Have you considered running your own DNS server locally ? -- Jeremy McSpadden Flux Labs | http://www.fluxlabs.net<http://www.fluxlabs.net/> | Endless Solutions Office : 850-250-5590x501<tel:850-250-5590;501> | Cell : 850-890-2543<tel:850-890-2543> | Fax : 850-254-2955<tel:850-254-2955>
On Jul 15, 2014, at 3:47 PM, "Quanah Gibson-Mount" <[email protected]<mailto:[email protected]>> wrote: Hi, Apparently there is a network device somewhere on the network my production servers use that is causing very long delays with first time DNS lookups. This is having a significant impact on SA's ability to score spam, as the various RBL lookups time out, as well as Razor and Pyzor. I've attempted to workaround this by setting: pyzor_timeout 60 razor_timeout 60 dcc_timeout 60 rbl_timeout 45 30 but I'm still seeing lookups being aborted. Here's an example of the problem: Jul 15 13:27:38 edge02 amavis[27683]: (27683-03) spam-tag, <[email protected]<mailto:[email protected]>> -> <[email protected]<mailto:[email protected]>>, No, score=0.984 tagged_above=-10 required=3 tests=[BAYES_00=-0.05, DCC_CHECK=1.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.723, RP_MATCHES_RCVD=-0.8, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01] autolearn=no autolearn_force=no Same email 2 seconds later, we can see Razor scoring is now there: Jul 15 13:28:40 edge02 amavis[27682]: (27682-06) spam-tag, <[email protected]<mailto:[email protected]>> -> <[email protected]<mailto:[email protected]>>,<[email protected]<mailto:[email protected]>>, Yes, score=6.413 tagged_above=-10 required=3 tests=[BAYES_00=-0.05, DCC_CHECK=1.1, DIGEST_MULTIPLE=0.293, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.723, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.886, RAZOR2_CHECK=2.75, RP_MATCHES_RCVD=-0.8, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01] autolearn=no autolearn_force=no So the second time it comes through, we get a valid spam tag. I most often see this with RBL lookups, which is a huge problem for scoring. Here's another example: First time run: X-Spam-Status: No, score=4.8 required=5.0 tests=DKIM_SIGNED, HTML_FONT_LOW_CONTRAST,HTML_IMAGE_RATIO_06,HTML_MESSAGE, RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,RP_MATCHES_RCVD,T_DKIM_INVALID, UNPARSEABLE_RELAY autolearn=no autolearn_force=no version=3.4.0 Second time run: X-Spam-Status: Yes, score=5.2 required=5.0 tests=DKIM_SIGNED, HTML_FONT_LOW_CONTRAST,HTML_IMAGE_RATIO_06,HTML_MESSAGE,NO_DNS_FOR_FROM, RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,RP_MATCHES_RCVD,T_DKIM_INVALID, UNPARSEABLE_RELAY autolearn=no autolearn_force=no version=3.4.0 Note how "NO_DNS_FOR_FROM" is now added to the score set. In the successful run, I have: Jul 15 15:32:27.498 [52317] dbg: async: completed in 5.322 s: NO_DNS_FOR_FROM, DNSBL-MX, dns:MX:askpcm.com In the unsuccessful run, I have: Jul 15 15:28:14.563 [48690] dbg: async: aborting after 25.456 s, deadline shrunk: NO_DNS_FOR_FROM, DNSBL-MX, dns:MX:askpcm.com The next run, I have: Jul 15 15:32:27.498 [52317] dbg: async: completed in 5.322 s: NO_DNS_FOR_FROM, DNSBL-MX, dns:MX:askpcm.com So clearly my timeout values (45, 30) are not being honored, since 25 seconds < 30 second minimum. Is there any way to set a global value of 60 seconds MINIMUM for all tests, period? Thanks! --Quanah -- Quanah Gibson-Mount Server Architect Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
