Re: Spamassassin not checking user provided RBLs
On Thu, Sep 2, 2010 at 1:56 PM, Benny Pedersen m...@junc.org wrote: On tor 02 sep 2010 09:08:30 CEST, Chris Datfung wrote I ran sa-update. As you pointed out, there are a number of RBLs in the standard configuration that for some reason aren't checked, thus I thought I could easily fix that by adding them to local.cf and when that didn't work I tried in init.pre. I do see other RBL generated scores in the message headers, so it appears that some RBL checks are indeed performed. try to debug it as below with spamassassing 21 -D -t msg | less what are being tested at what fails ? Hi, I'm still having the RBL lookup problem. It seems that no RBLs are checked now. I just looked up an unidentified spam message received that's listed in zen.spamhaus.org but no mention of any RBLs in the spamassassin headers. I reran the above command and found the following error: Oct 10 21:49:58.510 [16255] dbg: dns: Net::DNS version: 0.63 Oct 10 21:49:58.510 [16255] warn: archive-iterator: no access to msg: No such file or directory at /usr/share/perl5/Mail/SpamAssassin/ArchiveIterator.pm line 771. Oct 10 21:49:58.510 [16255] warn: archive-iterator: unable to open msg: No such file or directory I'm running spamassassin 3.3.1-1 from the Debian package. Line 771 says: if (!defined $AICache) { my @s = stat($mail); @s or warn archive-iterator: no access to $mail: $!; return unless $self-_message_is_useful_by_file_modtime($s[9]); } Any idea what the problem might be? Thanks, Chris
Re: Spamassassin not checking user provided RBLs
On søn 10 okt 2010 12:55:56 CEST, Chris Datfung wrote Oct 10 21:49:58.510 [16255] warn: archive-iterator: unable to open msg: No such file or directory Any idea what the problem might be? warn line says you did not provide a spam msg file to test with -- xpoint http://www.unicom.com/pw/reply-to-harmful.html
Re: Spamassassin not checking user provided RBLs
On Sun, 10 Oct 2010, Chris Datfung wrote: try to debug it as below with spamassassing 21 -D -t msg | less Try this instead: spamassassin 21 -D -t msg | less Pipe the test message through spamassassin. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- North Korea: the only country in the world where people would risk execution to flee to communist China. -- Ride Fast --- 68 days until TRON Legacy
Re: Spamassassin not checking user provided RBLs
On 9/2/2010 8:24 AM, Chris Datfung wrote: On Thu, Sep 2, 2010 at 2:30 PM, Matt Kettler mkettler...@verizon.net mailto:mkettler...@verizon.net wrote: Can you try again using a message, such as the sample-spam.txt that comes with the SA tarball. spamassassin sample-spam.txt 21 -D In particular, we want to look at the dbg: dns: is DNS available? line and other DNS related ones nearby. Hi Matt, I included (hopefully only) the relevant data from the above command below: Sep 2 22:13:42.202 [11886] dbg: dns: checking RBL combined.njabl.org http://combined.njabl.org., set njabl snip Sep 2 22:13:42.202 [11886] dbg: dns: checking RBL dnsbl.njabl.org http://dnsbl.njabl.org., set njabl snip Well that sure looks like it is querying your dnsbl.njabl.org, and the default rulset rule which uses combined.njabl.org. What makes you think that it's not running the query? Is your rule IN_NJABL_ORG never hitting? What about RCVD_IN_NJABL_* rules (the rules that are part of the stock ruleset and query the same DNSBL, but in a different way)? Are they hitting? Is your mail already filtered at the MTA layer rejecting messages in NJABL (which would make it much less likely, but not impossible, to see hits)? Are you on ATT as an internet provider and using their DNS servers? According to the NJABL FAQ, ATT intentionally poisons dnsbl.njabl.org (starting in 2004, they may or may not still do so), returing a NS record pointing to 127.0.0.1. Try this on the command line: dig ns dnsbl.njabl.org If you get no answer, or something like this: ;; AUTHORITY SECTION: dnsbl.njabl.org.82758 IN NS loopback. ;; ADDITIONAL SECTION: loopback. 52978 IN A 127.0.0.1 Your provider is messing with you.
