhere. If either of you wish I can send you my sh.cf file for you to look at however I've pulled it up with a txt editor and searched for either '..' or even a . before the beginning of my key. -- Chris 31.11972; -97.90167 (Elev. 1092 ft) 22:57:24 up 6:51, 1 user, load average: 2.04, 0.73, 0.52 Description:Ubuntu 20.04.1 LTS, kernel 5.4.0-48-generic
Re: spamhaus.net. type=A class=IN) failed: a domain name contains a null label
On Wed, 2020-10-07 at 03:40 +, Riccardo Alfieri wrote: > Hi Chris, > > > > > > > > spamd[435769]: dns: new_dns_packet > > > > > > (domain=o279.send.iheartdogs.com..x > > > > > > x/db > > > > > > l.dq > > > > > > .spamhaus.net. type=A class=IN) failed: a domain name > > > > > > contains > > > > > > a null > > > > > > label > > > > > > Can you check how the DQS lookups are defined in the .cf files? > > The correct sytax would be, ie: > > urirhssub URIBL_DBL_SPAM .dbl.dq.spamhaus.net. A > 127.0.1.2 > > From what appears in the logs it may be that you have an extra dot > somewhere, possibly before the DQS key I checked my sh.cf in /etc/mail/spamassassin Riccardo and see no extra '.' anywhere. -- Chris 31.11972; -97.90167 (Elev. 1092 ft) 22:46:46 up 6:41, 1 user, load average: 0.22, 0.35, 0.49 Description:Ubuntu 20.04.1 LTS, kernel 5.4.0-48-generic
Re: spamhaus.net. type=A class=IN) failed: a domain name contains a null label
On Wed, 7 Oct 2020, Riccardo Alfieri wrote: Hi Chris, spamd[435769]: dns: new_dns_packet (domain=o279.send.iheartdogs.com..xx/db l.dq .spamhaus.net. type=A class=IN) failed: a domain name contains a null label Can you check how the DQS lookups are defined in the .cf files? The correct sytax would be, ie: urirhssub URIBL_DBL_SPAM .dbl.dq.spamhaus.net. A 127.0.1.2 From what appears in the logs it may be that you have an extra dot somewhere, possibly before the DQS key That's *very* plausible if the "x" stuff in what you've been providing is your obfuscated key. Please note when you do things like that - not all of us have experience with paid feeds, and wouldn't be able to detect the obfuscation... (like me, for instance. I got to the same place but it wasn't as direct for me as it was for Riccardo.) If that is indeed the cause, then it might be worthwhile to open a bug to strip leading dot(s) from urirhssub config lines to avoid this, or at least generate a lint warning if they are present. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.org pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Ignorance is no excuse for a law. --- Tomorrow: the 449th anniversary of the muslim Ottoman defeat at Lepanto
Re: spamhaus.net. type=A class=IN) failed: a domain name contains a null label
Hi Chris, spamd[435769]: dns: new_dns_packet (domain=o279.send.iheartdogs.com..xx/db l.dq .spamhaus.net. type=A class=IN) failed: a domain name contains a null label Can you check how the DQS lookups are defined in the .cf files? The correct sytax would be, ie: urirhssub URIBL_DBL_SPAM .dbl.dq.spamhaus.net. A 127.0.1.2 From what appears in the logs it may be that you have an extra dot somewhere, possibly before the DQS key -- Best regards, Riccardo Alfieri Spamhaus Technology https://www.spamhaustech.com/
Re: spamhaus.net. type=A class=IN) failed: a domain name contains a null label
On Tue, 2020-10-06 at 19:49 -0700, John Hardin wrote: > On Tue, 6 Oct 2020, Chris wrote: > > > On Tue, 2020-10-06 at 18:54 -0700, John Hardin wrote: > > > On Tue, 6 Oct 2020, Chris wrote: > > > > > > > The complete error looks like this: > > > > > > > > spamd[435769]: dns: new_dns_packet > > > > (domain=o279.send.iheartdogs.com..xx/db > > > > l.dq > > > > .spamhaus.net. type=A class=IN) failed: a domain name contains > > > > a null > > > > label > > John, I'm running 3.4.4 - Installed: 3.4.4-1ubuntu1 > > That should be an info-level message in 3.4.4 - where did you see it? > Is > your logging turned up? > > > here's the paste > > https://pastebin.com/9CXBM4nG > > I don't see any body on that... > Here's the message complete with body - https://pastebin.com/CW7Vj7Yh This written to my syslog - https://pastebin.com/M12PS1fK -- Chris KeyID 0xE372A7DA98E6705C 31.11972; -97.90167 (Elev. 1092 ft) 22:19:13 up 6:13, 1 user, load average: 1.70, 1.17, 0.61 Description:Ubuntu 20.04.1 LTS, kernel 5.4.0-48-generic signature.asc Description: This is a digitally signed message part
Re: spamhaus.net. type=A class=IN) failed: a domain name contains a null label
On Tue, 2020-10-06 at 19:49 -0700, John Hardin wrote: > On Tue, 6 Oct 2020, Chris wrote: > > > On Tue, 2020-10-06 at 18:54 -0700, John Hardin wrote: > > > On Tue, 6 Oct 2020, Chris wrote: > > > > > > > The complete error looks like this: > > > > > > > > spamd[435769]: dns: new_dns_packet > > > > (domain=o279.send.iheartdogs.com..xx/db > > > > l.dq > > > > .spamhaus.net. type=A class=IN) failed: a domain name contains > > > > a null > > > > label > > John, I'm running 3.4.4 - Installed: 3.4.4-1ubuntu1 > > That should be an info-level message in 3.4.4 - where did you see it? > Is > your logging turned up? > > > here's the paste > > https://pastebin.com/9CXBM4nG > > I don't see any body on that... > Here's the message complete with body - https://pastebin.com/CW7Vj7Yh This written to my syslog - https://pastebin.com/M12PS1fK -- Chris 31.11972; -97.90167 (Elev. 1092 ft) 22:25:28 up 6:19, 1 user, load average: 1.66, 1.31, 0.81 Description:Ubuntu 20.04.1 LTS, kernel 5.4.0-48-generic
