On Wed, 2014-08-27 at 01:08 +0200, Reindl Harald wrote: > below the stdout/sterr of following script filtered for "dns" > so the lists are asked, but the question remains why that > don't happen from a IP in the same network
Nope, no RBL queries. See below. > in the meantime there are a lot of "cust<count>-lastexternal" > generated from a web-interface including the 4 below and > the local network range is listed on them, hence why i > want them used unconidtionally and not only with foreign IP's If it's internal, it's internal. There is a reason you are setting up lastexternal DNSxL rules. Do not invalidate SA *_networks configuration in an attempt to adjust it to poorly, non real-live generated samples. Generate a proper sample instead, either by actually sending mail from external IPs, or if need be by manually editing the MX Received header, forging an external source (do pay attention to detail). Besides, there is no point in whitelisting your own LAN IPs. Those should simply hit ALL_TRUSTED, or just not be filtered in the first place. > /usr/bin/spamassassin -D < /var/lib/spamass-milter/spam-example.eml > [sa-milt@mail-gw:~]$ cat debug.txt | grep -i dns > Aug 27 00:59:29.249 [30833] dbg: metadata: X-Spam-Relays-Untrusted: [ > ip=10.0.0.19 rdns=mail-gw.thelounge.net > helo=mail-gw.thelounge.net by=mail.thelounge.net ident= envfrom= intl=0 > id=3hjPzJ6TWVz23 auth= msa=0 ] [ > ip=10.0.0.6 rdns=arrakis.thelounge.net helo=arrakis.thelounge.net > by=mail-gw.thelounge.net ident= envfrom= intl=0 > id=3hjPzJ2tkPz1w auth= msa=0 ] There is no X-Spam-Relays-Trusted metadata in your grep for "dns", which means there is absolutely no trusted relay. Given those relays are in the 10/8 class A network and you deliberately breaking trusted_networks in a previous post, that seems about right... > Aug 27 00:59:29.249 [30833] dbg: metadata: X-Spam-Relays-External: [ > ip=10.0.0.19 rdns=mail-gw.thelounge.net > helo=mail-gw.thelounge.net by=mail.thelounge.net ident= envfrom= intl=0 > id=3hjPzJ6TWVz23 auth= msa=0 ] [ > ip=10.0.0.6 rdns=arrakis.thelounge.net helo=arrakis.thelounge.net > by=mail-gw.thelounge.net ident= envfrom= intl=0 > id=3hjPzJ2tkPz1w auth= msa=0 ] Same issue with X-Spam-Relays-Internal not showing up in the grep, thus being completely empty. Unless you specified internal_networks manually, it is set to trusted_networks. Thus equally invalid. > Aug 27 00:59:29.254 [30833] dbg: dns: checking RBL bl.spameatingmonkey.net., > set cust12-lastexternal > Aug 27 00:59:29.254 [30833] dbg: dns: checking RBL spam.dnsbl.sorbs.net., set > cust15-lastexternal > Aug 27 00:59:29.254 [30833] dbg: dns: checking RBL psbl.surriel.com., set > cust14-lastexternal All those third-party RBLs with your "cust" sets are extremely fishy. Anyway, there are no "dbg: dns: IPs found:" and "dbg: dns: launching" lines, so this clearly shows the RBLs are NOT queried. > Aug 27 00:59:29.254 [30833] dbg: dns: checking RBL dnswl-low.thelounge.net., > set cust16-lastexternal No activity with your custom RBL either. But well, how would you expect SA to query *last* external, given you deliberately told SA there are no internal relays... All external. No internal, no last external aka "hop before first internal" either. First of all, do read and understand the (trusted|internal)_networks options in the M::SA::Conf [1] docs, section Network Test Options. Then remove the current bad *_networks options in your conf. If you don't fully understand those docs, keep it at that, default. If you do understand and see an actual need to manually set them, do so, but do so *correctly*. Hints on gathering relevant information from the debug output: Don't just grep for generic "dns", but check specifics by grepping for X-Spam-Relays and (trusted|internal)_networks. Better yet, don't grep but search the debug output interactively, and read nearby / related info. While debugging, actually reading, searching for terms or at least glimpsing the entire debug output is good advice anyway. [1] http://spamassassin.apache.org/doc/Mail_SpamAssassin_Conf.html -- char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1: (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
