Re: Correct way to allowlist an IP from DNSBL checks when it's not the final Received?

Fri, 29 Sep 2023 08:01:15 -0700 

Hello,

On Thu, Sep 28, 2023 at 09:08:30PM -0400, Jared Hall wrote:
> 1) Are you using native SA or the spamhaus-dqs plugin?

Just native SA in spamd mode.

> 2) What version of SpamAssassin?

3.4.2. I know, it's ancient. An upgrade is planned but I'd still
like to know what the behaviour is. I understand if no one wants to
help and if so I might come back with questions after an upgrade.

> 3) Parse the message from the command line.  Something like:
> 'cat message | spamassassin -D &> dbgout.txt'
> Then: 'grep external dbgout.txt'
> 
> It should show something like "full-external: 170.10.129.124, 66.187.233.73
> untrusted: 170.10.129.124, 66.187.233.73 originating:" if your Internal
> networks are setup properly in SA.

grep full-external: dbgout.txt

produces 15 lines all of which are identical:

Sep 29 14:36:57.221 [2611] dbg: dns: IPs found: full-external: 170.10.129.124, 
66.187.233.73, 10.11.54.8, 10.30.29.100, ::1, 10.11.54.6, 10.11.55.25, 
207.211.31.120, 209.85.128.43 untrusted: 170.10.129.124, 66.187.233.73, 
207.211.31.120, 209.85.128.43 originating:

(except for timestamps)

66.187.233.73 still seems to be listed in SBL-CSS and ios detected
as such.

I can see from:

grep 73.233.187.66 dbgout.txt

that it does check 66.187.233.73 against all the usual DNSBLs,
e.g.

Sep 29 14:36:57.157 [2611] dbg: check: tagrun - tag RELAYSUNTRUSTEDREVIP is now 
ready, value: ARY:[124.129.10.170,73.233.187.66,120.31.211.207,43.128.85.209]
Sep 29 14:36:57.157 [2611] dbg: check: tagrun - tag RELAYSEXTERNALREVIP is now 
ready, value: ARY:[124.129.10.170,73.233.187.66,120.31.211.207,43.128.85.209]
[…]
Sep 29 14:36:57.218 [2611] dbg: async: launching 
A/73.233.187.66.zen.spamhaus.org for dns:A:73.233.187.66.zen.spamhaus.org
Sep 29 14:36:57.219 [2611] dbg: dns: providing a callback for id: 
31199/IN/A/73.233.187.66.zen.spamhaus.org
Sep 29 14:36:57.219 [2611] dbg: async: starting: DNSBL-A, 
dns:A:73.233.187.66.zen.spamhaus.org (timeout 15.0s, min 3.0s)
Sep 29 14:36:57.378 [2611] dbg: async: calling callback on key 
dns:A:73.233.187.66.zen.spamhaus.org
Sep 29 14:36:57.378 [2611] dbg: dns: hit <dns:73.233.187.66.zen.spamhaus.org> 
127.0.0.3

So this is normal behaviour then, for v3.4.2 at least?

Thanks,
Andy

Reply via email to