Mark Martinec wrote the following on 6/15/2007 10:41 AM -0800:
Bill,
There is now an additional patch at:
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5511
which should fix this.
Mark, thanks for the patches. However, even with both Dns.pm patches
applied, unless I set "rbl_timeout" to a high enough time interval, SA
still misses the URIBL test results in the sample messages I posted in
bugzilla 5506.
For example, if I set "rbl_timeout 15", I get no URIBL hit results.
However, if I set "rbl_timeout 60", I do get URIBL hit results. This is
because the 60 interval is long enough for Botnet's (in this case) RDNS
test to timeout before the "rbl_timeout" interval.
Don't know. I was using your test case (test1.txt) to cause a Botnet hang,
had rbl_timeout at 15, and I did get the RBL hits.
Try spamassassin from a command line with -t -D.
If you applied both patches, there should be something
like the following in the debug output.
19:26:55.558 8.010 0.000 [13051] dbg: Botnet: no trusted relays
19:26:55.558 8.010 0.000 [13051] dbg: Botnet: get_relay didn't find RDNS
...a bug pause here...
19:27:24.558 37.010 28.999 [13051] dbg: Botnet: IP is '66.17.235.109'
19:27:24.558 37.010 0.001 [13051] dbg: Botnet: RDNS is ''
19:27:24.559 37.011 0.001 [13051] dbg: Botnet: HELO is 'xxxxxx'
19:27:24.559 37.011 0.000 [13051] dbg: Botnet: BADDNS miss
...
19:27:26.269 38.721 0.002 [13051] dbg: rules: running meta tests; score so
far=12.753
19:27:26.269 38.721 0.001 [13051] dbg: rules: compiled meta tests
19:27:26.271 38.723 0.002 [13051] dbg: check: running tests for priority: 500
19:27:26.274 38.726 0.002 [13051] dbg: async: select found 1 socks ready
19:27:26.275 38.727 0.001 [13051] dbg: uridnsbl: query for xxx took 35 seconds
to look up (dob.sibl.support-intelligence.net:xxx)
...
19:27:26.281 38.733 0.001 [13051] dbg: async: queries completed: 15 started: 2
19:27:26.283 38.735 0.001 [13051] dbg: async: queries active: at Fri Jun 15
19:27:26 2007
vvvvvvvvvvv
19:27:26.283 38.735 0.001 [13051] dbg: dns: harvest_dnsbl_queries: on extended
time, overdue by 30.000 s, still 1.200 s
^^^^^^^^^^^^
19:27:26.295 38.747 0.011 [13051] dbg: async: select found 1 socks ready
19:27:26.297 38.749 0.002 [13051] dbg: async: queries completed: 1 started: 2
19:27:26.297 38.749 0.000 [13051] dbg: async: queries active: URI-A=1 at Fri
...
0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS
3.4 HEADER_SPAM Bulk email fingerprint (header-based) found
0.1 BOTNET Relay might be a spambot or virusbot
[botnet0.7,ip=66.17.235.109,nordns]
0.0 DKIM_POLICY_SIGNSOME Domain Keys Identified Mail: policy says domain
signs some mails
0.0 BOTNET_NORDNS Relay's IP address has no PTR record
[botnet_nordns,ip=66.17.235.109]
1.2 HTML_IMAGE_ONLY_28 BODY: HTML: images with 2400-2800 bytes of words
0.2 HTML_MESSAGE BODY: HTML included in message
3.0 BAYES_95 BODY: Bayesian spam probability is 95 to 99%
[score: 0.9658]
1.5 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
2.8 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/)
2.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist
[URIs: xxx]
1.5 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist
[URIs: xxx]
0.0 DIGEST_MULTIPLE Message hits more than one network digest check
0.5 BOTNET_OTHER BOTNET_OTHER
-1.2 AWL AWL: From: address is in the auto white-list
(I had to strike the uri in the log to be able to post the message :)
Mark
Mark, I'm really sorry if I caused you to unnecessarily spin your wheels
on this, I applied the second patch to the wrong SA version of Dns.pm.
The patches work fine. Again, my sincere apologies... :-(
Bill
