Thanks for your answers.
The system spamassassin is installed on is the following: 4.9.0-4-amd64
#1 SMP Debian 4.9.51-1 (2017-09-28) x86_64 GNU/Linux
spamassassin -V outputs this:
SpamAssassin version 3.4.1
running on Perl version 5.24.1
I did not install spamassassin myself, however these were the
installation steps taken:
apt-get install g++ ( needed for Encode::Detect )
apt-get install libssl-dev ( for DKIM )
in cpan:
install Net::DNS
install NetAddr::IP
install Mail::SPF
install Mail::DKIM
There is no entry in the local.cf regarding dns, so default settings
should be used.
I did a "spamassassin -t -D < testmail | grep dns"
It outputs many lines, so here is one of the interesting parts:
Jan 8 10:31:15.456 [31076] dbg: dns: bgsend, DNS servers: [127.0.0.1]:53
Jan 8 10:31:15.456 [31076] dbg: dns: attempt 1/1, trying connect/sendto
to [127.0.0.1]:53
Jan 8 10:31:15.456 [31076] dbg: dns: providing a callback for id:
8553/IN/TXT/233.182.90.103.sa-accredit.habeas.com
Jan 8 10:31:15.456 [31076] dbg: async: starting: DNSBL-TXT,
dns:TXT:233.182.90.103.sa-accredit.habeas.com (timeout 15.0s, min 3.0s)
Jan 8 10:31:15.456 [31076] dbg: dns: checking RBL zen.spamhaus.org.,
set zen-lastexternal
Jan 8 10:31:15.456 [31076] dbg: dns: IPs found: full-external:
103.90.182.233 untrusted: 103.90.182.233 originating:
Jan 8 10:31:15.456 [31076] dbg: netset: trusted_networks cached lookup
on 103.90.182.233, 2 networks, result: 0
Jan 8 10:31:15.456 [31076] dbg: dns: only inspecting the following IPs:
103.90.182.233
Jan 8 10:31:15.456 [31076] dbg: async: launching
A/233.182.90.103.zen.spamhaus.org for dns:A:233.182.90.103.zen.spamhaus.org
Jan 8 10:31:15.456 [31076] dbg: dns: bgsend, DNS servers: [127.0.0.1]:53
Jan 8 10:31:15.456 [31076] dbg: dns: attempt 1/1, trying connect/sendto
to [127.0.0.1]:53
Jan 8 10:31:15.456 [31076] dbg: dns: providing a callback for id:
64905/IN/A/233.182.90.103.zen.spamhaus.org
Jan 8 10:31:15.456 [31076] dbg: async: starting: DNSBL-A,
dns:A:233.182.90.103.zen.spamhaus.org (timeout 15.0s, min 3.0s)
Jan 8 10:31:15.457 [31076] dbg: dns: checking RBL
bb.barracudacentral.org., set brbl-lastexternal
Jan 8 10:31:15.457 [31076] dbg: dns: IPs found: full-external:
103.90.182.233 untrusted: 103.90.182.233 originating:
Jan 8 10:31:15.457 [31076] dbg: netset: trusted_networks cached lookup
on 103.90.182.233, 2 networks, result: 0
Jan 8 10:31:15.457 [31076] dbg: dns: only inspecting the following IPs:
103.90.182.233
Jan 8 10:31:15.457 [31076] dbg: async: launching
A/233.182.90.103.bb.barracudacentral.org for
dns:A:233.182.90.103.bb.barracudacentral.org
Jan 8 10:31:15.458 [31076] dbg: dns: checking RBL zen.spamhaus.org.,
set zen-lastexternal
Jan 8 10:31:15.458 [31076] dbg: dns: IPs found: full-external:
103.90.182.233 untrusted: 103.90.182.233 originating:
Jan 8 10:31:15.458 [31076] dbg: netset: trusted_networks cached lookup
on 103.90.182.233, 2 networks, result: 0
Jan 8 10:31:15.458 [31076] dbg: dns: only inspecting the following IPs:
103.90.182.233
Jan 8 10:31:15.458 [31076] dbg: dns: checking RBL iadb.isipp.com., set
iadb-firsttrusted
Jan 8 10:31:15.458 [31076] dbg: dns: IPs found: full-external:
