Nah, but your could put it in debug mode and tail your log to see whats wrong. Run it on a different port for temporary test.... CC'ing to users@ in case anyone wants to chime in regarding your setup.
------------------------------------ Console #1 on Server running SA ------------------------------------ # spamd -D -p 800 2>&1 | grep postcard Should show... After you run the echo on Console #2 below... debug: uri: uri found: http://postcards.com debug: uridnsbl: domains to query: postcards.com debug: uridnsbl: domain "postcards.com" listed (URIBL_WS_SURBL): 127.0.0.4 debug: uridnsbl: query for postcards.com took 0 seconds to look up (multi.surbl.org.:postcards.com) debug: uridnsbl: query for postcards.com took 0 seconds to look up (sbl.spamhaus.org.:90.64.69.64) debug: uridnsbl: query for postcards.com took 0 seconds to look up (sbl.spamhaus.org.:61.64.69.64) ------------------------ ------------------------------------ Console #2 on Server running SA ------------------------------------ # echo -e "From: blah\n\nhttp://postcards.com\n" | spamc -p 800 Should show... * 2.5 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist * [URIs: postcards.com] ------------------------ Dallas > -----Original Message----- > From: Mike Carlson [mailto:[EMAIL PROTECTED] > Sent: Thursday, December 02, 2004 1:35 PM > To: Dallas L. Engelken > Subject: RE: SURBLS > > Ok, I got the same results you did. Is there a spamd switch I > can use to test it? > > --Mike > > > > ________________________________ > > From: Dallas L. Engelken [mailto:[EMAIL PROTECTED] > Sent: Thu 12/2/2004 1:24 PM > To: Mike Carlson > Subject: RE: SURBLS > > > > You can always do manual tests from the box you run SA on... > > [EMAIL PROTECTED] etc]# host -tA protosoft.org.multi.surbl.org > protosoft.org.multi.surbl.org has address 127.0.0.84 > > [EMAIL PROTECTED] etc]# host -tA postcards.com.multi.surbl.org > postcards.com.multi.surbl.org has address 127.0.0.4 > > [EMAIL PROTECTED] etc]# host -tA nmgi.com.multi.surbl.org Host > nmgi.com.multi.surbl.org not found: 3(NXDOMAIN) > > First 2 are listed, nmgi.com is not :) > > Dallas > > > > > -----Original Message----- > > From: Mike Carlson [mailto:[EMAIL PROTECTED] > > Sent: Thursday, December 02, 2004 1:13 PM > > To: Dallas L. Engelken > > Subject: RE: SURBLS > > > > Thanks for the tips. I do have dns_available yes coded in > my local.cf > > and the host command does return the name servers for Google. I am > > wondering if there is a specific test I can use with SA to > make sure > > that SURBLS are working with SA. I am firing SA from > MIMEDefang so I > > am trying to eliminate SA from my troubleshooting process if I can. > > > > --Mike > > > > > > ________________________________ > > > > From: Dallas L. Engelken [mailto:[EMAIL PROTECTED] > > Sent: Thu 12/2/2004 1:04 PM > > To: Mike Carlson > > Subject: RE: SURBLS > > > > > > > > Thx.. The raptor firewalls screw with NS resource record resoltion, > > and > > cause SURBL's not to fire. You might test NS resolution > to make sure > > its working... > > > > # host -tNS google.com > > > > Or on windows > > > > C:\> nslookup > > > set query=NS > > > google.com > > > > If that works, then its something else. You are not running the > > -L|--local flag on spamd right? Have you tried hard-coding > > > > Dns_available yes > > > > In your local.cf? Maybe spamd doesn't think your dns is working.. > > Assuming you are running spamc/spamd. > > > > Dallas > > > > > > > -----Original Message----- > > > From: Mike Carlson [mailto:[EMAIL PROTECTED] > > > Sent: Thursday, December 02, 2004 1:07 PM > > > To: Dallas L. Engelken > > > Subject: RE: SURBLS > > > > > > No, we are using a linux distro for our firewall. > > > > > > --Mike > > > > > > > > > > > > ________________________________ > > > > > > From: Dallas L. Engelken [mailto:[EMAIL PROTECTED] > > > Sent: Thu 12/2/2004 1:00 PM > > > To: Mike Carlson > > > Subject: RE: SURBLS > > > > > > > > > > > > > > > > What tests can I do to make sure SURBLS is working? I > > > havent seen any > > > > scores for SURBLS in any of the caught or uncaught emails. > > > > > > > > > > Curious, do you have a symantec firewall? > > > > > > > > > > > > > > > > > > > > > > > >