Re: [SPAM-TAG] Further URIDNSBL problems..
Jeff Chan wrote: On Wednesday, December 8, 2004, 8:22:24 AM, Matthew Romanek wrote: FYI (and for future list-searchers), the problem with URIDNSBL appearing to work but not actually scoring was because the host's resolv.conf included 127.0.0.1, which apparently something doesn't like. One possibility is that some code has 127.0.0.1 as a bad address. In particular this is one reason why RBLs usually don't list 127.0.0.1 as a result code, which could clearly break things where the loopback address appears in message headers, for example. Just a WAG for someone to check in future. Glad to hear you got things working! Jeff C. use 0.0.0.0 instead of 127.0.0.1, or better, an IP of one of the physical interfaces. there seems to be a bug with sock_dgram code.
Re: [SPAM-TAG] Further URIDNSBL problems..
At 11:22 AM 12/8/2004, Matthew Romanek wrote: FYI (and for future list-searchers), the problem with URIDNSBL appearing to work but not actually scoring was because the host's resolv.conf included 127.0.0.1, which apparently something doesn't like. Really? I do this all the time.. However, you better make sure that the machine is running a working DNS server when you do this. If it's not, then putting 127.0.0.1 in resolv.conf WILL break SA. Unlike a lot of other apps, SA's methods of calling DNS don't seem to always query all the DNS servers listed in resolv.conf, so make sure the first one is a valid entry.
Re: [SPAM-TAG] Further URIDNSBL problems..
On Tuesday, February 8, 2005, 4:52:53 PM, mouss mouss wrote: Jeff Chan wrote: On Wednesday, December 8, 2004, 8:22:24 AM, Matthew Romanek wrote: FYI (and for future list-searchers), the problem with URIDNSBL appearing to work but not actually scoring was because the host's resolv.conf included 127.0.0.1, which apparently something doesn't like. use 0.0.0.0 instead of 127.0.0.1, or better, an IP of one of the physical interfaces. there seems to be a bug with sock_dgram code. Matthew Was the OS Fedora Core 1 for this bug? Mouss, If there's a bug would you please submit it to them? Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
Re: [SPAM-TAG] Further URIDNSBL problems..
On Tue, 8 Feb 2005 17:34:44 -0800, Jeff Chan [EMAIL PROTECTED] wrote: On Tuesday, February 8, 2005, 4:52:53 PM, mouss mouss wrote: Jeff Chan wrote: On Wednesday, December 8, 2004, 8:22:24 AM, Matthew Romanek wrote: FYI (and for future list-searchers), the problem with URIDNSBL appearing to work but not actually scoring was because the host's resolv.conf included 127.0.0.1, which apparently something doesn't like. use 0.0.0.0 instead of 127.0.0.1, or better, an IP of one of the physical interfaces. there seems to be a bug with sock_dgram code. Matthew Was the OS Fedora Core 1 for this bug? Mouss, If there's a bug would you please submit it to them? Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/ Indeed it was. However, the fix was fairly straight forward. There was an entry for 127.0.0.1 in the /etc/resolv.conf. When that was changed to the interface IP, everything started working again. It's been repro'd. Something just doesn't like using the loopback interface for DNS lookups.
Re: [SPAM-TAG] Further URIDNSBL problems..
On Tuesday, February 8, 2005, 10:27:21 PM, Matthew Romanek wrote: On Tue, 8 Feb 2005 17:34:44 -0800, Jeff Chan [EMAIL PROTECTED] wrote: On Tuesday, February 8, 2005, 4:52:53 PM, mouss mouss wrote: Jeff Chan wrote: On Wednesday, December 8, 2004, 8:22:24 AM, Matthew Romanek wrote: FYI (and for future list-searchers), the problem with URIDNSBL appearing to work but not actually scoring was because the host's resolv.conf included 127.0.0.1, which apparently something doesn't like. use 0.0.0.0 instead of 127.0.0.1, or better, an IP of one of the physical interfaces. there seems to be a bug with sock_dgram code. Matthew Was the OS Fedora Core 1 for this bug? Mouss, If there's a bug would you please submit it to them? Indeed it was. However, the fix was fairly straight forward. There was an entry for 127.0.0.1 in the /etc/resolv.conf. When that was changed to the interface IP, everything started working again. It's been repro'd. Something just doesn't like using the loopback interface for DNS lookups. Thanks for the feedback Matthew. Mouss would you care to report the bug to Fedora, if you haven't already? (It sounds like it was somewhat known already?) Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
Re: [SPAM-TAG] Further URIDNSBL problems..
