Re: production MTA not doing URIBL lookups, why?
What does a debug output show ? On both .. Pastebin -- Jeremy McSpadden Flux Labs | http://www.fluxlabs.nethttp://www.fluxlabs.net/ | Endless Solutions Office : 850-250-5590x501tel:850-250-5590;501 | Cell : 850-890-2543tel:850-890-2543 | Fax : 850-254-2955tel:850-254-2955 On Jul 11, 2014, at 4:34 PM, Quanah Gibson-Mount qua...@zimbra.commailto:qua...@zimbra.com wrote: For some reason, my production MTA is not doing URIBL lookups for spam scoring, for no obvious reason. If I run a message through via the command line, I see the same behavior. If I run it through a test server, I see URIBL scores hit like mad. I do not appear to be blocked on my production MTA: [zimbra@edge01 ~]$ host -tTXT 2.0.0.127.multi.uribl.comhttp://multi.uribl.com 2.0.0.127.multi.uribl.comhttp://multi.uribl.com descriptive text permanent testpoint Message scoring for an obvious spam on prod gets: No, score=-0.8 required=5.0 tests=HTML_FONT_LOW_CONTRAST, HTML_IMAGE_RATIO_06,HTML_MESSAGE,RP_MATCHES_RCVD,T_DKIM_INVALID, UNPARSEABLE_RELAY autolearn=unavailable autolearn_force=no version=3.4.0 On my test server, I get: Yes, score=8.2 required=5.0 tests=DKIM_SIGNED, HTML_FONT_LOW_CONTRAST,HTML_IMAGE_RATIO_06,HTML_MESSAGE, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,RCVD_IN_SBL, RP_MATCHES_RCVD,SPF_HELO_PASS,T_DKIM_INVALID,UNPARSEABLE_RELAY,URIBL_BLACK, URIBL_DBL_SPAM,URIBL_SBL,URIBL_SBL_A autolearn=no autolearn_force=no version=3.4.0 Obviously, I'd like my production server to be catching spam. ;) --Quanah -- Quanah Gibson-Mount Server Architect Zimbra, Inc. Zimbra :: the leader in open source messaging and collaboration
Re: production MTA not doing URIBL lookups, why?
On Fri, 11 Jul 2014, Quanah Gibson-Mount wrote: Message scoring for an obvious spam on prod gets: No, score=-0.8 required=5.0 tests=HTML_FONT_LOW_CONTRAST, HTML_IMAGE_RATIO_06,HTML_MESSAGE,RP_MATCHES_RCVD,T_DKIM_INVALID, UNPARSEABLE_RELAY autolearn=unavailable autolearn_force=no version=3.4.0 On my test server, I get: Yes, score=8.2 required=5.0 tests=DKIM_SIGNED, HTML_FONT_LOW_CONTRAST,HTML_IMAGE_RATIO_06,HTML_MESSAGE, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,RCVD_IN_SBL, RP_MATCHES_RCVD,SPF_HELO_PASS,T_DKIM_INVALID,UNPARSEABLE_RELAY,URIBL_BLACK, URIBL_DBL_SPAM,URIBL_SBL,URIBL_SBL_A autolearn=no autolearn_force=no version=3.4.0 Prod also misses DKIM_SIGNED and SPF_HELO_PASS. Network tests disabled, maybe? -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- The third basic rule of firearms safety: Keep your booger hook off the bang switch! --- 5 days until the 69th anniversary of the dawn of the Atomic Age
Re: production MTA not doing URIBL lookups, why?
--On Friday, July 11, 2014 4:44 PM -0700 John Hardin jhar...@impsec.org wrote: Prod also misses DKIM_SIGNED and SPF_HELO_PASS. Network tests disabled, maybe? Nope. Found the issue however. On my prod servers, I had the following set: dns_available test: 10.110.0.108 10.110.0.109 10.210.0.166 which are the IP addresses for my DNS servers. Unfortunately, with this line, SA always decides I don't have DNS for reasons that are beyond me, and then turns off the DNS checks. I've now changed it to: dns_available yes and things work as desired. So be very wary of telling SA to test DNS, because there's definitely something utterly broken there. --Quanah -- Quanah Gibson-Mount Server Architect Zimbra, Inc. Zimbra :: the leader in open source messaging and collaboration
Re: production MTA not doing URIBL lookups, why?
On Fri, 11 Jul 2014 16:00:57 -0700 Quanah Gibson-Mount wrote: --On Friday, July 11, 2014 4:44 PM -0700 John Hardin jhar...@impsec.org wrote: Prod also misses DKIM_SIGNED and SPF_HELO_PASS. Network tests disabled, maybe? Nope. Found the issue however. On my prod servers, I had the following set: dns_available test: 10.110.0.108 10.110.0.109 10.210.0.166 which are the IP addresses for my DNS servers. Those are supposed to domains to look-up as a test, not the IP addresses of DNS servers. Unfortunately, with this line, SA always decides I don't have DNS for reasons that are beyond me, It's clearly documented on the man page.
Re: production MTA not doing URIBL lookups, why?
--On Saturday, July 12, 2014 1:18 AM +0100 RW rwmailli...@googlemail.com wrote: Unfortunately, with this line, SA always decides I don't have DNS for reasons that are beyond me, It's clearly documented on the man page. Ah, yeah, I see that. I misread the first bit: By default, SpamAssassin will query some default hosts on the internet to attempt to check if DNS is working or not. as meaning that if I put in the test line, it'd change to querying the DNS servers I specified. :P --Quanah -- Quanah Gibson-Mount Server Architect Zimbra, Inc. Zimbra :: the leader in open source messaging and collaboration