RBL Checking MS not working
Matthijs Althoff
scouty at BROMBERG.DEMON.NL
Fri Dec 13 09:24:49 GMT 2002
Good morning all,
Getting better each day I resolved the statistics problem, spamassasin is
working like charm the only thing I could not get to work is the rbl
checking...
OS : RedHat 8.0
sendmail : Sendmail 8.12.5/8.12.5
Mail-scanner : 4.10-3)
I'm fetching my mail with fetchmail from several pop3 boxes which is then
processes by the sendmail access.db (spam), mail-scanner (virus),
spamassasin (spam), procmail (old spam filter). I'm using rblcheck a little
scripting from invoked in procmail [1] to do some rbl checking which works
great but I would very much like to put the rbl checking in front because I
will now have to start rblcheck for each user in their .procmailrc which
costs cpu time. Since I'm fetching mail with fetchmail I can not do the
dnsbl checking from sendmail because it will always check the local ip..
1. http://www.bromberg.demon.nl/sendmail
I have configured mail-scanner to use rbl checking (disabled the re-check
in spamassasin) on the bottom of this message you wil find a snip form
mailscanner.conf and my spam.lists.conf One of the messages put away by
spam assasin has the IP 61.132.182.209 according to rblcheck this IP is
blacklisted by:
$ rblcheck 61.132.182.209
61.132.182.209 RBL filtered by list.dsbl.org
61.132.182.209 RBL filtered by bl.spamcop.net
But there is no trace at all from an working rblcheck from mail-scanner at
least I should see something refering to "DSBL-LIST" or "SPAMCOP.NET"
right?
-------------------------------------------------
sendmail maillog (my name is forged into the address
-------------------------------------------------
sendmail[26348]: gBD70Gjf026348: from=<m.althoff at compudomainpark.org>,
size=3437, class=0, nrcpts=1, msgid=<2U6WQI.9RGI7F85H00X6IF.
m.althoff at compudomainpark.org>, proto=ESMTP, daemon=MTA,
relay=localhost [127.0.0.1]
-------------------------------------------------
sendmail maillog (my name is forged into the address
-------------------------------------------------
The message gets killed by spamassasin
-------------------------------------------------
sendmail maillog
-------------------------------------------------
MailScanner[25768]: Message gBD70Gjf026348 from 127.0.0.1
(compudomainpark.org) is spam, SpamAssassin (score=9.5, required 5,
NO_REAL_NAME, FORGED_RCVD_FOUND, DOUBLE_CAPSWORD, JAVASCRIPT,
HTML_WITH_BGCOLOR, NO_MX_FOR_FROM, CTYPE_JUST_HTML, MSG_ID_ADDED_BY_MTA_2)
-------------------------------------------------
sendmail maillog
-------------------------------------------------
but to trace of an invoked RBL Check started from mail-scanner,
what could it be is it not started is it my firewall on which a
few ftp, httpd etc ports are open to the world, mis-configuration,
is it impossible with fetchmail / sendmail / mail-scanner??
-------------------------------------------------
Mailscanner.conf
-------------------------------------------------
# This is the name of the file that translates the names of the "Spam List"
# values to the real DNS names of the spam blacklists.
Spam List Definitions = /etc/MailScanner/spam.lists.conf
# Do you want to check messages to see if they are spam?
# This can also be the filename of a ruleset.
Spam Checks = yes
# This is the list of spam blacklists (RBLs) which you are using.
# See the "Spam List Definitions" file for more information about what
# you can put here.
# This can also be the filename of a ruleset.
Spam List = ORDB-RBL MONKEYS-PROXY MONKEYS-FORMAIL SPAMCOP.NET etc etc
# This is the list of spam domain blacklists which you are using
# (such as the "rfc-ignorant" domains). See the "Spam List Definitions"
# file for more information about what you can put here.
# This can also be the filename of a ruleset.
Spam Domain List = WIREHUB-DNSBL WIREHUB-DYNA OSIRUSOFT-SPEWS
# If an individual "Spam List" or "Spam Domain List" check takes longer
# that this (in seconds), the check is abandoned and the timeout noted.
Spam List Timeout = 10
# The maximum number of timeouts caused by any individual "Spam List" or
# "Spam Domain List" before it is marked as "unavailable". Once marked,
# the list will be ignored until the next automatic re-start (see
# "Restart Every" for the longest time it will wait).
# This can also be the filename of a ruleset.
Max Spam List Timeouts = 7
-------------------------------------------------
Mailscanner.conf
-------------------------------------------------
-------------------------------------------------
spam.lists.conf
-------------------------------------------------
ORDB-RBL relays.ordb.org
MONKEYS-PROXY proxies.relays.monkeys.com
MONKEYS-FORMAIL formmail.relays.monkeys.com
OSIRUSOFT-RELAYS relays.osirusoft.com
OSIRUSOFT-PROXY proxy.relays.osirusoft.com
OSIRUSOFT-INPUTS inputs.relays.osirusoft.com
OSIRUSOFT-DIALUPS dialups.relays.osirusoft.com
OSIRUSOFT-SPAMSOURCES spamsources.relays.osirusoft.com
OSIRUSOFT-SPAMSITES spamsites.relays.osirusoft.com
OSIRUSOFT-SPAMHAUS spamhaus.relays.osirusoft.com
OSIRUSOFT-OUTPUTS outputs.relays.osirusoft.com
SPAMHAUS-SBL sbl.spamhaus.org
DSBL-LIST list.dsbl.org
SPAMCOP.NET bl.spamcop.net
BLACKHOLES-AR argentina.blackholes.us
BLACKHOLES-BRAZIL brazil.blackholes.us
# And build a similar list for the RBL domains that work on the name
# of the domain rather than the IP address of the exact machine that
# is listed. This way the RBL controllers can blacklist entire
# domains very quickly and easily.
# These aren't used by default, as they slow down MailScanner quite a bit.
WIREHUB-DNSBL blackholes.wirehub.net
WIREHUB-DYNA dynablock.wirehub.net
OSIRUSOFT-SPEWS spews.relays.osirusoft.com
-------------------------------------------------
spam.lists.conf
-------------------------------------------------
More information about the MailScanner
mailing list