On Wed, 2007-05-30 at 11:57 -0500, Daniel J McDonald wrote:
> On Wed, 2007-05-30 at 12:46 -0400, Theo Van Dinter wrote:
> > On Wed, May 30, 2007 at 11:39:15AM -0500, Daniel J McDonald wrote:
> > > Ok, here's one that does fail:
> >
> > Based on your debug quoting, 3.2 does not show a URIBL_BLACK hit, it
> > shows a hit for a different rule, URIBL_RHS_URIBL_BLACK.
> >
>
> Well, that doesn't show up in the list either...
> Is that because the rule is duplicated in 25_uribl.cf and 72_active.cf?
>
> [EMAIL PROTECTED] updates_spamassassin_org]$ sudo grep URIBL_BLACK *
> 25_uribl.cf:urirhssub URIBL_BLACK multi.uribl.com. A 2
> 72_active.cf:urirhssub URIBL_RHS_URIBL_BLACK multi.uribl.com.
> A 2
> since the score for URIBL_RHS_URIBL_BLACK is 0, but it still fired for
> that one, it looks like a problem. Let me remove that rule from 72 and
> see what happens...
I removed the rule from 72_active.cf and now I am detecting URIBL_BLACK
for that message.
[18212] dbg: uridnsbl: domain "theauthenticmemento.com" listed
(URIBL_OB_SURBL): 127.0.0.16
[18212] dbg: dns: URIBL_OB_SURBL lookup finished
[18212] dbg: uridnsbl: query for theauthenticmemento.com took 2 seconds
to look up (multi.surbl.org.:theauthenticmemento.com)
[18212] dbg: uridnsbl: domain "theauthenticmemento.com" listed
(URIBL_BLACK): 127.0.0.2
[18212] dbg: dns: URIBL_BLACK lookup finished
[18212] dbg: uridnsbl: query for theauthenticmemento.com took 2 seconds
to look up (multi.uribl.com.:theauthenticmemento.com)
[18212] dbg: check:
tests=DKIM_POLICY_SIGNSOME,HTML_IMAGE_RATIO_04,HTML_MESSAGE,INVALID_DATE,L_P0F_W,MIME_HTML_ONLY,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,RELAY_US,SARE_UNA,URIBL_BLACK,URIBL_OB_SURBL
[18212] dbg: check:
subtests=__CD,__CT,__CTE,__CTYPE_HTML,__DOS_HAS_ANY_URI,__DOS_RCVD_WED,__DOS_SINGLE_EXT_RELAY,__EXCLAIM_SUBJ,__FB_MA,__FB_S_PRICE,__FM_MY_PRICE,__HAS_ANY_URI,__HAS_MSGID,__HAS_RCVD,__HAS_SUBJECT,__HTML_LINK_IMAGE,__MIME_HTML,__MIME_VERSION,__MISSING_REF,__MSGID_OK_HOST,__NAKED_TO,__NONEMPTY_BODY,__SANE_MSGID,__SARE_HAS_BG_COLOR,__SARE_HAS_FG_COLOR,__SARE_HTML_HAS_A,__SARE_HTML_HAS_BR,__SARE_HTML_HAS_DIV,__SARE_HTML_HAS_FONT,__SARE_HTML_HAS_IMG,__SARE_HTML_HAS_P,__SARE_HTML_HAS_TITLE,__SARE_URI_ANY,__SARE_WHITE_BG_COLOR,__SUBJ_3DIGIT,__TAG_EXISTS_BODY,__TAG_EXISTS_CENTER,__TAG_EXISTS_HEAD,__TAG_EXISTS_HTML,__TAG_EXISTS_META,__TOCC_EXISTS
And other messages as well:
[EMAIL PROTECTED] ~]$ sudo grep -o -P URIBL.+\?= /var/log/mail/info | sort
| uniq -c
1 URIBL_AB_SURBL=
21 URIBL_BLACK=
4 URIBL_GREY=
157 URIBL_JP_SURBL=
202 URIBL_OB_SURBL=
8 URIBL_RED=
44 URIBL_RHS_DOB=
27 URIBL_SBL=
92 URIBL_WS_SURBL=
So, the problem appears to be with the file 72_active.cf in version
535132 of updates.spamassassin.org
--
Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX
Austin Energy
http://www.austinenergy.com
