You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by LAWRENCE WILLIAMS <la...@nl.rogers.com> on 2010/08/26 23:35:25 UTC
enabling SpamHaus DBL
Hi,
I installed SpamAssassin 3.3.1 from CPAN (running CentOS 5.5) 5 days ago and
have it running as a daemon (spamd).
I see that support for the SpamHaus DBL was added in 3.3.1, but it seems to be
disabled by default (I've had several near-spam messages come in that contain
domains listed in the DBL) as the URIBL_DBL_SPAM rule is mentioned nowhere in
the headers of any of them.
I see it is listed in the file 25_uribl.cf (ran sa-update as soon as install was
finished and restarted spamd). How do I go about enabling it? What do I have to
add to local.cf or edit elsewhere?
Regards,
Lawrence Williams
Re: enabling SpamHaus DBL
Posted by RW <rw...@googlemail.com>.
On Thu, 26 Aug 2010 15:09:51 -0700 (PDT)
LAWRENCE WILLIAMS <la...@nl.rogers.com> wrote:
> I am getting nothing hitting on it. I had one e-mail with a link
> directly to midpage dot ru (HTML link) and nothing was triggered.
> What do you have set for skip_rbl_checks?
>
I don't set it, or skip_uribl_checks.
Re: enabling SpamHaus DBL
Posted by Mark Martinec <Ma...@ijs.si>.
> It is definitely something with those resolvers. When I try the host
> command you gave me, I get the following error:
> Host midpage.ru.dbl.spamhaus.org. not found: 3(NXDOMAIN)
> I am contacting the DC now and will hopefully have no further need for
> assistance on this mailing list :)
See also:
http://www.spamhaus.org/faq/answers.lasso?section=DNSBL%20Usage#220
It's quite likely your large DNS resolving service provider is not paying
for a commercial license to SpamHaus for the benefit of all its users.
Mark
Re: enabling SpamHaus DBL
Posted by David B Funk <db...@engineering.uiowa.edu>.
On Tue, 31 Aug 2010, Mark Martinec wrote:
> Lawrence,
>
> > This is a dedicated server in a facility in the US. The server is
> > configured to use the resolvers 4.2.2.1 and 4.2.2.2
> >
> > I wouldn't dream of relying on Google for anything :)
>
> Like I said, your resolver is tricking you. Either by its
> own fault, or SpamHaus is intentionally not providing useful
> results to your DNS resplver:
>
> good (my own resolver):
> $ host -t a midpage.ru.dbl.spamhaus.org.
> midpage.ru.dbl.spamhaus.org has address 127.0.1.2
>
[snip..]
> bad:
> $ host -t a midpage.ru.dbl.spamhaus.org. 4.2.2.2
> Using domain server:
> Name: 4.2.2.2
> Address: 4.2.2.2#53
>
> bad:
> $ host -t a midpage.ru.dbl.spamhaus.org. 8.8.8.8
> Using domain server:
> Name: 8.8.8.8
> Address: 8.8.8.8#53
>
>
> There is no good reason to use ISP's or some public DNS resolver
> for anything but the smallest home network. Just install 'unbound',
> or 'bind' in resolving-only mode.
>
> Mark
Mark is right.
Spamhaus has a policy of blocking any DNS server which makes "too many"
queries/day against their publicly available DNSBL lists. If you run a
"busy" mail system they want you to buy a data feed.
See: http://www.spamhaus.org/organization/dnsblusage.html
So by using some public/ISP's DNS server, your queries are getting
aggregated with everybody else using that DNS server and probably going
over the Spamhaus limit.
Run your own DNS server/resolver pointing directy to the spamhaus lists
and you won't have that problem. If they still block you then it will be
only your own use and you know that you'll have to spring for the paid
service.
BTW, even if you're below the Spamhaus 100k messages/day limit you can
still exceed the queries/day limit. SA makes multiple queries/message
and when combined with potential MTA queries can result in overload.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
Re: enabling SpamHaus DBL
Posted by LAWRENCE WILLIAMS <la...@nl.rogers.com>.
