Re: dns-blocklist aren't used but should be

Tue, 09 Jan 2018 07:15:44 -0800 

Thanks for your answers.
The system spamassassin is installed on is the following: 4.9.0-4-amd64 #1 SMP Debian 4.9.51-1 (2017-09-28) x86_64 GNU/Linux 

spamassassin -V outputs this:
SpamAssassin version 3.4.1
  running on Perl version 5.24.1


I did not install spamassassin myself, however these were the 
installation steps taken:

apt-get install g++ ( needed for Encode::Detect )
apt-get install libssl-dev ( for DKIM )
in cpan:
install Net::DNS
install NetAddr::IP
install Mail::SPF
install Mail::DKIM


There is no entry in the local.cf regarding dns, so default settings 
should be used.


I did a "spamassassin -t -D < testmail | grep dns"
It outputs many lines, so here is one of the interesting parts:

Jan  8 10:31:15.456 [31076] dbg: dns: bgsend, DNS servers: [127.0.0.1]:53

Jan  8 10:31:15.456 [31076] dbg: dns: attempt 1/1, trying connect/sendto 
to [127.0.0.1]:53
Jan  8 10:31:15.456 [31076] dbg: dns: providing a callback for id: 
8553/IN/TXT/233.182.90.103.sa-accredit.habeas.com
Jan  8 10:31:15.456 [31076] dbg: async: starting: DNSBL-TXT, 
dns:TXT:233.182.90.103.sa-accredit.habeas.com (timeout 15.0s, min 3.0s)
Jan  8 10:31:15.456 [31076] dbg: dns: checking RBL zen.spamhaus.org., 
set zen-lastexternal
Jan  8 10:31:15.456 [31076] dbg: dns: IPs found: full-external: 
103.90.182.233 untrusted: 103.90.182.233 originating:
Jan  8 10:31:15.456 [31076] dbg: netset: trusted_networks cached lookup 
on 103.90.182.233, 2 networks, result: 0
Jan  8 10:31:15.456 [31076] dbg: dns: only inspecting the following IPs: 
103.90.182.233
Jan  8 10:31:15.456 [31076] dbg: async: launching 
A/233.182.90.103.zen.spamhaus.org for dns:A:233.182.90.103.zen.spamhaus.org

Jan  8 10:31:15.456 [31076] dbg: dns: bgsend, DNS servers: [127.0.0.1]:53

Jan  8 10:31:15.456 [31076] dbg: dns: attempt 1/1, trying connect/sendto 
to [127.0.0.1]:53
Jan  8 10:31:15.456 [31076] dbg: dns: providing a callback for id: 
64905/IN/A/233.182.90.103.zen.spamhaus.org
Jan  8 10:31:15.456 [31076] dbg: async: starting: DNSBL-A, 
dns:A:233.182.90.103.zen.spamhaus.org (timeout 15.0s, min 3.0s)
Jan  8 10:31:15.457 [31076] dbg: dns: checking RBL 
bb.barracudacentral.org., set brbl-lastexternal
Jan  8 10:31:15.457 [31076] dbg: dns: IPs found: full-external: 
103.90.182.233 untrusted: 103.90.182.233 originating:
Jan  8 10:31:15.457 [31076] dbg: netset: trusted_networks cached lookup 
on 103.90.182.233, 2 networks, result: 0
Jan  8 10:31:15.457 [31076] dbg: dns: only inspecting the following IPs: 
103.90.182.233
Jan  8 10:31:15.457 [31076] dbg: async: launching 
A/233.182.90.103.bb.barracudacentral.org for 
dns:A:233.182.90.103.bb.barracudacentral.org
Jan  8 10:31:15.458 [31076] dbg: dns: checking RBL zen.spamhaus.org., 
set zen-lastexternal
Jan  8 10:31:15.458 [31076] dbg: dns: IPs found: full-external: 
103.90.182.233 untrusted: 103.90.182.233 originating:
Jan  8 10:31:15.458 [31076] dbg: netset: trusted_networks cached lookup 
on 103.90.182.233, 2 networks, result: 0
Jan  8 10:31:15.458 [31076] dbg: dns: only inspecting the following IPs: 
103.90.182.233
Jan  8 10:31:15.458 [31076] dbg: dns: checking RBL iadb.isipp.com., set 
iadb-firsttrusted
Jan  8 10:31:15.458 [31076] dbg: dns: IPs found: full-external: 
103.90.182.233 untrusted: 103.90.182.233 originating:
Jan  8 10:31:15.458 [31076] dbg: dns: only inspecting the following IPs: 
103.90.182.233
Jan  8 10:31:15.458 [31076] dbg: async: launching 
A/233.182.90.103.iadb.isipp.com for dns:A:233.182.90.103.iadb.isipp.com

