Re: excluding specific RBL checks
On 1/9/2023 3:55 AM, Matus UHLAR - fantomas wrote: Until I can get around to updating I'm considering just nuking the actual tests from the ruleset. Much easier and reliable way: dns_query_restriction deny spamhaus.org Charles Sprickman skrev den 2023-01-09 08:04: Trying this on half the pair, I assume this hits all subdomains of spamhaus.org? Never ran into that parameter in my searches for this. On 09.01.23 09:26, Benny Pedersen wrote: never read perldoc Mail::SpamAssassin::Conf ? some people don't repeatedly read it thorough. Henrik forgot this is pr domain, so fully domain including subdomain seen in "rndc querylog" in bind logs ! spamassassin -D -t spamtestmsg 2>&1 | less dns_query_restriction deny dwl.dnswl.org list.dnswl.org dns_query_restriction deny multi.uribl.com imho score foo 0 is a bug no, it's documented feature - rules with score 0 are not run. However, joe a aka the OP should be more interested in finding out why are his DNS queries going through an open resolver and fixing the real issue. Right you are. It now appears resolved (cough, cough . . .). Spamhaus site provided this quick test: "dig 2.0.0.127.zen.spamhaus.org +short" which with variant "dig @my.local.dns.serv 2.0.0.127.zen.spamhaus.org +short", allowed me to pretty quickly sort it out. A lot of cobwebs needed to be cleared out, but, seems to be working as advertised. Thanks to all for their patience and suggestions. joe a.
Re: excluding specific RBL checks
Until I can get around to updating I'm considering just nuking the actual tests from the ruleset. Much easier and reliable way: dns_query_restriction deny spamhaus.org Charles Sprickman skrev den 2023-01-09 08:04: Trying this on half the pair, I assume this hits all subdomains of spamhaus.org? Never ran into that parameter in my searches for this. On 09.01.23 09:26, Benny Pedersen wrote: never read perldoc Mail::SpamAssassin::Conf ? some people don't repeatedly read it thorough. Henrik forgot this is pr domain, so fully domain including subdomain seen in "rndc querylog" in bind logs ! spamassassin -D -t spamtestmsg 2>&1 | less dns_query_restriction deny dwl.dnswl.org list.dnswl.org dns_query_restriction deny multi.uribl.com imho score foo 0 is a bug no, it's documented feature - rules with score 0 are not run. However, joe a aka the OP should be more interested in finding out why are his DNS queries going through an open resolver and fixing the real issue. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. WinError #98652: Operation completed successfully.
Re: excluding specific RBL checks
Charles Sprickman skrev den 2023-01-09 08:04: Until I can get around to updating I'm considering just nuking the actual tests from the ruleset. Much easier and reliable way: dns_query_restriction deny spamhaus.org Trying this on half the pair, I assume this hits all subdomains of spamhaus.org? Never ran into that parameter in my searches for this. never read perldoc Mail::SpamAssassin::Conf ? Henrik forgot this is pr domain, so fully domain including subdomain seen in "rndc querylog" in bind logs ! spamassassin -D -t spamtestmsg 2>&1 | less dns_query_restriction deny dwl.dnswl.org list.dnswl.org dns_query_restriction deny multi.uribl.com imho score foo 0 is a bug
Re: excluding specific RBL checks