Re: spamhaus.net. type=A class=IN) failed: a domain name contains a null label
On Tue, 6 Oct 2020, Chris wrote: On Tue, 2020-10-06 at 18:54 -0700, John Hardin wrote: On Tue, 6 Oct 2020, Chris wrote: The complete error looks like this: spamd[435769]: dns: new_dns_packet (domain=o279.send.iheartdogs.com..xx/dbl.dq .spamhaus.net. type=A class=IN) failed: a domain name contains a null label John, I'm running 3.4.4 - Installed: 3.4.4-1ubuntu1 That should be an info-level message in 3.4.4 - where did you see it? Is your logging turned up? here's the paste https://pastebin.com/9CXBM4nG I don't see any body on that... -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.org pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- The question of whether people should be allowed to harm themselves is simple. They *must*. -- Charles Murray --- Tomorrow: the 449th anniversary of the muslim Ottoman defeat at Lepanto
Re: spamhaus.net. type=A class=IN) failed: a domain name contains a null label
On Tue, 2020-10-06 at 18:54 -0700, John Hardin wrote: > On Tue, 6 Oct 2020, Chris wrote: > > > The complete error looks like this: > > > > spamd[435769]: dns: new_dns_packet > > (domain=o279.send.iheartdogs.com..xx/dbl.dq > > .spa > > mhaus.net. type=A class=IN) failed: a domain name contains a null > > label > > > > This doesn't seem to happen each and every incoming message and I > > guess > > it really doesn't hurt anything however I'm just curious as to what > > might be causing it. It appears to have been going on all year so > > far > > but as I said not with every incoming message just from certain > > domains > > it seems. > > > > Any ideas? > > It's the dot-dot in that request. > > (1) Do you happen to have a spample that does that? If so, could you > upload it to pastebin and post the URL for it here? > > (2) What version of SpamAssassin are you running? > > See: > https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7156 > https://bz.apache.org/SpamAssassin/show_bug.cgi?id=6896 > > That was converted from a warning to an info, so it looks like your > SA > version may be a bit stale. > > I don't think we ever pulled the trigger on normalizing ".." ⇒ "." > for > URIBL lookups as a URL with a malformed FQDN like that doesn't work > in a > browser. > John, I'm running 3.4.4 - Installed: 3.4.4-1ubuntu1 here's the paste https://pastebin.com/9CXBM4nG Chris -- Chris 31.11972; -97.90167 (Elev. 1092 ft) 21:11:44 up 5:06, 1 user, load average: 0.95, 0.74, 0.86 Description:Ubuntu 20.04.1 LTS, kernel 5.4.0-48-generic
Re: spamhaus.net. type=A class=IN) failed: a domain name contains a null label
On Tue, 6 Oct 2020, Chris wrote: The complete error looks like this: spamd[435769]: dns: new_dns_packet (domain=o279.send.iheartdogs.com..xx/dbl.dq.spa mhaus.net. type=A class=IN) failed: a domain name contains a null label This doesn't seem to happen each and every incoming message and I guess it really doesn't hurt anything however I'm just curious as to what might be causing it. It appears to have been going on all year so far but as I said not with every incoming message just from certain domains it seems. Any ideas? It's the dot-dot in that request. (1) Do you happen to have a spample that does that? If so, could you upload it to pastebin and post the URL for it here? (2) What version of SpamAssassin are you running? See: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7156 https://bz.apache.org/SpamAssassin/show_bug.cgi?id=6896 That was converted from a warning to an info, so it looks like your SA version may be a bit stale. I don't think we ever pulled the trigger on normalizing ".." ⇒ "." for URIBL lookups as a URL with a malformed FQDN like that doesn't work in a browser. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.org pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- I'm seriously considering getting one of those bright-orange prison overalls and stencilling PASSENGER on the back. Along with the paper slippers, I ought to be able to walk right through security. -- Brian Kantor in a.s.r --- Tomorrow: the 449th anniversary of the muslim Ottoman defeat at Lepanto
spamhaus.net. type=A class=IN) failed: a domain name contains a null label
The complete error looks like this: spamd[435769]: dns: new_dns_packet (domain=o279.send.iheartdogs.com..xx/dbl.dq.spa mhaus.net. type=A class=IN) failed: a domain name contains a null label This doesn't seem to happen each and every incoming message and I guess it really doesn't hurt anything however I'm just curious as to what might be causing it. It appears to have been going on all year so far but as I said not with every incoming message just from certain domains it seems. Any ideas? -- Chris 31.11972; -97.90167 (Elev. 1092 ft) 20:12:39 up 4:07, 1 user, load average: 1.47, 1.11, 0.88 Description:Ubuntu 20.04.1 LTS, kernel 5.4.0-48-generic
