Mailscanner RBL checks

Vlad Mazek v at vladville.com
Tue Aug 14 17:14:47 IST 2007 

First thing I did :) There doesn't seem to be anything, not even
check_uridnsbl or anything even with the rbl pattern search.

I am at a loss as to what is launching these queries but its sure trashing
this one site for some reason.

-Vlad

On 8/14/07, Richard Frovarp <Richard.Frovarp at sendit.nodak.edu> wrote:
>
> grep through the rules. URIBLs seem to be in 25_uribl.cf and DNSBLs seem
> to be in 20_dnsbl_tests.cf
>
> Vlad Mazek wrote:
> > Thing is, skip_rbl_checks =1 would skip them all, I just want to
> > restrict which ones are being queried.
> >
> > Here are the queries that are launched by MailScanner:
> > [2351] dbg: dns: URIBL_RED lookup start
> > [2351] dbg: dns: URIBL_GREY lookup start
> > [2351] dbg: dns: WHOIS_SECUREWHOIS lookup start
> > [2351] dbg: dns: WHOIS_MYPRIVREG lookup start
> > [2351] dbg: dns: WHOIS_NETSOLPR lookup start
> > [2351] dbg: dns: WHOIS_AITPRIV lookup start
> > [2351] dbg: dns: URIBL_SC_SURBL lookup start
> > [2351] dbg: dns: URIBL_AB_SURBL lookup start
> > [2351] dbg: dns: WHOIS_CONTACTPRIV lookup start
> > [2351] dbg: dns: WHOIS_NAMEKING lookup start
> > [2351] dbg: dns: WHOIS_PRIVPROT lookup start
> > [2351] dbg: dns: WHOIS_WHOISGUARD lookup start
> > [2351] dbg: dns: URIBL_PH_SURBL lookup start
> > [2351] dbg: dns: URIBL_BLACK lookup start
> > [2351] dbg: dns: WHOIS_PRIVACYPOST lookup start
> > [2351] dbg: dns: URIBL_RHS_DOB lookup start
> > [2351] dbg: dns: URIBL_JP_SURBL lookup start
> > [2351] dbg: dns: URIBL_WS_SURBL lookup start
> > [2351] dbg: dns: URIBL_OB_SURBL lookup start
> > [2351] dbg: dns: WHOIS_DMNBYPROXY lookup start
> > [2351] dbg: dns: WHOIS_REGISTERFLY lookup start
> > [2351] dbg: dns: WHOIS_UNLISTED lookup start
> > [2351] dbg: dns: WHOIS_MONIKER_PRIV lookup start
> > [2351] dbg: dns: URIBL_SBL lookup start
> >
> > How do I find out which rule/definition is causing all these lookups
> > to launch?
> >
> > -Vlad
> >
> > On 8/9/07, *Steve Campbell* <campbell at cnpapers.com
> > <mailto:campbell at cnpapers.com>> wrote:
> >
> >     I believe you can do this, but my versions are a little old:
> >
> >     In MailScanner.conf, try setting the following:
> >
> >     Spam List =
> >     Spam Domain List =
> >
> >     This turns off RBLs and the like in MS.
> >
> >     In either mailscanner.cf <http://mailscanner.cf>, local.cf
> >     <http://local.cf>, or spam.assassin.prefs.conf, set the
> >     following:
> >     skip_rbl_checks = 1
> >
> >     This turns off RBLs in SA.
> >
> >     Make sure they are not commented if they already exist.
> >
> >     I may be wrong on this, so anyone can correct me if I am.
> >
> >     Steve Campbell
> >
> >     Mikael Syska wrote:
> >     > Scott Silva wrote:
> >     >> Vlad Mazek spake the following on 8/9/2007 9:59 AM:
> >     >>
> >     >>> I'm sorry I am just not following; my mailscanner.cf
> >     <http://mailscanner.cf>
> >     >>> <http://mailscanner.cf> has only one line:
> >     >>>
> >     >>> dns_available yes
> >     >>>
> >     >>> Yet, it seems to be querying the external RBL's:
> >     >>> SpamAssassin (not cached, score= 16.885, required 5,
> >     >>> autolearn=disabled,
> >     >>> FH_RELAY_NODNS 1.25, HELO_EQ_IP_ADDR 1.12, HTML_MESSAGE 0.00,
> >     >>> HTML_OBFUSCATE_05_10 0.57, MIME_HTML_ONLY 1.67,
> >     RCVD_IN_BL_SPAMCOP_NET
> >     >>> 2.19, RCVD_IN_PBL 0.51, RDNS_NONE 0.10, URIBL_BLACK 1.96,
> >     >>> URIBL_JP_SURBL
> >     >>> 2.86, URIBL_OB_SURBL 2.13, URIBL_SC_SURBL 2.52
> >     >>>
> >     >>> My question is simply where/what is telling SpamAssassin to
> >     query all
> >     >>> these RBLs because my MailScanner.cf doesn't list any RBLs to
> >     be called
> >     >>> (line is commented out completely)
> >     >>>
> >     >> Spamassassin has several tests it does all by itself that are
> >     >> indepentent of
> >     >> mailscanner. Spamassassin tests rbl's and gives a score that is
> >     added
> >     >> together. When you use rbl's in mailscanner they are just
> >     flagged as
> >     >> spam if
> >     >> they hit, independent of how reliable a rbl might be.
> >     >>
> >     >> As you were told in the last mail, if you do not want rbl tests
> in
> >     >> spamassassin, you have to add a line for each one in
> >     mailscanner.cf <http://mailscanner.cf>.
> >     >> As an example, if you didn't want to test for
> >     RCVD_IN_BL_SPAMCOP_NET
> >     >> you add the following line;
> >     >> score RCVD_IN_BL_SPAMCOP_NET 0
> >     >>
> >     >> Does this clear things up a little more?
> >     >>
> >     > Little off-topic:
> >     > Can't the lookups be completely disabled, so its possible to
> >     avoid the
> >     > the DNS query ?
> >     >
> >     > As I understand SA, it will still make the lookup even if the
> >     score is
> >     > 0 ... or am I wrong here ?
> >     >
> >     > // ouT
> >
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>



-- 
-Vlad
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070814/442bb542/attachment.html

More information about the MailScanner mailing list