103.90.182.233 untrusted: 103.90.182.233 originating:
Jan 8 10:31:15.458 [31076] dbg: dns: only inspecting the following IPs:
103.90.182.233
Jan 8 10:31:15.458 [31076] dbg: async: launching
A/233.182.90.103.iadb.isipp.com for dns:A:233.182.90.103.iadb.isipp.com
Jan 8 10:31:15.458 [31076] dbg: dns: bgsend, DNS servers: [127.0.0.1]:53
Jan 8 10:31:15.458 [31076] dbg: dns: attempt 1/1, trying connect/sendto
to [127.0.0.1]:53
Jan 8 10:31:15.458 [31076] dbg: dns: providing a callback for id:
6693/IN/A/233.182.90.103.iadb.isipp.com
Jan 8 10:31:15.459 [31076] dbg: async: starting: DNSBL-A,
dns:A:233.182.90.103.iadb.isipp.com (timeout 15.0s, min 3.0s)
Jan 8 10:31:15.459 [31076] dbg: dns: checking A and MX for host
murderuk.com
Jan 8 10:31:15.459 [31076] dbg: async: launching A/murderuk.com for
dns:A:murderuk.com
Jan 8 10:31:15.459 [31076] dbg: dns: bgsend, DNS servers: [127.0.0.1]:53
Jan 8 10:31:15.459 [31076] dbg: dns: attempt 1/1, trying connect/sendto
to [127.0.0.1]:53
Jan 8 10:31:15.459 [31076] dbg: dns: providing a callback for id:
46029/IN/A/murderuk.com
Jan 8 10:31:15.459 [31076] dbg: async: starting: NO_DNS_FOR_FROM,
DNSBL-A, dns:A:murderuk.com (timeout 15.0s, min 3.0s)
Jan 8 10:31:15.459 [31076] dbg: async: launching MX/murderuk.com for
dns:MX:murderuk.com
Jan 8 10:31:15.459 [31076] dbg: dns: bgsend, DNS servers: [127.0.0.1]:53
Jan 8 10:31:15.459 [31076] dbg: dns: attempt 1/1, trying connect/sendto
to [127.0.0.1]:53
Jan 8 10:31:15.459 [31076] dbg: dns: providing a callback for id:
759/IN/MX/murderuk.com
Jan 8 10:31:15.459 [31076] dbg: async: starting: NO_DNS_FOR_FROM,
DNSBL-MX, dns:MX:murderuk.com (timeout 15.0s, min 3.0s)
Jan 8 10:31:15.459 [31076] dbg: dns: checking RBL dnsbl.sorbs.net., set
sorbs-lastexternal
Jan 8 10:31:15.459 [31076] dbg: dns: IPs found: full-external:
103.90.182.233 untrusted: 103.90.182.233 originating:
Jan 8 10:31:15.460 [31076] dbg: netset: trusted_networks cached lookup
on 103.90.182.233, 2 networks, result: 0
Jan 8 10:31:15.460 [31076] dbg: dns: only inspecting the following IPs:
103.90.182.233
Jan 8 10:31:15.460 [31076] dbg: async: launching
A/233.182.90.103.dnsbl.sorbs.net for dns:A:233.182.90.103.dnsbl.sorbs.net
Jan 8 10:31:15.460 [31076] dbg: dns: bgsend, DNS servers: [127.0.0.1]:53
Jan 8 10:31:15.460 [31076] dbg: dns: attempt 1/1, trying connect/sendto
to [127.0.0.1]:53
Jan 8 10:31:15.460 [31076] dbg: dns: providing a callback for id:
11836/IN/A/233.182.90.103.dnsbl.sorbs.net
Jan 8 10:31:15.460 [31076] dbg: async: starting: DNSBL-A,
dns:A:233.182.90.103.dnsbl.sorbs.net (timeout 15.0s, min 3.0s)
Jan 8 10:31:15.460 [31076] dbg: dns: checking RBL zen.spamhaus.org.,
set zen
Jan 8 10:31:15.460 [31076] dbg: dns: IPs found: full-external:
103.90.182.233 untrusted: 103.90.182.233 originating:
Jan 8 10:31:15.460 [31076] dbg: netset: trusted_networks cached lookup
on 103.90.182.233, 2 networks, result: 0
Jan 8 10:31:15.460 [31076] dbg: dns: only inspecting the following IPs:
103.90.182.233
Jan 8 10:31:15.460 [31076] dbg: dns: checking RBL wl.mailspike.net.,
set mspikeg-firsttrusted
Jan 8 10:31:15.460 [31076] dbg: dns: IPs found: full-external:
103.90.182.233 untrusted: 103.90.182.233 originating:
