Re: How to tell if DnsBlocklists are definitely being used by my Spamassassin setup

Mon, 30 Nov 2015 09:31:19 -0800 


On 30/11/15 16:41, Reindl Harald wrote:



Am 30.11.2015 um 17:24 schrieb Sebastian Arcus:

OK - this might be a basic question, but recently the detection rate on
my SA install has been really unreliable, so I decided that the first
step is to be sure it is using the public dns blocklists and razor. My
setup:

1. Spamassassin 3.4.1

2. I have Bind configured as recursive, non-forwarding, caching DNS 
server.

3. spamassassin --lint doesn't return any errors or failures.

5. My init.pre contains "loadplugin 
Mail::SpamAssassin::Plugin::URIDNSBL"


Here is the report included in one of the emails which is spam, but
wasn't detected as such:

Content analysis details:   (1.4 points, 5.0 required)

   pts rule name              description
  ---- ----------------------
--------------------------------------------------
  -0.7 RCVD_IN_DNSWL_LOW      RBL: Sender listed at
http://www.dnswl.org/, low
                              trust
                              [212.227.15.41 listed in list.dnswl.org]
   1.0 SPF_SOFTFAIL           SPF: sender does not match SPF record
(softfail)
   0.0 HTML_MESSAGE           BODY: HTML included in message
  -0.1 DKIM_VALID             Message has at least one valid DKIM or DK
signature
   0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not
necessarily valid
  -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature
from author's
                              domain
   1.3 RDNS_NONE              Delivered to internal network by a host
with no rDNS
   0.0 UNPARSEABLE_RELAY      Informational: message has unparseable
relay lines


Does the above mean that the DNSBL tests were applied, but returned zero
values - or would it mean they were skipped. I'm not sure how to find
out which one is it? I'm happy to attach some sample emails which
weren't detected, or any other useful info. Thank you



RCVD_IN_DNSWL_LOW is the opposite of "returned zero values" but why 
not just pass a sample against SA in debug-mode?


spamassassin -D  < /path/to/spam-example.eml

Thank you Harald. I did - and it looks like SA does contact lots of 
DNSBL's and it receives various messages in reply. Nothing that looks 
like failures or errors. I can attach the output here - but it is a lot. 
Would this mean that the DNSBL's are working correctly in my setup - but 
spammers somehow manage to keep on sending from "clean" domains all the 
time - and I should look into some other way of stopping this type of 
spam? The messages I'm talking about are typical spam, with one or two 
sentences in the email body and one or two links - usually advertising 
life insurance, solar panels and similar. None of them are from proper 
companies or entities I have ever dealt with.
























					Reply via email to