You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Richard D Alloway <ra...@winbeam.com> on 2006/12/06 23:19:11 UTC

SpamAssassin dns timeouts... why?!

Hi!  I have been having loads of problems with spamassassin timing out during 
DNS lookups...

If I use

/usr/bin/spamassassin -D < /tmp/spamemail.txt

I see the correct IP used for the nameserver:

[16018] dbg: dns: name server: 192.168.1.1, family: 2, ipv6: 0

Then, I see that the lookups took a LONG time:

[16018] dbg: uridnsbl: select found 1 socks ready
[16018] dbg: uridnsbl: queries completed: 1 started: 2
[16018] dbg: uridnsbl: queries active: DNSBL=10 NS=3 at Tue Dec 5 15:52:34 2006
[16018] dbg: uridnsbl: waiting 2 seconds for URIDNSBL lookups to complete
[16018] dbg: uridnsbl: select found 1 socks ready
[16018] dbg: uridnsbl: queries completed: 1 started: 0
[16018] dbg: uridnsbl: queries active: A=2 DNSBL=10 NS=2 at Tue Dec 5 15:52:34 
2006
[16018] dbg: uridnsbl: select found 1 socks ready
[16018] dbg: uridnsbl: query for winbeam.com took 50 seconds to look up 
(multi.surbl.org.:winbeam.com)
[16018] dbg: uridnsbl: queries completed: 1 started: 0
[16018] dbg: uridnsbl: queries active: A=2 DNSBL=9 NS=2 at Tue Dec 5 15:52:35 
2006
[16018] dbg: uridnsbl: select found 1 socks ready
[16018] dbg: uridnsbl: query for winbeam.com took 50 seconds to look up 
(multi.uribl.com.:winbeam.com)
[16018] dbg: uridnsbl: queries completed: 1 started: 0
...etc...
[16018] dbg: uridnsbl: done waiting for URIDNSBL lookups to complete
[16018] dbg: uridnsbl: aborting remaining lookups

I've tried using dnsmasq and bind9 as caching-only nameservers dedicated to 
resolving and caching queries for my mail servers, and the cache is growing, 
but multiple "/usr/bin/spamassassin -D < /tmp/spamemail.txt" attempts on the 
same file still result in 30-70 sec lookup times in the uridnsbl portion of 
spamassassin.

Manual queries of the hosts ('winbeam.com.multi.uribl.com' for example) resolve 
(or fail to) instantly from either the cache box or the mail server.

Any idea what could be wrong?  I'm rapidly running out of ways to try to 
increase performance here.

Thanks!

-Rich

Re: SpamAssassin dns timeouts... why?!

Posted by Richard D Alloway <ra...@winbeam.com>.
On Thu, 7 Dec 2006, Matthias Häker wrote:

> Richard D Alloway schrieb:
>> 
>> Hi!  I have been having loads of problems with spamassassin timing out 
>> during DNS lookups...
>> 
>> If I use
>> 
>> /usr/bin/spamassassin -D < /tmp/spamemail.txt
>> 
>> I see the correct IP used for the nameserver:
>> 
>> [16018] dbg: dns: name server: 192.168.1.1, family: 2, ipv6: 0
>> 
>
> maybe you should use the DNS Server from your ISP and not the DNS Proxy from 
> your Router / Gateway

Hi Matthias.

I *AM* the ISP ;)

We have a dedicated DNS server that we communicate with over a non-routable 
network to segregate the mail server traffic from the rest of our network. 
This was to reduce the load on our primary and secondary DNS servers that serve 
our customers.

The dedicated mail DNS server handles 2 RBLs locally (one rsync'd from the RBL 
vendor and one that is our own) and caches all non-authoritative traffic.

Thanks for the suggestion, though! :)

-Rich

Re: SpamAssassin dns timeouts... why?!

Posted by Matthias Häker <mh...@its-h.de>.