Jan 8 10:31:15.460 [31076] dbg: netset: trusted_networks cached lookup
on 103.90.182.233, 2 networks, result: 0
Jan 8 10:31:15.460 [31076] dbg: dns: only inspecting the following IPs:
103.90.182.233
Jan 8 10:31:15.460 [31076] dbg: async: launching
A/233.182.90.103.wl.mailspike.net for dns:A:233.182.90.103.wl.mailspike.net
Jan 8 10:31:15.461 [31076] dbg: dns: bgsend, DNS servers: [127.0.0.1]:53
Jan 8 10:31:15.461 [31076] dbg: dns: attempt 1/1, trying connect/sendto
to [127.0.0.1]:53
Jan 8 10:31:15.461 [31076] dbg: dns: providing a callback for id:
18426/IN/A/233.182.90.103.wl.mailspike.net
Jan 8 10:31:15.461 [31076] dbg: async: starting: DNSBL-A,
dns:A:233.182.90.103.wl.mailspike.net (timeout 15.0s, min 3.0s)
Jan 8 10:31:15.461 [31076] dbg: dns: checking RBL dnsbl.sorbs.net., set
sorbs
Jan 8 10:31:15.461 [31076] dbg: dns: IPs found: full-external:
103.90.182.233 untrusted: 103.90.182.233 originating:
Jan 8 10:31:15.461 [31076] dbg: netset: trusted_networks cached lookup
on 103.90.182.233, 2 networks, result: 0
Jan 8 10:31:15.461 [31076] dbg: dns: only inspecting the following IPs:
103.90.182.233
Jan 8 10:31:15.461 [31076] dbg: dns: checking RBL
bl.score.senderscore.com., set rnbl-lastexternal
Jan 8 10:31:15.461 [31076] dbg: dns: IPs found: full-external:
103.90.182.233 untrusted: 103.90.182.233 originating:
Jan 8 10:31:15.461 [31076] dbg: netset: trusted_networks cached lookup
on 103.90.182.233, 2 networks, result: 0
Jan 8 10:31:15.461 [31076] dbg: dns: only inspecting the following IPs:
103.90.182.233
Jan 8 10:31:15.461 [31076] dbg: async: launching
A/233.182.90.103.bl.score.senderscore.com for
dns:A:233.182.90.103.bl.score.senderscore.com
Am 07.01.2018 um 20:44 schrieb Tobi:
Use spamassassin -D <message.eml and look for lines regarding dns/rbl
----- Originale Nachricht -----
Von: Jan Klein <ter...@web.de>
Gesendet: 07.01.18 - 16:26
An: users@spamassassin.apache.org
Betreff: dns-blocklist aren't used but should be
Hi.
For work I am investigating an issue where none of the dns blacklists
are used.
We are using the current spamassassin version and also current version
of Net::DNS.
It is installed on a current version debian system.
We run a local nameserver using bind.
We invoke spamassassin via "spamassassin -t < testmail" where testmail
is a spam mail.
The weird thing is that a "dig" command works fine on the debian system,
so name resolving is actually working outside of spamassassin. And after
using the dig command to check the origin of the mail: dig
xxx.xxx.xxx.xxx.zen.spamhaus.org
Then after using that command, spamassassin will then consider spamhaus
when checking the testmail. Probably because the dns entry is cached for
a while or something. It will work for some minutes. Same thing with
other blacklists. After a dig command spamassassin will start using the
respective rule.
What is going on? It seems to be DNS related. I've read that Net::DNS is
responsible for dns resolving for spamassassin. How can I check if it is
working correctly? In my /etc/resolv.conf there is only one entry:
127.0.0.1 since we are running a local nameserver (again: dig or host
command work just fine for name resolving ).