SA, MS, RBL problem

Vasiliy Boulytchev vasiliy at linuxspecial.com
Wed Jan 24 17:46:28 CET 2007


GENTS!

I have setup rbldnsd daemon, and am rsyncing down from NJABL...

I have made the local DNS cachers forward queries to rbldnsd. That can 
be tested via dig @dnscacheserver 2.0.0.127.dnsbl.njabl.org... i see 
that query get forwarded to rbldnsd, and i see the query in the log so i 
know 100 percent that rsync is working, dns forwarding is working 
correctly from bind to rbldnsd host

so thats out of the question....   MS machine is checking for DNS only 
against that dns cache server... so any queries for njabl should in 
theory forward to my rbldnsd box

now, just so you know, no queries come to rbldnsd box, nothing in the 
logs there

1169650318 172.30.35.65 192.120.70.217.dnsbl.njabl.org A IN: NOERROR/1/323
1169650345 172.30.35.64 192.120.70.217.dnsbl.njabl.org A IN: NOERROR/1/323
1169650365 172.30.35.64 19.120.70.217.dnsbl.njabl.org A IN: NXDOMAIN/0/92
1169650378 172.30.35.64 18.120.70.217.dnsbl.njabl.org A IN: NXDOMAIN/0/92
1169650385 172.30.35.65 11.120.70.217.dnsbl.njabl.org A IN: NXDOMAIN/0/92
1169650407 172.30.35.65 101.192.247.63.dnsbl.njabl.org A IN: NXDOMAIN/0/93

now, what you see there is the log from rbldnsd

regardless if it finds a record, or doesnt find one...  it STILL logs it
so i know for a fact that those queries are not hitting that box


this will show you what happens when I test SA

cat message.test
spamassassin -D < fix.pl > /dev/null


Can someone please help me setup NJABL properly?  I am invoking SA via 
MS... as you can see below, SA does seem to check NJABL...

THANKS!