On Wednesday, December 8, 2004, 8:22:24 AM, Matthew Romanek wrote: FYI (and for future list-searchers), the problem with URIDNSBL appearing to work but not actually scoring was because the host's resolv.conf included 127.0.0.1, which apparently something doesn't like. One possibility is that some code has 127.0.0.1 as a bad address. In particular this is one reason why RBLs usually don't list 127.0.0.1 as a result code, which could clearly break things where the loopback address appears in message headers, for example. Just a WAG for someone to check in future. Glad to hear you got things working! Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
Re: [SPAM-TAG] Further URIDNSBL problems..
t/dnsbl.Bareword found in conditional at t/dnsbl.t line 15. Not found: P_2 = dns:134.88.73.210.dnsbltest.spamassassin.org [127.0.0.4] # Failed test 1 in t/SATest.pm at line 530 Not found: P_7 = dns:134.88.73.210.sb.dnsbltest.spamassassin.org?type=TXT # Failed test 2 in t/SATest.pm at line 530 fail #2 Not found: P_4 = dns:14.35.17.212.dnsbltest.spamassassin.org [127.0.0.1, 127.0.0.1] # Failed test 3 in t/SATest.pm at line 530 fail #3 Not found: P_3 = dns:18.13.119.61.dnsbltest.spamassassin.org [127.0.0.12] # Failed test 4 in t/SATest.pm at line 530 fail #4 Not found: P_5 = dns:226.149.120.193.dnsbltest.spamassassin.org [127.0.0.1] # Failed test 5 in t/SATest.pm at line 530 fail #5 Not found: P_1 = dns:98.3.137.144.dnsbltest.spamassassin.org [127.0.0.2] # Failed test 6 in t/SATest.pm at line 530 fail #6 Not found: P_6 = dns:example.com.dnsbltest.spamassassin.org [127.0.0.2] # Failed test 7 in t/SATest.pm at line 530 fail #7 Not found: P_15 = DNSBL_RHS # Failed test 8 in t/SATest.pm at line 530 fail #8 Not found: P_17 = DNSBL_SB_FLOAT # Failed test 9 in t/SATest.pm at line 530 fail #9 Not found: P_18 = DNSBL_SB_STR # Failed test 10 in t/SATest.pm at line 530 fail #10 Not found: P_16 = DNSBL_SB_TIME # Failed test 11 in t/SATest.pm at line 530 fail #11 Not found: P_10 = DNSBL_TEST_DYNAMIC # Failed test 12 in t/SATest.pm at line 530 fail #12 Not found: P_12 = DNSBL_TEST_RELAY # Failed test 13 in t/SATest.pm at line 530 fail #13 Not found: P_11 = DNSBL_TEST_SPAM # Failed test 14 in t/SATest.pm at line 530 fail #14 Not found: P_8 = DNSBL_TEST_TOP # Failed test 15 in t/SATest.pm at line 530 fail #15 Not found: P_9 = DNSBL_TEST_WHITELIST # Failed test 16 in t/SATest.pm at line 530 fail #16 Not found: P_14 = DNSBL_TXT_RE # Failed test 17 in t/SATest.pm at line 530 fail #17 Not found: P_13 = DNSBL_TXT_TOP # Failed test 18 in t/SATest.pm at line 530 fail #18 t/dnsbl.FAILED tests 1-18 Failed 18/22 tests, 18.18% okay I did some looking, and came up with a previous thread about this at: http://archive.netbsd.se/?ml=spamassassin-usersa=2004-08t=282748 The resolution here was to update Net::DNS. Obviously, I've done that, as well as making sure Digest::SHA1 was in, and still I get these errors. On the perl side, is there anything I need to do to make sure they're working? CPAN says the latest versions are installed (I made doubly sure by manualling installing Net::DNS by hand), but it's just not working. Any pointers for where to look for more specific error messages would be appreciated, as well. I don't know why theses are failing, they just are. To recap, DNSBL worked when I ran 2.6. After I up'd to 3.0.1, they stopped working. SA -D reported timeouts at 15 seconds. I upped it to 30 seconds, and now it says 'complete' at 17 seconds, but still does not mark up messages that it should. Thanks! -- Matthew 'Shandower' Romanek IDS Analyst
Re: [SPAM-TAG] Further URIDNSBL problems..
FYI (and for future list-searchers), the problem with URIDNSBL appearing to work but not actually scoring was because the host's resolv.conf included 127.0.0.1, which apparently something doesn't like. Peter Matulis just sent an unrelated email to the list mentioning this, and after checking it out and pointing hosts at each other instead of themselves, everything works fine. Ta-Da! Instantly my false-negative rate dropped. -- Matthew 'Shandower' Romanek IDS Analyst
RE: [SPAM-TAG] Further URIDNSBL problems..
