Help debugging false positives with SURBL

[Sattler, Tim]

Hi,

> I am having trouble with the spamassassin SURBL tests and cron emails.

> For some strange reason I am getting this score on an email delivered 
> via MailScanner: 

You should check to see whether your setup matches one of the following 
conditions mentioned on surbl.org:

<quote>
DNS bugs and incompabilities leading to false positives

There is a bug (#3997) in versions of SpamAssassin older than 3.1 where 
the responses to DNS queries occasionally get mixed up, resulting in
very 
rare false positives (non-spam tagged as spam). This can be seen when 
SpamAssassin shows a domain as blacklisted but it is not blacklisted
when 
checking with a manual DNS query or on the lookup page. The solution is
to 
upgrade to SpamAssassin version 3.1 or later. 

Another issue for users of DNS or proxy services that modify the results

of DNS queries is that some of those changes may not compatible with
SURBL 
applications. In particular, modification of NXDOMAIN responses can
result 
in false positives due to the changed Address bits in the response. The 
solution is to not use DNS or proxy services that modify query results
on 
your systems running SURBL applications. 

These cases are very rare, but worth mentioning if it prevents some
confusion. 
</quote>

We had a similar issue when using OpenDNS as DNS forwarder.

Regards
Tim