Jeff Chan wrote:
> I'd need to read the source code, but for a .info, urirhssub
> is probably checking the second level domain, i.e.
> wneiis-planet.info . It may be checking at the third levels
> also: tvuu.wneiis-planet.info and dkcw.wneiis-planet.info .
>
> In either case it should not be timing out. If it is checking
> the third levels, an NXDOMAIN response meaning it's not on the
> multi.surbl.org list should be cached after the first try and
> therefore quick on subsequent queries. It should be pretty
> quickly resolved for whatever name servers you happen to hit
> for the first query.
>
> If you try:
>
> time dig tvuu.wneiis-planet.info.multi.surbl.org.
>
> on the same machine SA is running on what result do you get? How
> long does it take. How about:
>
> time dig wneiis-planet.info.multi.surbl.org.
>
> Try a bogus new query like:
>
> time dig some.bogus.query.multi.surbl.org.
>
> and see how long it takes to give an NXDOMAIN. If it's quick
> from the command line it probably should be quick from SA also.
>
> Jeff C.
> --
> Jeff Chan
> mailto:[EMAIL PROTECTED]
> http://www.surbl.org/
>
Thanks for your help with this! I tried the dig commands you suggested and
the response times were very fast:
time dig tvuu.wneiis-planet.info.multi.surbl.org:
; <<>> DiG 8.3 <<>> tvuu.wneiis-planet.info.multi.surbl.org.
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 7293
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUERY SECTION:
;; tvuu.wneiis-planet.info.multi.surbl.org, type = A, class = IN
;; AUTHORITY SECTION:
multi.surbl.org. 6m56s IN SOA a.surbl.org. zone.surbl.org. (
1096293502 ; serial
10M ; refresh
5M ; retry
1W ; expiry
15M ) ; minimum
;; Total query time: 1 msec
;; FROM: teal.boreal.org to SERVER: 216.70.16.10
;; WHEN: Mon Sep 27 09:36:11 2004
;; MSG SIZE sent: 57 rcvd: 100
0.000u 0.001s 0:00.00 0.0% 0+0k 0+0io 0pf+0w
--------------------------
time dig wneiis-planet.info.multi.surbl.org:
; <<>> DiG 8.3 <<>> wneiis-planet.info.multi.surbl.org.
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24537
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 14, ADDITIONAL: 13
;; QUERY SECTION:
;; wneiis-planet.info.multi.surbl.org, type = A, class = IN
;; ANSWER SECTION:
wneiis-planet.info.multi.surbl.org. 27m15s IN A 127.0.0.54
;; AUTHORITY SECTION:
multi.surbl.org. 3m44s IN NS g.surbl.org.
multi.surbl.org. 3m44s IN NS h.surbl.org.
multi.surbl.org. 3m44s IN NS i.surbl.org.
multi.surbl.org. 3m44s IN NS j.surbl.org.
multi.surbl.org. 3m44s IN NS k.surbl.org.
multi.surbl.org. 3m44s IN NS l.surbl.org.
multi.surbl.org. 3m44s IN NS m.surbl.org.
multi.surbl.org. 3m44s IN NS n.surbl.org.
multi.surbl.org. 3m44s IN NS a.surbl.org.
multi.surbl.org. 3m44s IN NS b.surbl.org.
multi.surbl.org. 3m44s IN NS c.surbl.org.
multi.surbl.org. 3m44s IN NS d.surbl.org.
multi.surbl.org. 3m44s IN NS e.surbl.org.
multi.surbl.org. 3m44s IN NS f.surbl.org.
;; ADDITIONAL SECTION:
g.surbl.org. 23h8m36s IN A 69.10.169.115
g.surbl.org. 23h8m36s IN A 209.234.111.50
h.surbl.org. 23h8m22s IN A 216.241.132.46
h.surbl.org. 23h8m22s IN A 64.21.208.210
i.surbl.org. 23h8m44s IN A 62.58.50.220
i.surbl.org. 23h8m44s IN A 194.109.9.8
i.surbl.org. 23h8m44s IN A 38.116.133.25
j.surbl.org. 23h8m22s IN A 130.161.128.109
j.surbl.org. 23h8m22s IN A 194.134.35.168
j.surbl.org. 23h8m22s IN A 130.161.128.108
k.surbl.org. 23h8m22s IN A 213.132.0.70
k.surbl.org. 23h8m22s IN A 193.95.141.43
k.surbl.org. 23h8m22s IN A 194.134.35.204
;; Total query time: 2 msec
;; FROM: teal.boreal.org to SERVER: 216.70.16.10
;; WHEN: Mon Sep 27 09:37:06 2004
;; MSG SIZE sent: 52 rcvd: 500
0.000u 0.001s 0:00.00 0.0% 0+0k 0+0io 0pf+0w
-------------------
time dig some.bogus.query.multi.surbl.org:
; <<>> DiG 8.3 <<>> some.bogus.query.multi.surbl.org.
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10800
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUERY SECTION:
;; some.bogus.query.multi.surbl.org, type = A, class = IN
;; AUTHORITY SECTION:
multi.surbl.org. 4m45s IN SOA a.surbl.org. zone.surbl.org. (
1096293502 ; serial
10M ; refresh
5M ; retry
1W ; expiry
15M ) ; minimum
;; Total query time: 1 msec
;; FROM: teal.boreal.org to SERVER: 216.70.16.10
;; WHEN: Mon Sep 27 09:39:59 2004
;; MSG SIZE sent: 50 rcvd: 93
0.000u 0.001s 0:00.00 0.0% 0+0k 0+0io 0pf+0w
------------------
I tried running the spam in question through Spamassassin again and this
time it doesn't appear to have timed out, but it's still not identifying
this domain as being in the URIBLs.
Debug output:
<---snip---->
URIDNSBL: query for dkcw.wneiis-planet.info took 2 seconds to look up
(multi.surbl.org.:dkcw.wneiis-planet.info)
debug: URIDNSBL: query for tvuu.wneiis-planet.info took 2 seconds to look up
(multi.surbl.org.:tvuu.wneiis-planet.info)
debug: URIDNSBL: queries completed: 4 started: 0
debug: URIDNSBL: queries active: at Mon Sep 27 09:31:57 2004
<---snip---->
debug:
tests=BAYES_99,MANY_RBLS_BA,RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK,RCVD_IN_B
L_SPAMCOP_NET,RCVD_IN_SORBS_WEB,SPAMMER_URLS04_I_BA
debug:
subtests=__BODY_EXISTS_BA,__CT,__CTE,__CTYPE_CHARSET_QUOTED,__CT_TEXT_PLA
IN,__HAS_MSGID,__HAS_SUBJECT,__MIME_VERSION,__MSGID_OK_DIGITS,__MSGID_OK_HOS
T,__
RCVD_IN_SBL_XBL,__RCVD_IN_SORBS,__SANE_MSGID
If I'm reading the dig output correctly, it isn't finding the
tvuu.wneiis-planet.info domain, although wneiis-planet.info is listed. But
from other posts on this list it's obvious that it is being correctly
flagged on other systems. Is this an issue with SURBL or with Spamassassin?
If it's a problem with the way Spamassassin is extracting the URL's I'll
submit it to bugzilla, but I want to be sure I'm on the right track before I
do.
Thanks much for your help!
Sandy S.
