1. I have a "HOP 0" line in my global.cfg file. 2. Here's what I get:
nslookup 2.0.0.127.bl.spamcop.net Server: ns1.sprintlink.net Address: 204.117.214.10 Non-authoritative answer: Name: 2.0.0.127.bl.spamcop.net Address: 127.0.0.2 3. I had been running on debug, but this problem has been going on for at least a month, and I gave up on finding an answer, so I turned off my debug because my log files were chewing up disk space. Following are some lines for an email from Aug. 19 that SmarterMail caught with CBL and Spamhaus SBL: 08/19/2005 12:48:53.796 36110955 [3996] Got IP 204.9.244.26 08/19/2005 12:48:53.796 36110955 [3996] Setting remote IP address to 204.9.244.26 08/19/2005 12:48:53.796 36110955 [3996] 26.244.9.204.in-addr.arpa 08/19/2005 12:48:54.734 36110955 [3996] Done with reverse DNS lookup; processing it. 08/19/2005 12:48:54.734 36110955 [3996] revdns: ip-244-26.incyour.com. 08/19/2005 12:48:54.734 36110955 [3996] Hop 0: Checking IP Address 204.9.244.26. 08/19/2005 12:48:54.734 36110955 [3996] iptext=204.9.244.26 myip1=cc09f41a i=4 08/19/2005 12:48:56.046 36110955 [3996] Test #5 [AHBL] is same as Test #5 [AHBL=*]. Answer=admins.sosdg.org.? 08/19/2005 12:48:56.046 36110955 [3996] Test #6 [BLITZEDALL] is same as Test #6 [BLITZEDALL=*]. Answer=hostmaster.blitzed.org.? 08/19/2005 12:48:56.046 36110955 [3996] Test #7 [CBL] is same as Test #7 [CBL=127.0.0.2]. Answer=cbl.cbl.abuseat.org.? 08/19/2005 12:48:56.046 36110955 [3996] Test #8 [DSBL] is same as Test #8 [DSBL=*]. Answer=admin.dsbl.org.? 08/19/2005 12:48:56.046 36110955 [3996] Test #11 [ORDB] is same as Test #11 [ORDB=*]. Answer=hostmaster.ordb.org.? 08/19/2005 12:48:56.265 36110955 [3996] Test #9 [MXRATE-BLOCK] is same as Test #9 [MXRATE-BLOCK=127.0.0.2]. Answer=127.0.0.4? 08/19/2005 12:48:56.265 36110955 [3996] Test #9 [MXRATE-BLOCK] is same as Test #9 [MXRATE-BLOCK]. Answer=127.0.0.4 08/19/2005 12:48:56.265 36110955 [3996] Test #9 [MXRATE-BLOCK] is same as Test #10 [MXRATE-SUSPICIOUS=127.0.0.4]. Answer=127.0.0.4? 08/19/2005 12:48:56.265 36110955 [3996] Test #9 [MXRATE-BLOCK] is same as Test #10 [MXRATE-SUSPICIOUS]. Answer=127.0.0.4 08/19/2005 12:48:56.265 36110955 [3996] 204.9.244.26 IS listed in MXRATE-SUSPICIOUS. 08/19/2005 12:48:58.015 36110955 [3996] Test #9 [MXRATE-BLOCK] is same as Test #24 [MXRATE-ALLOW=127.0.0.3]. Answer=127.0.0.4? 08/19/2005 12:48:58.015 36110955 [3996] Test #9 [MXRATE-BLOCK] is same as Test #24 [MXRATE-ALLOW]. Answer=127.0.0.4 08/19/2005 12:48:59.765 36110955 [3996] Test 12-SBL didn't get a response. 08/19/2005 12:48:59.765 36110955 [3996] Test 13-SORBS-HTTP didn't get a response. 08/19/2005 12:48:59.765 36110955 [3996] Test 22-SPAMCOP didn't get a response. 08/19/2005 12:48:59.765 36110955 [3996] Test 23-BONDEDSENDER didn't get a response. 08/19/2005 12:48:59.765 36110955 [3996] Test 25-INTERSIL didn't get a response. 08/19/2005 12:48:59.765 36110955 [3996] Test 26-CSMA-SBL didn't get a response. 08/19/2005 12:48:59.765 36110955 [3996] Test 27-SPAMBAG didn't get a response. 08/19/2005 12:48:59.765 36110955 [3996] Test 28-FIVETENSRC didn't get a response. 08/19/2005 12:48:59.765 36110955 [3996] Test 29-JAMMDNSBL didn't get a response. -------- Original Message -------- > From: "Darrell \([EMAIL PROTECTED])" <[EMAIL PROTECTED]> > Sent: Saturday, September 03, 2005 11:21 AM > To: Declude.JunkMail@declude.com > Subject: Re: [Declude.JunkMail] ip4r blacklists > > Gary, > > Someone recently posted that they did not have the "HOP x" setting in their > global.cfg and what was happening is that the ip4r tests were being skipped. > Can you check on that? Also, if you drop down to a command prompt and type > this what happens. > > nslookup 2.0.0.127.bl.spamcop.net > > Also, I would switch Declude's logging mode to "Debug" and post a snippet of > the debug output for a message that smartermail tags on a ip4r list that > declude did not. > > Darrell > ------------------------------------------- > Check out http://www.invariantsystems.com for utilities for Declude And > Imail. IMail Queue Monitoring, Declude Overflow Queue Monitoring, SURBL/URI > integration, MRTG Integration, and Log Parsers. > > ----- Original Message ----- > From: "Gary Steiner" <[EMAIL PROTECTED]> > To: <Declude.JunkMail@declude.com> > Sent: Saturday, September 03, 2005 11:09 AM > Subject: [Declude.JunkMail] ip4r blacklists > > > I continue to run into a problem where Declude fails to get any response > from the ip4r blacklists, then SmarterMail catches the exact same spam using > the ip4r blacklists(spamcop, cbl, spamhaus, etc.). Declude support implied > that there was a problem with my DNS server. But both Declude and > SmarterMail are using the same DNS server. Why would Declude have a problem > with it and SmarterMail not? I'm using Declude 2.0.6.16 and SmarterMail > 2.6. It's very intermittent, happening on probably less than 5% of the > total spams, but enough that it's noticeable. > > --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