> On Jan 8, 2023, at 10:35 PM, Henrik K wrote: > > On Sun, Jan 08, 2023 at 04:23:11PM -0500, Charles Sprickman wrote: >> What did you end up with? >> >> I have a bunch of zero rules for these yet still keep getting the >> "administrative notice" from sbl/zen. >> >> The fact that those guys don't just send out a "yes, this is on by default >> in spamassassin, here is copy pasta to turn us off" email bugs me. >> >> I've grown to this huge list and still get the warnings. >> >> # remove spamhaus tests, they want us to pay >> # need to include the first base rule or DNS still triggers but is ignored >> score __RCVD_IN_ZEN 0 >> score RCVD_IN_SBL 0 >> score RCVD_IN_XBL 0 >> score RCVD_IN_PBL 0 >> score URIBL_SBL 0 >> score URIBL_CSS 0 >> score URIBL_SBL_A 0 >> score URIBL_CSS_A 0 >> score URIBL_DBL_SPAM 0 >> score URIBL_DBL_PHISH 0 >> score URIBL_DBL_MALWARE 0 >> score URIBL_DBL_BOTNETCC 0 >> score URIBL_DBL_ABUSE_SPAM 0 >> score URIBL_DBL_ABUSE_REDIR 0 >> score URIBL_DBL_ABUSE_PHISH 0 >> score URIBL_DBL_ABUSE_MALW 0 >> score URIBL_DBL_ABUSE_BOTCC 0 >> >> Until I can get around to updating I'm considering just nuking the actual >> tests from the ruleset. > > Much easier and reliable way: > > dns_query_restriction deny spamhaus.org Trying this on half the pair, I assume this hits all subdomains of spamhaus.org? Never ran into that parameter in my searches for this. Thanks! Charles
Re: excluding specific RBL checks
> On Jan 8, 2023, at 10:44 PM, joe a wrote: > > On 1/8/2023 4:23 PM, Charles Sprickman wrote: >> What did you end up with? > > score RCVD_IN_ZEN_BLOCKED_OPENDNS 0 > > I am not certain if that stops the test or simply reporting of the message. > Looks like I will need to do some packet capture after all. > >> I have a bunch of zero rules for these yet still keep getting the >> "administrative notice" from sbl/zen. >> The fact that those guys don't just send out a "yes, this is on by default >> in spamassassin, here is copy pasta to turn us off" email bugs me. >> I've grown to this huge list and still get the warnings. >> # remove spamhaus tests, they want us to pay >> # need to include the first base rule or DNS still triggers but is ignored >> score __RCVD_IN_ZEN 0 > > Is that a typo? There should be no underscore before RCVD, correct? That's copypasta from the wiki page spamhaus references. No explanation on the page why the underscores... C > >> score RCVD_IN_SBL 0 >> score RCVD_IN_XBL 0 >> score RCVD_IN_PBL 0 >> score URIBL_SBL 0 >> score URIBL_CSS 0 >> score URIBL_SBL_A 0 >> score URIBL_CSS_A 0 >> score URIBL_DBL_SPAM 0 >> score URIBL_DBL_PHISH 0 >> score URIBL_DBL_MALWARE 0 >> score URIBL_DBL_BOTNETCC 0 >> score URIBL_DBL_ABUSE_SPAM 0 >> score URIBL_DBL_ABUSE_REDIR 0 >> score URIBL_DBL_ABUSE_PHISH 0 >> score URIBL_DBL_ABUSE_MALW 0 >> score URIBL_DBL_ABUSE_BOTCC 0 >> Until I can get around to updating I'm considering just nuking the actual >> tests from the ruleset. >> Charles signature.asc Description: Message signed with OpenPGP
Re: excluding specific RBL checks
On 1/8/2023 10:35 PM, Henrik K wrote: On Sun, Jan 08, 2023 at 04:23:11PM -0500, Charles Sprickman wrote: . . . # remove spamhaus tests,. . . score RCVD_IN_SBL 0 score RCVD_IN_XBL 0 score RCVD_IN_PBL 0 score URIBL_SBL 0 score URIBL_CSS 0 score URIBL_SBL_A 0. . . Much easier and reliable way: dns_query_restriction deny spamhaus.org Ah Hah! Seems to work for me. See? I CAN be taught! joe a.