./message.test
[15101] dbg: logger: adding facilities: all
[15101] dbg: logger: logging level is DBG
[15101] dbg: generic: SpamAssassin version 3.1.7
[15101] dbg: config: score set 0 chosen.
[15101] dbg: util: running in taint mode? yes
[15101] dbg: util: taint mode: deleting unsafe environment variables, 
resetting PATH
[15101] dbg: util: PATH included '/usr/kerberos/sbin', keeping
[15101] dbg: util: PATH included '/usr/kerberos/bin', keeping
[15101] dbg: util: PATH included '/usr/local/bin', keeping
[15101] dbg: util: PATH included '/bin', keeping
[15101] dbg: util: PATH included '/usr/bin', keeping
[15101] dbg: util: PATH included '/usr/X11R6/bin', keeping
[15101] dbg: util: PATH included '/home/vboulytchev/bin', which doesn't 
exist, dropping
[15101] dbg: util: PATH included '/usr/sbin', keeping
[15101] dbg: util: PATH included '/sbin', keeping
[15101] dbg: util: PATH included '/usr/local/apache/bin', which doesn't 
exist, dropping
[15101] dbg: util: PATH included '/usr/local/apache/rsawebagent', which 
doesn't exist, dropping
[15101] dbg: util: final PATH set to: 
/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin:/usr/sbin:/sbin
[15101] dbg: message: ---- MIME PARSER START ----
[15101] dbg: message: main message type: text/plain
[15101] dbg: message: parsing normal part
[15101] dbg: message: added part, type: text/plain
[15101] dbg: message: ---- MIME PARSER END ----
[15101] dbg: dns: is Net::DNS::Resolver available? yes
[15101] dbg: dns: Net::DNS version: 0.59
[15101] dbg: config: using "/etc/mail/spamassassin" for site rules pre files
[15101] dbg: config: read file /etc/mail/spamassassin/init.pre
[15101] dbg: config: read file /etc/mail/spamassassin/v310.pre
[15101] dbg: config: read file /etc/mail/spamassassin/v312.pre
[15101] dbg: config: using "/usr/share/spamassassin" for sys rules pre files
[15101] dbg: config: using "/usr/share/spamassassin" for default rules dir
[15101] dbg: config: read file /usr/share/spamassassin/10_misc.cf
[15101] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf
[15101] dbg: config: read file /usr/share/spamassassin/20_anti_ratware.cf
[15101] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf
[15101] dbg: config: read file /usr/share/spamassassin/20_compensate.cf
[15101] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf
[15101] dbg: config: read file /usr/share/spamassassin/20_drugs.cf
[15101] dbg: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf
[15101] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf
[15101] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf
[15101] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf
[15101] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf
[15101] dbg: config: read file /usr/share/spamassassin/20_phrases.cf
[15101] dbg: config: read file /usr/share/spamassassin/20_porn.cf
[15101] dbg: config: read file /usr/share/spamassassin/20_ratware.cf
[15101] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf
[15101] dbg: config: read file /usr/share/spamassassin/23_bayes.cf
[15101] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf
[15101] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf
[15101] dbg: config: read file /usr/share/spamassassin/25_body_tests_es.cf
[15101] dbg: config: read file /usr/share/spamassassin/25_body_tests_pl.cf
[15101] dbg: config: read file /usr/share/spamassassin/25_dcc.cf
[15101] dbg: config: read file /usr/share/spamassassin/25_dkim.cf
[15101] dbg: config: read file /usr/share/spamassassin/25_domainkeys.cf
[15101] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf
[15101] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf
[15101] dbg: config: read file /usr/share/spamassassin/25_razor2.cf
[15101] dbg: config: read file /usr/share/spamassassin/25_replace.cf
[15101] dbg: config: read file /usr/share/spamassassin/25_spf.cf
[15101] dbg: config: read file /usr/share/spamassassin/25_textcat.cf
[15101] dbg: config: read file /usr/share/spamassassin/25_uribl.cf
[15101] dbg: config: read file /usr/share/spamassassin/30_text_de.cf
[15101] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf
[15101] dbg: config: read file /usr/share/spamassassin/30_text_it.cf
[15101] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf
[15101] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf
[15101] dbg: config: read file /usr/share/spamassassin/30_text_pt_br.cf
[15101] dbg: config: read file /usr/share/spamassassin/50_scores.cf
[15101] dbg: config: read file /usr/share/spamassassin/60_awl.cf
[15101] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf
[15101] dbg: config: read file /usr/share/spamassassin/60_whitelist_dk.cf
[15101] dbg: config: read file /usr/share/spamassassin/60_whitelist_dkim.cf
[15101] dbg: config: read file /usr/share/spamassassin/60_whitelist_spf.cf
[15101] dbg: config: read file 
/usr/share/spamassassin/60_whitelist_subject.cf
[15101] dbg: config: using "/etc/mail/spamassassin" for site rules dir
[15101] dbg: config: read file /etc/mail/spamassassin/local.cf
[15101] dbg: config: using "/home/vboulytchev/.spamassassin" for user 
state dir
[15101] dbg: config: using "/home/vboulytchev/.spamassassin/user_prefs" 
for user prefs file
[15101] dbg: config: read file /home/vboulytchev/.spamassassin/user_prefs
[15101] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC
[15101] dbg: plugin: registered 
Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa660cc0)
[15101] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC
[15101] dbg: plugin: registered 