Hi Mark,
It is definitely something with those resolvers. When I try the host command you
gave me, I get the following error:
Host midpage.ru.dbl.spamhaus.org. not found: 3(NXDOMAIN)
I am contacting the DC now and will hopefully have no further need for
assistance on this mailing list :)
Thank you for your help!
Regards,
Lawrence
________________________________
From: Mark Martinec <Ma...@ijs.si>
To: users@spamassassin.apache.org
Sent: Mon, August 30, 2010 9:20:53 PM
Subject: Re: enabling SpamHaus DBL
Lawrence,
> > Either your DNS resolver is borked, or your firewall/home-router
> > is playing jokes on you.
> > Are you using Google Public DNS for this? Don't!
> This is a dedicated server in a facility in the US. The server is
> configured to use the resolvers 4.2.2.1 and 4.2.2.2
>
> I wouldn't dream of relying on Google for anything :)
Like I said, your resolver is tricking you. Either by its
own fault, or SpamHaus is intentionally not providing useful
results to your DNS resplver:
good (my own resolver):
$ host -t a midpage.ru.dbl.spamhaus.org.
midpage.ru.dbl.spamhaus.org has address 127.0.1.2
good:
host -t a midpage.ru.dbl.spamhaus.org resolver1.opendns.com
Using domain server:
Name: resolver1.opendns.com
Address: 208.67.222.222#53
midpage.ru.dbl.spamhaus.org has address 127.0.1.2
bad:
$ host -t a midpage.ru.dbl.spamhaus.org. 4.2.2.2
Using domain server:
Name: 4.2.2.2
Address: 4.2.2.2#53
bad:
$ host -t a midpage.ru.dbl.spamhaus.org. 8.8.8.8
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
There is no good reason to use ISP's or some public DNS resolver
for anything but the smallest home network. Just install 'unbound',
or 'bind' in resolving-only mode.
Mark
Re: enabling SpamHaus DBL
Posted by Mark Martinec <Ma...@ijs.si>.
Lawrence,
> > Either your DNS resolver is borked, or your firewall/home-router
> > is playing jokes on you.
> > Are you using Google Public DNS for this? Don't!
> This is a dedicated server in a facility in the US. The server is
> configured to use the resolvers 4.2.2.1 and 4.2.2.2
>
> I wouldn't dream of relying on Google for anything :)
Like I said, your resolver is tricking you. Either by its
own fault, or SpamHaus is intentionally not providing useful
results to your DNS resplver:
good (my own resolver):
$ host -t a midpage.ru.dbl.spamhaus.org.
midpage.ru.dbl.spamhaus.org has address 127.0.1.2
good:
host -t a midpage.ru.dbl.spamhaus.org resolver1.opendns.com
Using domain server:
Name: resolver1.opendns.com
Address: 208.67.222.222#53
midpage.ru.dbl.spamhaus.org has address 127.0.1.2
bad:
$ host -t a midpage.ru.dbl.spamhaus.org. 4.2.2.2
Using domain server:
Name: 4.2.2.2
Address: 4.2.2.2#53
bad:
$ host -t a midpage.ru.dbl.spamhaus.org. 8.8.8.8
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
There is no good reason to use ISP's or some public DNS resolver
for anything but the smallest home network. Just install 'unbound',
or 'bind' in resolving-only mode.
Mark
Re: enabling SpamHaus DBL
Posted by Mark Martinec <Ma...@ijs.si>.
Lawrence,
> Here is a link to the complete output.
> http://www.lcwsoft.com/salintoutput/salintoutput.txt
The midpage(d)ru should have been listed in SpamHaus DBL,
but you are receiving a negative response:
dbg: async: starting: URI-DNSBL, DNSBL:dbl.spamhaus.org.:midpage.ru
dbg: async: completed in 0.021 s: URI-DNSBL, DNSBL:dbl.spamhaus.org.:midpage.ru
dbg: async: completed in 0.021 s: URI-DNSBL, DNSBL:dob.sibl.support-intelligence.net:midpage.ru
Either your DNS resolver is borked, or your firewall/home-router is playing
jokes on you.