Re: excluding specific RBL checks
On 1/8/2023 4:38 PM, Benny Pedersen wrote: joe a skrev den 2023-01-08 21:50: SA version 3.4.5 Gears are clashing, clutch is slipping, among other things. Trying to exclude certain checks, via spamhouse services "by the book" what book ? The good one? Several places. Most looked like cut and paste from each other. Trying to find the exact place now and cannot. Saw it most recently on another list, where others happened to be having similar dns issues. When placing these values in local.cf: RCVD_IN_ZEN 0 RCVD_IN_XBL 0 RCVD_IN_PBL 0 "spamassassin --lint" complains. Yet SA starts without complaint and seems to not run those tests. you miss score in 3 lines ? Yep. Placing "score" at the beginning of the line makes lint happy and SA seems to start fine and also does not run those tests. so lint passed ? Yes, with score. So, one assumes it is a typo in the docs, or, one is expected to infer the "score" word. what docs ? anythin on web is fake news, only valid docs is perldoc Mail::SpamAssassin::Conf I only know of https://spamassassin.apache.org/full/3.4.x/doc/ which I though I was referencing. Seems likely I just allowed myself to be misled, "chaff". and all related plugins Yet I still see this while "skip_rbl_checks 1" (in both above scenarios): clear your config :) "RCVD_IN_ZEN_BLOCKED_OPENDNS RBL: ADMINISTRATOR NOTICE:" Which suggests that one runs despite the directive or, I am using the wrong one. make /etc/resolv.conf only have nameserver 127.0.0.1 and you ether have bind, unbound, pdns-recursor as of your own choise Certainly worth a try and much simpler that what I was trying. still problems ?, lets hear them
Re: excluding specific RBL checks
On 1/8/2023 4:23 PM, Charles Sprickman wrote: What did you end up with? score RCVD_IN_ZEN_BLOCKED_OPENDNS 0 I am not certain if that stops the test or simply reporting of the message. Looks like I will need to do some packet capture after all. I have a bunch of zero rules for these yet still keep getting the "administrative notice" from sbl/zen. The fact that those guys don't just send out a "yes, this is on by default in spamassassin, here is copy pasta to turn us off" email bugs me. I've grown to this huge list and still get the warnings. # remove spamhaus tests, they want us to pay # need to include the first base rule or DNS still triggers but is ignored score __RCVD_IN_ZEN 0 Is that a typo? There should be no underscore before RCVD, correct? score RCVD_IN_SBL 0 score RCVD_IN_XBL 0 score RCVD_IN_PBL 0 score URIBL_SBL 0 score URIBL_CSS 0 score URIBL_SBL_A 0 score URIBL_CSS_A 0 score URIBL_DBL_SPAM 0 score URIBL_DBL_PHISH 0 score URIBL_DBL_MALWARE 0 score URIBL_DBL_BOTNETCC 0 score URIBL_DBL_ABUSE_SPAM 0 score URIBL_DBL_ABUSE_REDIR 0 score URIBL_DBL_ABUSE_PHISH 0 score URIBL_DBL_ABUSE_MALW 0 score URIBL_DBL_ABUSE_BOTCC 0 Until I can get around to updating I'm considering just nuking the actual tests from the ruleset. Charles
Re: excluding specific RBL checks
On 1/8/2023 4:00 PM, joe a wrote: On 1/8/2023 3:50 PM, joe a wrote: SA version 3.4.5 Gears are clashing, clutch is slipping, among other things. Trying to exclude certain checks, via spamhouse services "by the book" When placing these values in local.cf: RCVD_IN_ZEN 0 RCVD_IN_XBL 0 RCVD_IN_PBL 0 "spamassassin --lint" complains. Yet SA starts without complaint and seems to not run those tests. Placing "score" at the beginning of the line makes lint happy and SA seems to start fine and also does not run those tests. So, one assumes it is a typo in the docs, or, one is expected to infer the "score" word. Yet I still see this while "skip_rbl_checks 1" (in both above scenarios): "RCVD_IN_ZEN_BLOCKED_OPENDNS RBL: ADMINISTRATOR NOTICE:" Which suggests that one runs despite the directive or, I am using the wrong one. And the answer to the latter is "I had the wrong directive". Which is obvious. Now. Correcting myself, yet again, "score" needs to be specified, it seems, otherwise this is seen in /var/log/mail: 2023-01-08T15:00:42.854109-05:00 auxilary spamd[14937]: config: failed to parse line, skipping, in "/etc/mail/spamassassin/local.cf": RCVD_IN_ZEN 0 2023-01-08T15:00:42.854573-05:00 auxilary spamd[14937]: config: failed to parse line, skipping, in "/etc/mail/spamassassin/local.cf": RCVD_IN_XBL 0 2023-01-08T15:00:42.854908-05:00 auxilary spamd[14937]: config: failed to parse line, skipping, in "/etc/mail/spamassassin/local.cf": RCVD_IN_PBL 0 Contrary to some, there is value in following logs when making changes. who'd have thought that.
