Am 27.08.2014 um 02:24 schrieb Karsten Bräckelmann: > On Wed, 2014-08-27 at 01:08 +0200, Reindl Harald wrote: >> below the stdout/sterr of following script filtered for "dns" >> so the lists are asked, but the question remains why that >> don't happen from a IP in the same network > > Nope, no RBL queries. See below.
yes, and that makes it hard to simulate things just in the internal network by add/remove hosts to own DNSBL/DNSWL lists >> in the meantime there are a lot of "cust<count>-lastexternal" >> generated from a web-interface including the 4 below and >> the local network range is listed on them, hence why i >> want them used unconidtionally and not only with foreign IP's > > If it's internal, it's internal. There is a reason you are setting up > lastexternal DNSxL rules. the intention is to handle the internal IP like it would be external > Do not invalidate SA *_networks configuration in an attempt to adjust it > to poorly, non real-live generated samples. Generate a proper sample > instead, either by actually sending mail from external IPs, or if need > be by manually editing the MX Received header, forging an external > source (do pay attention to detail). it's about simulate behavior by develop admin backends and intergate existing tools > Besides, there is no point in whitelisting your own LAN IPs. Those > should simply hit ALL_TRUSTED, or just not be filtered in the first > place. not finally but at development >> /usr/bin/spamassassin -D < /var/lib/spamass-milter/spam-example.eml > >> [sa-milt@mail-gw:~]$ cat debug.txt | grep -i dns > >> Aug 27 00:59:29.249 [30833] dbg: metadata: X-Spam-Relays-Untrusted: [ >> ip=10.0.0.19 rdns=mail-gw.thelounge.net >> helo=mail-gw.thelounge.net by=mail.thelounge.net ident= envfrom= intl=0 >> id=3hjPzJ6TWVz23 auth= msa=0 ] [ >> ip=10.0.0.6 rdns=arrakis.thelounge.net helo=arrakis.thelounge.net >> by=mail-gw.thelounge.net ident= envfrom= intl=0 >> id=3hjPzJ2tkPz1w auth= msa=0 ] > > There is no X-Spam-Relays-Trusted metadata in your grep for "dns", which > means there is absolutely no trusted relay. Given those relays are in > the 10/8 class A network and you deliberately breaking trusted_networks > in a previous post, that seems about right... the intention to berak it was to behave like it is external and just check the RBL behavior >> Aug 27 00:59:29.249 [30833] dbg: metadata: X-Spam-Relays-External: [ >> ip=10.0.0.19 rdns=mail-gw.thelounge.net >> helo=mail-gw.thelounge.net by=mail.thelounge.net ident= envfrom= intl=0 >> id=3hjPzJ6TWVz23 auth= msa=0 ] [ >> ip=10.0.0.6 rdns=arrakis.thelounge.net helo=arrakis.thelounge.net >> by=mail-gw.thelounge.net ident= envfrom= intl=0 >> id=3hjPzJ2tkPz1w auth= msa=0 ] > > Same issue with X-Spam-Relays-Internal not showing up in the grep, thus > being completely empty. Unless you specified internal_networks manually, > it is set to trusted_networks. Thus equally invalid. for testing in the own network >> Aug 27 00:59:29.254 [30833] dbg: dns: checking RBL bl.spameatingmonkey.net., >> set cust12-lastexternal >> Aug 27 00:59:29.254 [30833] dbg: dns: checking RBL spam.dnsbl.sorbs.net., >> set cust15-lastexternal >> Aug 27 00:59:29.254 [30833] dbg: dns: checking RBL psbl.surriel.com., set >> cust14-lastexternal > > All those third-party RBLs with your "cust" sets are extremely fishy. there is a web-interface to enbale/disbale them per click and have them at the same time enabled for postscreen weighting while adjust positive/negative scoring for all enabled RBL's in the interface yet at development > Anyway, there are no "dbg: dns: IPs found:" and "dbg: dns: launching" > lines, so this clearly shows the RBLs are NOT queried. that's my problem :-) >> Aug 27 00:59:29.254 [30833] dbg: dns: checking RBL dnswl-low.thelounge.net., >> set cust16-lastexternal > > No activity with your custom RBL either. But well, how would you expect > SA to query *last* external, given you deliberately told SA there are no > internal relays... well, there will never be internal relays, just a inbound-only MX > All external. No internal, no last external aka "hop before first > internal" either. i want that RBL checks in general only for the *phyiscal* IP with no header inspections - 90% of inflow will be finally filtered out by postcsreen anyways > First of all, do read and understand the (trusted|internal)_networks > options in the M::SA::Conf [1] docs, section Network Test Options. > > Then remove the current bad *_networks options in your conf. If you > don't fully understand those docs, keep it at that, default. If you do > understand and see an actual need to manually set them, do so, but do so > *correctly*. the intention is no trust / untrust at all and handle any IP with it's phyiscal connection > Hints on gathering relevant information from the debug output: > > Don't just grep for generic "dns", but check specifics by grepping for > X-Spam-Relays and (trusted|internal)_networks. Better yet, don't grep > but search the debug output interactively, and read nearby / related > info. > > While debugging, actually reading, searching for terms or at least > glimpsing the entire debug output is good advice anyway. > > > [1] http://spamassassin.apache.org/doc/Mail_SpamAssassin_Conf.html thanks!
signature.asc
Description: OpenPGP digital signature