Mail::SpamAssassin::Plugin::Hashcash=HASH(0xa6ab670)
[15101] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC
[15101] dbg: plugin: registered 
Mail::SpamAssassin::Plugin::SPF=HASH(0xa6cfd94)
[15101] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC
[15101] dbg: dcc: network tests on, registering DCC
[15101] dbg: plugin: registered 
Mail::SpamAssassin::Plugin::DCC=HASH(0xa6ae24c)
[15101] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC
[15101] dbg: pyzor: network tests on, attempting Pyzor
[15101] dbg: plugin: registered 
Mail::SpamAssassin::Plugin::Pyzor=HASH(0xa7298a8)
[15101] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC
[15101] dbg: razor2: razor2 is available, version 2.82
[15101] dbg: plugin: registered 
Mail::SpamAssassin::Plugin::Razor2=HASH(0xa731e9c)
[15101] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC
[15101] dbg: reporter: network tests on, attempting SpamCop
[15101] dbg: plugin: registered 
Mail::SpamAssassin::Plugin::SpamCop=HASH(0xac0224c)
[15101] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC
[15101] dbg: plugin: registered 
Mail::SpamAssassin::Plugin::AWL=HASH(0xab6618c)
[15101] dbg: plugin: loading 
Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC
[15101] dbg: plugin: registered 
Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0xac34d04)
[15101] dbg: plugin: loading Mail::SpamAssassin::Plugin::TextCat from @INC
[15101] dbg: textcat: loading languages file...
[15101] dbg: textcat: loaded 73 language models
[15101] dbg: plugin: registered 
Mail::SpamAssassin::Plugin::TextCat=HASH(0xac4e080)
[15101] dbg: plugin: loading 
Mail::SpamAssassin::Plugin::WhiteListSubject from @INC
[15101] dbg: plugin: registered 
Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0xaec0ac8)
[15101] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from 
@INC
[15101] dbg: plugin: registered 
Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0xaec69e4)
[15101] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags 
from @INC
[15101] dbg: plugin: registered 
Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xaecff78)
[15101] dbg: config: adding redirector regex: 
/^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i
[15101] dbg: config: adding redirector regex: 
/^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i
[15101] dbg: config: adding redirector regex: 
/^http:\/\/.+\.gov\/(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i
[15101] dbg: config: adding redirector regex: 
/^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i
[15101] dbg: config: adding redirector regex: 
/^http:\/\/(?:.*?\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i
[15101] dbg: config: adding redirector regex: 
m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&#])'i
[15101] dbg: config: adding redirector regex: 
m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i
[15101] dbg: config: adding redirector regex: 
m'/(?:index.php)?\?.*(?<=[?&])URL=(.*?)(?:$|[&#])'i
[15101] dbg: config: adding redirector regex: 
m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/url\?.*?(?<=[?&])q=(.*?)(?:$|[&#])'i
[15101] dbg: config: adding redirector regex: 
m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])site:(.*?)(?:$|%20|[\s+&#])'i
[15101] dbg: config: adding redirector regex: 
m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])(?:"|%22)(.*?)(?:$|%22|["\s+&#])'i
[15101] dbg: config: adding redirector regex: 
m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/translate\?.*?(?<=[?&])u=(.*?)(?:$|[&#])'i
[15101] dbg: plugin: 
Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xaecff78) implements 
'finish_parsing_end'
[15101] dbg: replacetags: replacing tags
[15101] dbg: replacetags: done replacing tags
[15101] dbg: bayes: using username: mailscanner
[15101] dbg: bayes: database connection established
[15101] dbg: bayes: found bayes db version 3
[15101] dbg: bayes: Using userid: 1
[15101] dbg: bayes: not available for scanning, only 0 spam(s) in bayes 
DB < 200
[15101] dbg: config: score set 1 chosen.
[15101] dbg: bayes: database connection established
[15101] dbg: bayes: found bayes db version 3
[15101] dbg: bayes: Using userid: 1
[15101] dbg: bayes: not available for scanning, only 0 spam(s) in bayes 
DB < 200
[15101] dbg: dns: dns_available set to yes in config file, skipping test
[15101] dbg: metadata: X-Spam-Relays-Trusted:
[15101] dbg: metadata: X-Spam-Relays-Untrusted:
[15101] dbg: metadata: X-Spam-Relays-Internal:
[15101] dbg: metadata: X-Spam-Relays-External:
[15101] dbg: plugin: Mail::SpamAssassin::Plugin::TextCat=HASH(0xac4e080) 
implements 'extract_metadata'
[15101] dbg: message: ---- MIME PARSER START ----
[15101] dbg: message: main message type: text/plain
[15101] dbg: message: parsing normal part
[15101] dbg: message: added part, type: text/plain
[15101] dbg: message: ---- MIME PARSER END ----
[15101] dbg: message: no encoding detected
[15101] dbg: textcat: message too short for language analysis
[15101] dbg: textcat: X-Languages: "", X-Languages-Length: 188
[15101] dbg: plugin: 
Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa660cc0) implements 
'parsed_metadata'
[15101] dbg: uridnsbl: domains to query:
[15101] dbg: dns: checking RBL sbl-xbl.spamhaus.org., set 
sblxbl-lastexternal
[15101] dbg: dns: checking RBL sa-accredit.habeas.com., set 
habeas-firsttrusted
[15101] dbg: dns: checking RBL sbl-xbl.spamhaus.org., set sblxbl
[15101] dbg: dns: checking RBL sa-other.bondedsender.org., set bsp-untrusted