Re: excluding specific RBL checks
On Sun, Jan 08, 2023 at 04:23:11PM -0500, Charles Sprickman wrote: > What did you end up with? > > I have a bunch of zero rules for these yet still keep getting the > "administrative notice" from sbl/zen. > > The fact that those guys don't just send out a "yes, this is on by default in > spamassassin, here is copy pasta to turn us off" email bugs me. > > I've grown to this huge list and still get the warnings. > > # remove spamhaus tests, they want us to pay > # need to include the first base rule or DNS still triggers but is ignored > score __RCVD_IN_ZEN 0 > score RCVD_IN_SBL 0 > score RCVD_IN_XBL 0 > score RCVD_IN_PBL 0 > score URIBL_SBL 0 > score URIBL_CSS 0 > score URIBL_SBL_A 0 > score URIBL_CSS_A 0 > score URIBL_DBL_SPAM 0 > score URIBL_DBL_PHISH 0 > score URIBL_DBL_MALWARE 0 > score URIBL_DBL_BOTNETCC 0 > score URIBL_DBL_ABUSE_SPAM 0 > score URIBL_DBL_ABUSE_REDIR 0 > score URIBL_DBL_ABUSE_PHISH 0 > score URIBL_DBL_ABUSE_MALW 0 > score URIBL_DBL_ABUSE_BOTCC 0 > > Until I can get around to updating I'm considering just nuking the actual > tests from the ruleset. Much easier and reliable way: dns_query_restriction deny spamhaus.org
Re: excluding specific RBL checks
Charles Sprickman skrev den 2023-01-08 22:23: What did you end up with? I have a bunch of zero rules for these yet still keep getting the "administrative notice" from sbl/zen. The fact that those guys don't just send out a "yes, this is on by default in spamassassin, here is copy pasta to turn us off" email bugs me. I've grown to this huge list and still get the warnings. # remove spamhaus tests, they want us to pay # need to include the first base rule or DNS still triggers but is ignored score __RCVD_IN_ZEN 0 score RCVD_IN_SBL 0 score RCVD_IN_XBL 0 score RCVD_IN_PBL 0 score URIBL_SBL 0 score URIBL_CSS 0 score URIBL_SBL_A 0 score URIBL_CSS_A 0 score URIBL_DBL_SPAM 0 score URIBL_DBL_PHISH 0 score URIBL_DBL_MALWARE 0 score URIBL_DBL_BOTNETCC 0 score URIBL_DBL_ABUSE_SPAM 0 score URIBL_DBL_ABUSE_REDIR 0 score URIBL_DBL_ABUSE_PHISH 0 score URIBL_DBL_ABUSE_MALW 0 score URIBL_DBL_ABUSE_BOTCC 0 oh, i bet spamhaus is still queryed sadly :( but with score 0 its not known or have any effect if yuo have bind installed then do "rndc querylog" this is a togle so one more call shift state of querylog, do "rndc status" to see current state veryfy now its does not query undesired rbls if you can verify this i can help solve the remaining problem
Re: excluding specific RBL checks
joe a skrev den 2023-01-08 21:50: SA version 3.4.5 Gears are clashing, clutch is slipping, among other things. Trying to exclude certain checks, via spamhouse services "by the book" what book ? When placing these values in local.cf: RCVD_IN_ZEN 0 RCVD_IN_XBL 0 RCVD_IN_PBL 0 "spamassassin --lint" complains. Yet SA starts without complaint and seems to not run those tests. you miss score in 3 lines ? Placing "score" at the beginning of the line makes lint happy and SA seems to start fine and also does not run those tests. so lint passed ? So, one assumes it is a typo in the docs, or, one is expected to infer the "score" word. what docs ? anythin on web is fake news, only valid docs is perldoc Mail::SpamAssassin::Conf and all related plugins Yet I still see this while "skip_rbl_checks 1" (in both above scenarios): clear your config :) "RCVD_IN_ZEN_BLOCKED_OPENDNS RBL: ADMINISTRATOR NOTICE:" Which suggests that one runs despite the directive or, I am using the wrong one. make /etc/resolv.conf only have nameserver 127.0.0.1 and you ether have bind, unbound, pdns-recursor as of your own choise still problems ?, lets hear them
