Dealing with a bad network device affecting DNS lookups

Tue, 15 Jul 2014 13:47:18 -0700 

Hi,
Apparently there is a network device somewhere on the network my production servers use that is causing very long delays with first time DNS lookups. This is having a significant impact on SA's ability to score spam, as the various RBL lookups time out, as well as Razor and Pyzor. 

I've attempted to workaround this by setting:

pyzor_timeout 60
razor_timeout 60
dcc_timeout 60
rbl_timeout 45 30

but I'm still seeing lookups being aborted.

Here's an example of the problem:


Jul 15 13:27:38 edge02 amavis[27683]: (27683-03) spam-tag, 
<deg...@fullbaluster.co.uk> -> <x...@zimbra.com>, No, score=0.984 
tagged_above=-10 required=3 tests=[BAYES_00=-0.05, DCC_CHECK=1.1, 
HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.723, 
RP_MATCHES_RCVD=-0.8, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01] autolearn=no 
autolearn_force=no


Same email 2 seconds later, we can see Razor scoring is now there:


Jul 15 13:28:40 edge02 amavis[27682]: (27682-06) spam-tag, 
<deg...@fullbaluster.co.uk> -> <x...@zimbra.com>,<a...@zimbra.com>, Yes, 
score=6.413 tagged_above=-10 required=3 tests=[BAYES_00=-0.05, 
DCC_CHECK=1.1, DIGEST_MULTIPLE=0.293, HTML_FONT_LOW_CONTRAST=0.001, 
HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.723, RAZOR2_CF_RANGE_51_100=0.5, 
RAZOR2_CF_RANGE_E8_51_100=1.886, RAZOR2_CHECK=2.75, RP_MATCHES_RCVD=-0.8, 
SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01] autolearn=no autolearn_force=no


So the second time it comes through, we get a valid spam tag.


I most often see this with RBL lookups, which is a huge problem for 
scoring.  Here's another example:


First time run:

   X-Spam-Status: No, score=4.8 required=5.0 tests=DKIM_SIGNED,
   HTML_FONT_LOW_CONTRAST,HTML_IMAGE_RATIO_06,HTML_MESSAGE,
   RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,
   RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,RP_MATCHES_RCVD,T_DKIM_INVALID,
   UNPARSEABLE_RELAY autolearn=no autolearn_force=no version=3.4.0

Second time run:
   X-Spam-Status: Yes, score=5.2 required=5.0 tests=DKIM_SIGNED,
   HTML_FONT_LOW_CONTRAST,HTML_IMAGE_RATIO_06,HTML_MESSAGE,NO_DNS_FOR_FROM,
   RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,
   RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,RP_MATCHES_RCVD,T_DKIM_INVALID,
   UNPARSEABLE_RELAY autolearn=no autolearn_force=no version=3.4.0


Note how "NO_DNS_FOR_FROM" is now added to the score set.

In the successful run, I have:


Jul 15 15:32:27.498 [52317] dbg: async: completed in 5.322 s: 
NO_DNS_FOR_FROM, DNSBL-MX, dns:MX:askpcm.com



In the unsuccessful run, I have:

Jul 15 15:28:14.563 [48690] dbg: async: aborting after 25.456 s, deadline 
shrunk: NO_DNS_FOR_FROM, DNSBL-MX, dns:MX:askpcm.com


The next run, I have:


Jul 15 15:32:27.498 [52317] dbg: async: completed in 5.322 s: 
NO_DNS_FOR_FROM, DNSBL-MX, dns:MX:askpcm.com



So clearly my timeout values (45, 30) are not being honored, since 25 
seconds < 30 second minimum.



Is there any way to set a global value of 60 seconds MINIMUM for all tests, 
period?


Thanks!

--Quanah






--

Quanah Gibson-Mount
Server Architect
Zimbra, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration






















					Reply via email to