On Wed, 2007-05-30 at 11:57 -0500, Daniel J McDonald wrote: > On Wed, 2007-05-30 at 12:46 -0400, Theo Van Dinter wrote: > > On Wed, May 30, 2007 at 11:39:15AM -0500, Daniel J McDonald wrote: > > > Ok, here's one that does fail: > > > > Based on your debug quoting, 3.2 does not show a URIBL_BLACK hit, it > > shows a hit for a different rule, URIBL_RHS_URIBL_BLACK. > > > > Well, that doesn't show up in the list either... > Is that because the rule is duplicated in 25_uribl.cf and 72_active.cf? > > [EMAIL PROTECTED] updates_spamassassin_org]$ sudo grep URIBL_BLACK * > 25_uribl.cf:urirhssub URIBL_BLACK multi.uribl.com. A 2 > 72_active.cf:urirhssub URIBL_RHS_URIBL_BLACK multi.uribl.com. > A 2
> since the score for URIBL_RHS_URIBL_BLACK is 0, but it still fired for > that one, it looks like a problem. Let me remove that rule from 72 and > see what happens... I removed the rule from 72_active.cf and now I am detecting URIBL_BLACK for that message. [18212] dbg: uridnsbl: domain "theauthenticmemento.com" listed (URIBL_OB_SURBL): 127.0.0.16 [18212] dbg: dns: URIBL_OB_SURBL lookup finished [18212] dbg: uridnsbl: query for theauthenticmemento.com took 2 seconds to look up (multi.surbl.org.:theauthenticmemento.com) [18212] dbg: uridnsbl: domain "theauthenticmemento.com" listed (URIBL_BLACK): 127.0.0.2 [18212] dbg: dns: URIBL_BLACK lookup finished [18212] dbg: uridnsbl: query for theauthenticmemento.com took 2 seconds to look up (multi.uribl.com.:theauthenticmemento.com) [18212] dbg: check: tests=DKIM_POLICY_SIGNSOME,HTML_IMAGE_RATIO_04,HTML_MESSAGE,INVALID_DATE,L_P0F_W,MIME_HTML_ONLY,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,RELAY_US,SARE_UNA,URIBL_BLACK,URIBL_OB_SURBL [18212] dbg: check: subtests=__CD,__CT,__CTE,__CTYPE_HTML,__DOS_HAS_ANY_URI,__DOS_RCVD_WED,__DOS_SINGLE_EXT_RELAY,__EXCLAIM_SUBJ,__FB_MA,__FB_S_PRICE,__FM_MY_PRICE,__HAS_ANY_URI,__HAS_MSGID,__HAS_RCVD,__HAS_SUBJECT,__HTML_LINK_IMAGE,__MIME_HTML,__MIME_VERSION,__MISSING_REF,__MSGID_OK_HOST,__NAKED_TO,__NONEMPTY_BODY,__SANE_MSGID,__SARE_HAS_BG_COLOR,__SARE_HAS_FG_COLOR,__SARE_HTML_HAS_A,__SARE_HTML_HAS_BR,__SARE_HTML_HAS_DIV,__SARE_HTML_HAS_FONT,__SARE_HTML_HAS_IMG,__SARE_HTML_HAS_P,__SARE_HTML_HAS_TITLE,__SARE_URI_ANY,__SARE_WHITE_BG_COLOR,__SUBJ_3DIGIT,__TAG_EXISTS_BODY,__TAG_EXISTS_CENTER,__TAG_EXISTS_HEAD,__TAG_EXISTS_HTML,__TAG_EXISTS_META,__TOCC_EXISTS And other messages as well: [EMAIL PROTECTED] ~]$ sudo grep -o -P URIBL.+\?= /var/log/mail/info | sort | uniq -c 1 URIBL_AB_SURBL= 21 URIBL_BLACK= 4 URIBL_GREY= 157 URIBL_JP_SURBL= 202 URIBL_OB_SURBL= 8 URIBL_RED= 44 URIBL_RHS_DOB= 27 URIBL_SBL= 92 URIBL_WS_SURBL= So, the problem appears to be with the file 72_active.cf in version 535132 of updates.spamassassin.org -- Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX Austin Energy http://www.austinenergy.com