FYI (and for future list-searchers), the problem with URIDNSBL appearing to work but not actually scoring was because the host's resolv.conf included 127.0.0.1, which apparently something doesn't like. I find it pretty hard to believe it couldn't resolve off itself. Have you checked your firewall rules, and your named.conf to see if you've allowed-query 127.0.0.1 in your options statement? Have you tried resolving anything locally, while ssh'ed into the box? What about using another IP address bound to a NIC on the machine, that named is configured to answer on? Thanks, .jon __ The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential, proprietary, and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers.
Re: [SPAM-TAG] Further URIDNSBL problems..
I find it pretty hard to believe it couldn't resolve off itself. Have you checked your firewall rules, and your named.conf to see if you've allowed-query 127.0.0.1 in your options statement? Have you tried resolving anything locally, while ssh'ed into the box? What about using another IP address bound to a NIC on the machine, that named is configured to answer on? There was never a problem resolving anything with DNS. This was an issue getting URIDNSBL in SA 3.0.1 to score correctly. See previous thread. :) -- Matthew 'Shandower' Romanek IDS Analyst
Re: [SPAM-TAG] Further URIDNSBL problems..
17 seconds is way too long for name resolution. Does it take
that long from the command line (for an uncached query)?
No, it's pretty snappy all around. But with a 15 second timeout,
spamassassin -D showed all timeouts for the DNSBL. The URIBL's
appeared to have successful queries even at that point, but I can't
get them to actually score against anything. I'm not sure what the
difference between them (at the lookup level) is.
# time dig test.surbl.org.sc.surbl.org a | less
; DiG 9.2.2-P3 test.surbl.org.sc.surbl.org a
;; global options: printcmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 29925
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 14, ADDITIONAL: 0
;; QUESTION SECTION:
;test.surbl.org.sc.surbl.org. IN A
;; ANSWER SECTION:
test.surbl.org.sc.surbl.org. 2023 INA 127.0.0.2
;; AUTHORITY SECTION:
sc.surbl.org. 823 IN NS n.surbl.org.
sc.surbl.org. 823 IN NS a.surbl.org.
sc.surbl.org. 823 IN NS b.surbl.org.
sc.surbl.org. 823 IN NS c.surbl.org.
sc.surbl.org. 823 IN NS d.surbl.org.
sc.surbl.org. 823 IN NS e.surbl.org.
sc.surbl.org. 823 IN NS f.surbl.org.
sc.surbl.org. 823 IN NS g.surbl.org.
sc.surbl.org. 823 IN NS h.surbl.org.
sc.surbl.org. 823 IN NS i.surbl.org.
sc.surbl.org. 823 IN NS j.surbl.org.
sc.surbl.org. 823 IN NS k.surbl.org.
sc.surbl.org. 823 IN NS l.surbl.org.
sc.surbl.org. 823 IN NS m.surbl.org.
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Dec 7 06:09:17 2004
;; MSG SIZE rcvd: 285
real0m1.030s
user0m0.010s
sys 0m0.010s
Are you sure you're using 3.0.1 configs?
Pretty sure:
# spamassassin -V
SpamAssassin version 3.0.1
running on Perl version 5.8.1
# vi /usr/share/spamassassin/25_uribl.cf
...
uridnsblURIBL_SBL sbl.spamhaus.org. TXT
bodyURIBL_SBL eval:check_uridnsbl('URIBL_SBL')
describeURIBL_SBL Contains an URL listed in the SBL blocklist
tflags URIBL_SBL net
urirhssub URIBL_SC_SURBL multi.surbl.org.A 2
bodyURIBL_SC_SURBL eval:check_uridnsbl('URIBL_SC_SURBL')
describeURIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist
tflags URIBL_SC_SURBL net
...
IIRC one of the recent FreeBSD installations had the 3.0.1
config file going to the wrong directory for some reason.
It should be in the recent list archives.
This is on Fedora Core 1, updated via CPAN if I remember right.
I appreciate the help, too. Let me know if there's any other
information I can get for you. Thanks!
--
Matthew 'Shandower' Romanek
IDS Analyst
Re: [SPAM-TAG] Further URIDNSBL problems..
On Tuesday, December 7, 2004, 6:31:41 AM, Matthew Romanek wrote:
Are you sure you're using 3.0.1 configs?
Pretty sure:
# spamassassin -V
SpamAssassin version 3.0.1
running on Perl version 5.8.1
# vi /usr/share/spamassassin/25_uribl.cf
Is this the right directory, anyone?
uridnsblURIBL_SBL sbl.spamhaus.org. TXT
bodyURIBL_SBL eval:check_uridnsbl('URIBL_SBL')
describeURIBL_SBL Contains an URL listed in the SBL blocklist
tflags URIBL_SBL net
urirhssub URIBL_SC_SURBL multi.surbl.org.A 2
bodyURIBL_SC_SURBL eval:check_uridnsbl('URIBL_SC_SURBL')
describeURIBL_SC_SURBL Contains an URL listed in the SC SURBL
blocklist
tflags URIBL_SC_SURBL net
...