Richard D Alloway schrieb:
>
> Hi!  I have been having loads of problems with spamassassin timing out 
> during DNS lookups...
>
> If I use
>
> /usr/bin/spamassassin -D < /tmp/spamemail.txt
>
> I see the correct IP used for the nameserver:
>
> [16018] dbg: dns: name server: 192.168.1.1, family: 2, ipv6: 0
>

maybe you should use the DNS Server from your ISP and not the DNS Proxy 
from your Router / Gateway


Matthias

Re: forwarding email

Posted by aubreyL <au...@emailacs.com>.
Jonas Eckerman wrote:
> This really would be more on topic on the MIMEDefang list, but here goes...
>
> You have a small but significant typo in your code:
>
>   
>>             if ($hits >= req) {
>>     
>
> You forgot the "$" in "$req".
>
> The effect of the above comparison is that all mail that scores above 0 (zero) are considered spam.
>
> Regards
> /Jonas
>   
omg  .....how embarrassing.  I'll go through my spamdrop now, and must 
be left alone for hours.  Thanks Jonas.

-=Aubrey=-

Re: forwarding email

Posted by Jonas Eckerman <jo...@frukt.org>.
This really would be more on topic on the MIMEDefang list, but here goes...

You have a small but significant typo in your code:

>             if ($hits >= req) {

You forgot the "$" in "$req".

The effect of the above comparison is that all mail that scores above 0 (zero) are considered spam.

Regards
/Jonas
-- 
Jonas Eckerman, FSDB & Fruktträdet
http://whatever.frukt.org/
http://www.fsdb.org/
http://www.frukt.org/

forwarding email

Posted by aubreyL <au...@emailacs.com>.
OS - slackware 11.0
MDA - sendmail 8.13.8
mimedefang version 2.58
SpamAssassin version 3.1.7
  running on Perl version 5.8.8


I have one user that has to get email forwarded from an old account to 
the server that I administer.  I have spam going to a spamdrop via 
MiMEDefang.  So I added this little bit into mimedefang-filter....


    # Spam checks if SpamAssassin is installed
    if ($Features{"SpamAssassin"}) {
        if (-s "./INPUTMSG" < 100*1024) {
            # Only scan messages smaller than 100kB.  Larger messages
            # are extremely unlikely to be spam, and SpamAssassin is
            # dreadfully slow on very large messages.
            my($hits, $req, $names, $report) = spam_assassin_check();
            my($score);
            if ($hits >= req) {
            #   action_discard();

                # Remove original recipients
                # Add a header with original recipients, just for info
                action_add_header("X-Orig-Rcpts", join(", ", @Recipients));

                # Remove original recipients
                foreach $recip (@Recipients) {
                delete_recipient($recip);
                }

                # Send to spam address
                add_recipient('spamdrop@mydomain.com');
                }

This works great, except for that email that is getting forwarded.  
Maybe 1 out of 45 messages are ham, the rest, spam.  The problem I have 
is the messages that are ham are getting sent to the spamdrop as well.  
All of the messages that get tagged as spam, get the spamassassin report 
attached.  But the ham messages that should not go to the spamdrop *do 
not* get a spamassassin report, or score.  If I take the message(s) out 
of the spamdrop, and run them through spamassassin, then they do not 
score high enough to get filtered.

Does anyone know why this is, or ever had an issue like this?

TIA
-Aubrey

Re: ***SPAM*** SpamAssassin dns timeouts... why?!

Posted by Richard D Alloway <ra...@winbeam.com>.
On Thu, 7 Dec 2006, Jeff Chan wrote:

> On Wednesday, December 6, 2006, 2:19:11 PM, Richard Alloway wrote:
>> Any idea what could be wrong?  I'm rapidly running out of ways to try to
>> increase performance here.
>
> Net::DNS uses the first server in your resolv.conf .  Make sure
> that server works, is local, etc.

Hi Jeff!

The first server is 192.168.1.1, which is my dedicated, local caching/RBL 
nameserver.  It works and is not overtaxed and the network connecting the mail 
servers to the nameserver is solid (100Mbps FDX).

-Rich

Re: ***SPAM*** SpamAssassin dns timeouts... why?!

Posted by Jeff Chan <je...@surbl.org>.
On Wednesday, December 6, 2006, 2:19:11 PM, Richard Alloway wrote:
> Any idea what could be wrong?  I'm rapidly running out of ways to try to
> increase performance here.

Net::DNS uses the first server in your resolv.conf .  Make sure
that server works, is local, etc.

Jeff C.
-- 
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/