Re: Spamassassin not checking user provided RBLs
On tor 02 sep 2010 09:08:30 CEST, Chris Datfung wrote I ran sa-update. As you pointed out, there are a number of RBLs in the standard configuration that for some reason aren't checked, thus I thought I could easily fix that by adding them to local.cf and when that didn't work I tried in init.pre. I do see other RBL generated scores in the message headers, so it appears that some RBL checks are indeed performed. try to debug it as below with spamassassing 21 -D -t msg | less what are being tested at what fails ? Do you see any obvious problems? only that you posted to much on a maillist :) well fun aside check the pre files that you load plugins right as you like it to be, and then check again for not installed plugins eg if you have DKIM loaded in pre it does not wotk if the DKIM plugin is not installed -- xpoint http://www.unicom.com/pw/reply-to-harmful.html
Re: Spamassassin not checking user provided RBLs
On 2010-09-01 22:47, Chris Datfung wrote: I'm running spamassassin version 3.3.1-1 from the Debian package. I added several RBLs to /etc/mail/spamassassin/init.pre but spamassassin only queries its built in RBLs and not the ones I added. An example RBL entry to init.pre is shown below: header IN_NJABL_ORGrbleval:check_rbl('njabl','dnsbl.njabl.org.') describe IN_NJABL_ORG Received via a relay in dnsbl.njabl.org tflags IN_NJABL_ORGnet score IN_NJABL_ORG 5 I also find messages that aren't tagged as being in an RBL that are listed in cbl.abuseat.org and zen.spamhaus.org which should be automatically checked by spamassassin using the default configuration. As mentioned before other (built-in) RBL checks work. Any hints as to why my custom RBL checks added to init.pre (and also tried local.cf) aren't queried after restarting spamassassin? Thanks, Chris You don't EVER add rules to a .pre file only .cf are rules files use local.cf for custom rules
Re: Spamassassin not checking user provided RBLs
On 9/2/2010 3:08 AM, Chris Datfung wrote: On Thu, Sep 2, 2010 at 5:06 AM, Benny Pedersen m...@junc.org mailto:m...@junc.org wrote: On ons 01 sep 2010 22:47:36 CEST, Chris Datfung wrote header IN_NJABL_ORG rbleval:check_rbl('njabl','dnsbl.njabl.org.') describe IN_NJABL_ORG Received via a relay in dnsbl.njabl.org http://dnsbl.njabl.org tflags IN_NJABL_ORGnet score IN_NJABL_ORG 5 first errpr is you added it to a pre file, next is that it is in std rules being checked did you or debian run sa-update ? Hi Benny, I ran sa-update. As you pointed out, there are a number of RBLs in the standard configuration that for some reason aren't checked, thus I thought I could easily fix that by adding them to local.cf http://local.cf and when that didn't work I tried in init.pre. I do see other RBL generated scores in the message headers, so it appears that some RBL checks are indeed performed. what gives spamassassin 21 -D --lint | less snip Do you see any obvious problems? Hmm, --lint isn't really the best option for a DNS problem. --lint implies local-only mode, which limits its usefulness for this particular kind of issue. I can see you do have Net::DNS installed, which is good: Sep 2 16:56:51.709 [986] dbg: dns: is Net::DNS::Resolver available? yes Sep 2 16:56:51.709 [986] dbg: dns: Net::DNS version: 0.63 and I don't see any parse errors, which is also good.. Sep 2 16:56:53.771 [986] dbg: dns: is DNS available? 0 Sep 2 16:56:53.771 [986] dbg: rules: local tests only, ignoring RBL eval But local-only mode is enforced, cutting our investigation short. Can you try again using a message, such as the sample-spam.txt that comes with the SA tarball. spamassassin sample-spam.txt 21 -D In particular, we want to look at the dbg: dns: is DNS available? line and other DNS related ones nearby. Thanks! Chris
Re: Spamassassin not checking user provided RBLs