Jan  8 10:31:15.458 [31076] dbg: dns: bgsend, DNS servers: [127.0.0.1]:53

Jan  8 10:31:15.458 [31076] dbg: dns: attempt 1/1, trying connect/sendto 
to [127.0.0.1]:53
Jan  8 10:31:15.458 [31076] dbg: dns: providing a callback for id: 
6693/IN/A/233.182.90.103.iadb.isipp.com
Jan  8 10:31:15.459 [31076] dbg: async: starting: DNSBL-A, 
dns:A:233.182.90.103.iadb.isipp.com (timeout 15.0s, min 3.0s)
Jan  8 10:31:15.459 [31076] dbg: dns: checking A and MX for host 
murderuk.com
Jan  8 10:31:15.459 [31076] dbg: async: launching A/murderuk.com for 
dns:A:murderuk.com

Jan  8 10:31:15.459 [31076] dbg: dns: bgsend, DNS servers: [127.0.0.1]:53

Jan  8 10:31:15.459 [31076] dbg: dns: attempt 1/1, trying connect/sendto 
to [127.0.0.1]:53
Jan  8 10:31:15.459 [31076] dbg: dns: providing a callback for id: 
46029/IN/A/murderuk.com
Jan  8 10:31:15.459 [31076] dbg: async: starting: NO_DNS_FOR_FROM, 
DNSBL-A, dns:A:murderuk.com (timeout 15.0s, min 3.0s)
Jan  8 10:31:15.459 [31076] dbg: async: launching MX/murderuk.com for 
dns:MX:murderuk.com

Jan  8 10:31:15.459 [31076] dbg: dns: bgsend, DNS servers: [127.0.0.1]:53

Jan  8 10:31:15.459 [31076] dbg: dns: attempt 1/1, trying connect/sendto 
to [127.0.0.1]:53
Jan  8 10:31:15.459 [31076] dbg: dns: providing a callback for id: 
759/IN/MX/murderuk.com
Jan  8 10:31:15.459 [31076] dbg: async: starting: NO_DNS_FOR_FROM, 
DNSBL-MX, dns:MX:murderuk.com (timeout 15.0s, min 3.0s)
Jan  8 10:31:15.459 [31076] dbg: dns: checking RBL dnsbl.sorbs.net., set 
sorbs-lastexternal
Jan  8 10:31:15.459 [31076] dbg: dns: IPs found: full-external: 
103.90.182.233 untrusted: 103.90.182.233 originating:
Jan  8 10:31:15.460 [31076] dbg: netset: trusted_networks cached lookup 
on 103.90.182.233, 2 networks, result: 0
Jan  8 10:31:15.460 [31076] dbg: dns: only inspecting the following IPs: 
103.90.182.233
Jan  8 10:31:15.460 [31076] dbg: async: launching 
A/233.182.90.103.dnsbl.sorbs.net for dns:A:233.182.90.103.dnsbl.sorbs.net