[15101] dbg: dns: checking RBL combined.njabl.org., set njabl-lastexternal
[15101] dbg: dns: checking RBL combined.njabl.org., set njabl
[15101] dbg: dns: checking RBL 
combined-HIB.dnsiplists.completewhois.com., set whois
[15101] dbg: dns: checking RBL list.dsbl.org., set dsbl-lastexternal
[15101] dbg: dns: checking RBL bl.spamcop.net., set spamcop
[15101] dbg: dns: checking RBL sa-trusted.bondedsender.org., set 
bsp-firsttrusted
[15101] dbg: dns: checking RBL 
combined-HIB.dnsiplists.completewhois.com., set whois-lastexternal
[15101] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs-lastexternal
[15101] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs
[15101] dbg: dns: checking RBL iadb.isipp.com., set iadb-firsttrusted
[15101] dbg: check: running tests for priority: 0
[15101] dbg: rules: running header regexp tests; score so far=0
[15101] dbg: spf: no suitable relay for spf use found, skipping SPF-helo 
check
[15101] dbg: eval: all '*From' addrs:
[15101] dbg: eval: all '*To' addrs:
[15101] dbg: spf: no suitable relay for spf use found, skipping SPF check
[15101] dbg: rules: ran eval rule NO_RELAYS ======> got hit
[15101] dbg: rules: ran eval rule __ENV_AND_HDR_FROM_MATCH ======> got hit
[15101] dbg: spf: cannot get Envelope-From, cannot use SPF
[15101] dbg: spf: def_spf_whitelist_from: could not find useable 
envelope sender
[15101] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit
[15101] dbg: rules: ran eval rule MISSING_HEADERS ======> got hit
[15101] dbg: spf: spf_whitelist_from: could not find useable envelope sender
[15101] dbg: rules: running body-text per-line regexp tests; score so 
far=0.188
[15101] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "o"
[15101] dbg: uri: running uri tests; score so far=0.188
[15101] dbg: bayes: database connection established
[15101] dbg: bayes: found bayes db version 3
[15101] dbg: bayes: Using userid: 1
[15101] dbg: bayes: not available for scanning, only 0 spam(s) in bayes 
DB < 200
[15101] dbg: bayes: not scoring message, returning undef
[15101] dbg: rules: running raw-body-text per-line regexp tests; score 
so far=0.188
[15101] dbg: rules: running full-text regexp tests; score so far=0.188
[15101] dbg: info: entering helper-app run mode
[15101] dbg: info: leaving helper-app run mode
[15101] dbg: razor2: part=0 engine=4 contested=0 confidence=0
[15101] dbg: razor2: results: spam? 0
[15101] dbg: razor2: results: engine 8, highest cf score: 0
[15101] dbg: razor2: results: engine 4, highest cf score: 0
[15101] dbg: pyzor: pyzor is available: /usr/bin/pyzor
[15101] dbg: info: entering helper-app run mode
[15101] dbg: pyzor: opening pipe: /usr/bin/pyzor check < 
/tmp/.spamassassin15101RuRka7tmp
[15102] dbg: util: setuid: ruid=0 euid=0
[15101] dbg: pyzor: [15102] finished: exit=0x0100
[15101] dbg: pyzor: got response: 66.250.40.33:24441 TimeoutError:
[15101] dbg: info: leaving helper-app run mode
[15101] dbg: pyzor: failure to parse response "66.250.40.33:24441 
TimeoutError: "
[15101] dbg: dcc: dccifd is not available: no r/w dccifd socket found
[15101] dbg: dcc: dccproc is available: /usr/local/bin/dccproc
[15101] dbg: info: entering helper-app run mode
[15101] dbg: dcc: opening pipe: /usr/local/bin/dccproc -H -x 0 < 
/tmp/.spamassassin15101RuRka7tmp
[15103] dbg: util: setuid: ruid=0 euid=0
[15101] dbg: dcc: got response: missing SMTP header lines; fatal error
[15101] dbg: info: leaving helper-app run mode
[15101] dbg: dcc: check failed: no X-DCC returned (did you create a map 
file?): missing SMTP header lines; fatal error
[15101] dbg: plugin: 
Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa660cc0) implements 'check_tick'
[15101] dbg: check: running tests for priority: 500
[15101] dbg: plugin: 
Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa660cc0) implements 
'check_post_dnsbl'
[15101] dbg: rules: running meta tests; score so far=0.188
[15101] dbg: rules: running header regexp tests; score so far=1.666
[15101] dbg: rules: running body-text per-line regexp tests; score so 
far=1.666
[15101] dbg: uri: running uri tests; score so far=1.666
[15101] dbg: rules: running raw-body-text per-line regexp tests; score 
so far=1.666
[15101] dbg: rules: running full-text regexp tests; score so far=1.666
[15101] dbg: check: running tests for priority: 1000
[15101] dbg: rules: running meta tests; score so far=1.666
[15101] dbg: rules: running header regexp tests; score so far=1.666
[15101] dbg: rules: running body-text per-line regexp tests; score so 
far=1.666
[15101] dbg: uri: running uri tests; score so far=1.666
[15101] dbg: rules: running raw-body-text per-line regexp tests; score 
so far=1.666
[15101] dbg: rules: running full-text regexp tests; score so far=1.666
[15101] dbg: plugin: 
Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0xac34d04) 
implements 'autolearn_discriminator'
[15101] dbg: learn: auto-learn: currently using scoreset 1
[15101] dbg: learn: auto-learn: message score: 1.666, computed score for 
autolearn: 1.668
[15101] dbg: learn: auto-learn? ham=0.1, spam=12, body-points=0, 
head-points=0.189, learned-points=0
[15101] dbg: learn: auto-learn? no: inside auto-learn thresholds, not 
considered ham or spam
[15101] dbg: check: is spam? score=1.666 required=5
[15101] dbg: check: 
tests=MISSING_HEADERS,MISSING_SUBJECT,NO_RECEIVED,NO_RELAYS,TO_CC_NONE
[15101] dbg: check: 
subtests=__ENV_AND_HDR_FROM_MATCH,__NONEMPTY_BODY,__UNUSABLE_MSGID

Vasiliy Boulytchev
vasiliy at linuxspecial.com



More information about the MailScanner mailing list