Do you have non-zero scores set?
That's about the limit of my debugging knowledge for SA,
so hopefully someone else can help out.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
Re: [SPAM-TAG] Further URIDNSBL problems..
# vi /usr/share/spamassassin/25_uribl.cf Is this the right directory, anyone? All the other rules in there are working, including Bayes and pattern matching. Since SURBL is showing up in the debug, it's obviously getting the cue from somewhere.. Do you have non-zero scores set? Indeed. That was my first thought, so I made a local config change to use the one-score variety, just in case something wierd was going on. No change. In a fit of aggrivation, I downloaded a fresh copy of the SA tar file, unpacked it, and started to install it. I happened to think to run make test, though, and found THIS: t/dnsbl.Bareword found in conditional at t/dnsbl.t line 15. Not found: P_2 = dns:134.88.73.210.dnsbltest.spamassassin.org [127.0.0.4] # Failed test 1 in t/SATest.pm at line 530 Not found: P_7 = dns:134.88.73.210.sb.dnsbltest.spamassassin.org?type=TXT # Failed test 2 in t/SATest.pm at line 530 fail #2 Not found: P_4 = dns:14.35.17.212.dnsbltest.spamassassin.org [127.0.0.1, 127.0.0.1] # Failed test 3 in t/SATest.pm at line 530 fail #3 Not found: P_3 = dns:18.13.119.61.dnsbltest.spamassassin.org [127.0.0.12] # Failed test 4 in t/SATest.pm at line 530 fail #4 Not found: P_5 = dns:226.149.120.193.dnsbltest.spamassassin.org [127.0.0.1] # Failed test 5 in t/SATest.pm at line 530 fail #5 Not found: P_1 = dns:98.3.137.144.dnsbltest.spamassassin.org [127.0.0.2] # Failed test 6 in t/SATest.pm at line 530 fail #6 Not found: P_6 = dns:example.com.dnsbltest.spamassassin.org [127.0.0.2] # Failed test 7 in t/SATest.pm at line 530 fail #7 Not found: P_15 = DNSBL_RHS # Failed test 8 in t/SATest.pm at line 530 fail #8 Not found: P_17 = DNSBL_SB_FLOAT # Failed test 9 in t/SATest.pm at line 530 fail #9 Not found: P_18 = DNSBL_SB_STR # Failed test 10 in t/SATest.pm at line 530 fail #10 Not found: P_16 = DNSBL_SB_TIME # Failed test 11 in t/SATest.pm at line 530 fail #11 Not found: P_10 = DNSBL_TEST_DYNAMIC # Failed test 12 in t/SATest.pm at line 530 fail #12 Not found: P_12 = DNSBL_TEST_RELAY # Failed test 13 in t/SATest.pm at line 530 fail #13 Not found: P_11 = DNSBL_TEST_SPAM # Failed test 14 in t/SATest.pm at line 530 fail #14 Not found: P_8 = DNSBL_TEST_TOP # Failed test 15 in t/SATest.pm at line 530 fail #15 Not found: P_9 = DNSBL_TEST_WHITELIST # Failed test 16 in t/SATest.pm at line 530 fail #16 Not found: P_14 = DNSBL_TXT_RE # Failed test 17 in t/SATest.pm at line 530 fail #17 Not found: P_13 = DNSBL_TXT_TOP # Failed test 18 in t/SATest.pm at line 530 fail #18 t/dnsbl.FAILED tests 1-18 Failed 18/22 tests, 18.18% okay Either it's an amazing coincidence, or this has something to do with the reason the DNSBL's aren't working for me. So my next question, knowing next to nothing about perl, is what is this actually showing me? This is a fresh package I got, with no changes what-so-ever. On a whim, I did the same thing with Net::DNS, since there was some question as to what version was involved. It went in fine, but made no difference to these tests. Note that only 18 of the tests failed. P_1, 3, 4, 5 and 6 seemed to work? -- Matthew 'Shandower' Romanek IDS Analyst
Re: [SPAM-TAG] Further URIDNSBL problems..
Note that only 18 of the tests failed. P_1, 3, 4, 5 and 6 seemed to work? Scratch that last comment. They very clearly aren't working, just from that snippit. That's me getting desperate-yet-hopeful. :) -- Matthew 'Shandower' Romanek IDS Analyst