Re: excluding specific RBL checks
What did you end up with? I have a bunch of zero rules for these yet still keep getting the "administrative notice" from sbl/zen. The fact that those guys don't just send out a "yes, this is on by default in spamassassin, here is copy pasta to turn us off" email bugs me. I've grown to this huge list and still get the warnings. # remove spamhaus tests, they want us to pay # need to include the first base rule or DNS still triggers but is ignored score __RCVD_IN_ZEN 0 score RCVD_IN_SBL 0 score RCVD_IN_XBL 0 score RCVD_IN_PBL 0 score URIBL_SBL 0 score URIBL_CSS 0 score URIBL_SBL_A 0 score URIBL_CSS_A 0 score URIBL_DBL_SPAM 0 score URIBL_DBL_PHISH 0 score URIBL_DBL_MALWARE 0 score URIBL_DBL_BOTNETCC 0 score URIBL_DBL_ABUSE_SPAM 0 score URIBL_DBL_ABUSE_REDIR 0 score URIBL_DBL_ABUSE_PHISH 0 score URIBL_DBL_ABUSE_MALW 0 score URIBL_DBL_ABUSE_BOTCC 0 Until I can get around to updating I'm considering just nuking the actual tests from the ruleset. Charles > On Jan 8, 2023, at 4:00 PM, joe a wrote: > > On 1/8/2023 3:50 PM, joe a wrote: >> SA version 3.4.5 >> Gears are clashing, clutch is slipping, among other things. >> Trying to exclude certain checks, via spamhouse services "by the book" >> When placing these values in local.cf: >> RCVD_IN_ZEN 0 >> RCVD_IN_XBL 0 >> RCVD_IN_PBL 0 >> "spamassassin --lint" complains. Yet SA starts without complaint and seems >> to not run those tests. >> Placing "score" at the beginning of the line makes lint happy and SA seems >> to start fine and also does not run those tests. >> So, one assumes it is a typo in the docs, or, one is expected to infer the >> "score" word. >> Yet I still see this while "skip_rbl_checks 1" (in both above scenarios): >> "RCVD_IN_ZEN_BLOCKED_OPENDNS RBL: ADMINISTRATOR NOTICE:" >> Which suggests that one runs despite the directive or, I am using the wrong >> one. > > And the answer to the latter is "I had the wrong directive". Which is > obvious. Now. >
Re: excluding specific RBL checks
On 1/8/2023 3:50 PM, joe a wrote: SA version 3.4.5 Gears are clashing, clutch is slipping, among other things. Trying to exclude certain checks, via spamhouse services "by the book" When placing these values in local.cf: RCVD_IN_ZEN 0 RCVD_IN_XBL 0 RCVD_IN_PBL 0 "spamassassin --lint" complains. Yet SA starts without complaint and seems to not run those tests. Placing "score" at the beginning of the line makes lint happy and SA seems to start fine and also does not run those tests. So, one assumes it is a typo in the docs, or, one is expected to infer the "score" word. Yet I still see this while "skip_rbl_checks 1" (in both above scenarios): "RCVD_IN_ZEN_BLOCKED_OPENDNS RBL: ADMINISTRATOR NOTICE:" Which suggests that one runs despite the directive or, I am using the wrong one. And the answer to the latter is "I had the wrong directive". Which is obvious. Now.