On Thu, Sep 2, 2010 at 2:30 PM, Matt Kettler mkettler...@verizon.netwrote: Can you try again using a message, such as the sample-spam.txt that comes with the SA tarball. spamassassin sample-spam.txt 21 -D In particular, we want to look at the dbg: dns: is DNS available? line and other DNS related ones nearby. Hi Matt, I included (hopefully only) the relevant data from the above command below: Sep 2 22:13:37.978 [11886] dbg: dns: is Net::DNS::Resolver available? yes Sep 2 22:13:37.979 [11886] dbg: dns: Net::DNS version: 0.63 [...snip] Sep 2 22:13:39.147 [11886] dbg: dns: is_dns_available() last checked 1283429619.1 seconds ago; re-checking Sep 2 22:13:39.147 [11886] dbg: dns: is Net::DNS::Resolver available? yes Sep 2 22:13:39.147 [11886] dbg: dns: Net::DNS version: 0.63 Sep 2 22:13:39.148 [11886] dbg: dns: name server: x.x.x.x, LocalAddr: 0.0.0.0 Sep 2 22:13:39.148 [11886] dbg: dns: resolver socket rx buffer size is 126976 bytes Sep 2 22:13:39.148 [11886] dbg: dns: testing resolver nameservers: x.x.x.x Sep 2 22:13:39.148 [11886] dbg: dns: trying (3) adelphia.net... Sep 2 22:13:39.148 [11886] dbg: dns: looking up NS for 'adelphia.net' Sep 2 22:13:39.149 [11886] dbg: dns: providing a callback for id: 53318/ adelphia.net/NS/IN Sep 2 22:13:42.151 [11886] dbg: dns: NS lookup of adelphia.net using x.x.x.x failed, no results found Sep 2 22:13:42.151 [11886] dbg: dns: trying (2) colorado.edu... Sep 2 22:13:42.151 [11886] dbg: dns: looking up NS for 'colorado.edu' Sep 2 22:13:42.151 [11886] dbg: dns: providing a callback for id: 53742/ colorado.edu/NS/IN Sep 2 22:13:42.198 [11886] dbg: dns: NS lookup of colorado.edu using x.x.x.x succeeded = DNS available (set dns_available to override) [...snip] Sep 2 22:13:42.200 [11886] dbg: dns: is DNS available? 1 Sep 2 22:13:42.201 [11886] dbg: uridnsbl: domains to query: Sep 2 22:13:42.201 [11886] dbg: dns: checking RBL bl.spamcop.net., set spamcop Sep 2 22:13:42.202 [11886] dbg: dns: checking RBL combined.njabl.org., set njabl Sep 2 22:13:42.202 [11886] dbg: dns: checking RBL bl.spamcop.net., set spamcop Sep 2 22:13:42.202 [11886] dbg: dns: checking RBL dnsbl.njabl.org., set njabl Sep 2 22:13:42.202 [11886] dbg: dns: checking RBL cbl.abuseat.org., set abuseat Sep 2 22:13:42.203 [11886] dbg: dns: checking RBL b.barracudacentral.org., set barracuda Sep 2 22:13:42.203 [11886] dbg: dns: checking RBL zen.spamhaus.org., set zen-lastexternal Sep 2 22:13:42.203 [11886] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs-lastexternal Sep 2 22:13:42.203 [11886] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs Sep 2 22:13:42.203 [11886] dbg: dns: checking RBL bl.score.senderscore.com., set rnbl-lastexternal Sep 2 22:13:42.203 [11886] dbg: dns: checking RBL zen.spamhaus.org., set zen-lastexternal Sep 2 22:13:42.203 [11886] dbg: dns: checking RBL psbl.surriel.com., set psbl-lastexternal Thanks, Chris
Spamassassin not checking user provided RBLs
I'm running spamassassin version 3.3.1-1 from the Debian package. I added several RBLs to /etc/mail/spamassassin/init.pre but spamassassin only queries its built in RBLs and not the ones I added. An example RBL entry to init.pre is shown below: header IN_NJABL_ORGrbleval:check_rbl('njabl','dnsbl.njabl.org.') describe IN_NJABL_ORG Received via a relay in dnsbl.njabl.org tflags IN_NJABL_ORGnet score IN_NJABL_ORG 5 I also find messages that aren't tagged as being in an RBL that are listed in cbl.abuseat.org and zen.spamhaus.org which should be automatically checked by spamassassin using the default configuration. As mentioned before other (built-in) RBL checks work. Any hints as to why my custom RBL checks added to init.pre (and also tried local.cf) aren't queried after restarting spamassassin? Thanks, Chris
Re: Spamassassin not checking user provided RBLs
On ons 01 sep 2010 22:47:36 CEST, Chris Datfung wrote header IN_NJABL_ORGrbleval:check_rbl('njabl','dnsbl.njabl.org.') describe IN_NJABL_ORG Received via a relay in dnsbl.njabl.org tflags IN_NJABL_ORGnet score IN_NJABL_ORG 5 first errpr is you added it to a pre file, next is that it is in std rules being checked did you or debian run sa-update ? what gives spamassassin 21 -D --lint | less -- xpoint http://www.unicom.com/pw/reply-to-harmful.html