Jan  8 10:31:15.460 [31076] dbg: dns: bgsend, DNS servers: [127.0.0.1]:53

Jan  8 10:31:15.460 [31076] dbg: dns: attempt 1/1, trying connect/sendto 
to [127.0.0.1]:53
Jan  8 10:31:15.460 [31076] dbg: dns: providing a callback for id: 
11836/IN/A/233.182.90.103.dnsbl.sorbs.net
Jan  8 10:31:15.460 [31076] dbg: async: starting: DNSBL-A, 
dns:A:233.182.90.103.dnsbl.sorbs.net (timeout 15.0s, min 3.0s)
Jan  8 10:31:15.460 [31076] dbg: dns: checking RBL zen.spamhaus.org., 
set zen
Jan  8 10:31:15.460 [31076] dbg: dns: IPs found: full-external: 
103.90.182.233 untrusted: 103.90.182.233 originating:
Jan  8 10:31:15.460 [31076] dbg: netset: trusted_networks cached lookup 
on 103.90.182.233, 2 networks, result: 0
Jan  8 10:31:15.460 [31076] dbg: dns: only inspecting the following IPs: 
103.90.182.233
Jan  8 10:31:15.460 [31076] dbg: dns: checking RBL wl.mailspike.net., 
set mspikeg-firsttrusted
Jan  8 10:31:15.460 [31076] dbg: dns: IPs found: full-external: 
103.90.182.233 untrusted: 103.90.182.233 originating:
Jan  8 10:31:15.460 [31076] dbg: netset: trusted_networks cached lookup 
on 103.90.182.233, 2 networks, result: 0
Jan  8 10:31:15.460 [31076] dbg: dns: only inspecting the following IPs: 
103.90.182.233
Jan  8 10:31:15.460 [31076] dbg: async: launching 
A/233.182.90.103.wl.mailspike.net for dns:A:233.182.90.103.wl.mailspike.net

Jan  8 10:31:15.461 [31076] dbg: dns: bgsend, DNS servers: [127.0.0.1]:53

Jan  8 10:31:15.461 [31076] dbg: dns: attempt 1/1, trying connect/sendto 
to [127.0.0.1]:53
Jan  8 10:31:15.461 [31076] dbg: dns: providing a callback for id: 
18426/IN/A/233.182.90.103.wl.mailspike.net
Jan  8 10:31:15.461 [31076] dbg: async: starting: DNSBL-A, 
dns:A:233.182.90.103.wl.mailspike.net (timeout 15.0s, min 3.0s)
Jan  8 10:31:15.461 [31076] dbg: dns: checking RBL dnsbl.sorbs.net., set 
sorbs
Jan  8 10:31:15.461 [31076] dbg: dns: IPs found: full-external: 
103.90.182.233 untrusted: 103.90.182.233 originating:
Jan  8 10:31:15.461 [31076] dbg: netset: trusted_networks cached lookup 
on 103.90.182.233, 2 networks, result: 0
Jan  8 10:31:15.461 [31076] dbg: dns: only inspecting the following IPs: 
103.90.182.233
Jan  8 10:31:15.461 [31076] dbg: dns: checking RBL 
bl.score.senderscore.com., set rnbl-lastexternal
Jan  8 10:31:15.461 [31076] dbg: dns: IPs found: full-external: 
103.90.182.233 untrusted: 103.90.182.233 originating:
Jan  8 10:31:15.461 [31076] dbg: netset: trusted_networks cached lookup 
on 103.90.182.233, 2 networks, result: 0
Jan  8 10:31:15.461 [31076] dbg: dns: only inspecting the following IPs: 
103.90.182.233
Jan  8 10:31:15.461 [31076] dbg: async: launching 
A/233.182.90.103.bl.score.senderscore.com for 
dns:A:233.182.90.103.bl.score.senderscore.com



Am 07.01.2018 um 20:44 schrieb Tobi:

Use spamassassin -D <message.eml and look for lines regarding dns/rbl

----- Originale Nachricht -----
Von: Jan Klein <ter...@web.de>
Gesendet: 07.01.18 - 16:26
An: users@spamassassin.apache.org
Betreff: dns-blocklist aren't used but should be


Hi.

For work I am investigating an issue where none of the dns blacklists
are used.
We are using the current spamassassin version and also current version
of Net::DNS.

It is installed on a current version debian system.
We run a local nameserver using bind.
We invoke spamassassin via "spamassassin -t < testmail" where testmail
is a spam mail.

The weird thing is that a "dig" command works fine on the debian system,
so name resolving is actually working outside of spamassassin. And after
using the dig command to check the origin of the mail: dig
xxx.xxx.xxx.xxx.zen.spamhaus.org
Then after using that command, spamassassin will then consider spamhaus
when checking the testmail. Probably because the dns entry is cached for
a while or something. It will work for some minutes. Same thing with
other blacklists. After a dig command spamassassin will start using the
respective rule.

What is going on? It seems to be DNS related. I've read that Net::DNS is
responsible for dns resolving for spamassassin. How can I check if it is
working correctly? In my /etc/resolv.conf there is only one entry:
127.0.0.1 since we are running a local nameserver (again: dig or host
command work just fine for name resolving ).

























					Reply via email to