Are you using Google Public DNS for this? Don't!
Mark
Re: enabling SpamHaus DBL
Posted by LAWRENCE WILLIAMS <la...@nl.rogers.com>.
Mark's suggestion to switch resolvers seems to have resolved the issue. Thanks
to Mark and everyone for his help.
Regards,
Lawrence
________________________________
From: Benny Pedersen <me...@junc.org>
To: users@spamassassin.apache.org
Sent: Mon, August 30, 2010 10:09:53 PM
Subject: Re: enabling SpamHaus DBL
On tir 31 aug 2010 00:34:33 CEST, LAWRENCE WILLIAMS wrote
> Here is a link to the complete output.
>
> http://www.lcwsoft.com/salintoutput/salintoutput.txt
Aug 30 20:00:47.455 [19467] dbg: async: aborting after 7.423 s, deadline shrunk:
URI-DNSBL, DNSBL:multi.uribl.com.:with.com
have a cacheing name server ?
bad:
#/etc/resolv.conf
nameserver 123.123.123.123
nameserver 123.123.123.122
good:
#/etc/resolv.conf
nameserver 127.0.0.1
and then install a bind dns server with default settings only listen on
127.0.0.1 and no forwards, forwards in dns is evil :)
--xpoint http://www.unicom.com/pw/reply-to-harmful.html
Re: enabling SpamHaus DBL
Posted by Benny Pedersen <me...@junc.org>.
On tir 31 aug 2010 00:34:33 CEST, LAWRENCE WILLIAMS wrote
> Here is a link to the complete output.
>
> http://www.lcwsoft.com/salintoutput/salintoutput.txt
Aug 30 20:00:47.455 [19467] dbg: async: aborting after 7.423 s,
deadline shrunk: URI-DNSBL, DNSBL:multi.uribl.com.:with.com
have a cacheing name server ?
bad:
#/etc/resolv.conf
nameserver 123.123.123.123
nameserver 123.123.123.122
good:
#/etc/resolv.conf
nameserver 127.0.0.1
and then install a bind dns server with default settings only listen
on 127.0.0.1 and no forwards, forwards in dns is evil :)
--
xpoint http://www.unicom.com/pw/reply-to-harmful.html
Re: enabling SpamHaus DBL
Posted by LAWRENCE WILLIAMS <la...@nl.rogers.com>.
Here is a link to the complete output.
http://www.lcwsoft.com/salintoutput/salintoutput.txt
Any ideas?
Regards,
Lawrence
________________________________
From: Mark Martinec <Ma...@ijs.si>
To: users@spamassassin.apache.org
Sent: Mon, August 30, 2010 7:21:42 PM
Subject: Re: enabling SpamHaus DBL
On Monday August 30 2010 21:19:22 LAWRENCE WILLIAMS wrote:
> I think I was confused for a second. I merely posted the --lint output so
> that a better eye could see if it showed anything that was obviously
> wrong. I do not run SA this way normally.
>
> Like I said before, I am using a stock SA 3.3.1 with the
> updates.spamassassin.org channel set to update weekly and the 2 extra
> configuration file I linked to earlier (which modify some scores and make
> sure DCC is run properly).
So post now the debug output without the --lint option.
Mark
Re: enabling SpamHaus DBL
Posted by Mark Martinec <Ma...@ijs.si>.
On Monday August 30 2010 21:19:22 LAWRENCE WILLIAMS wrote:
> I think I was confused for a second. I merely posted the --lint output so
> that a better eye could see if it showed anything that was obviously
> wrong. I do not run SA this way normally.
>
> Like I said before, I am using a stock SA 3.3.1 with the
> updates.spamassassin.org channel set to update weekly and the 2 extra
> configuration file I linked to earlier (which modify some scores and make
> sure DCC is run properly).
So post now the debug output without the --lint option.
Mark
Re: enabling SpamHaus DBL
Posted by LAWRENCE WILLIAMS <la...@nl.rogers.com>.
I think I was confused for a second. I merely posted the --lint output so that a
better eye could see if it showed anything that was obviously wrong. I do not
run SA this way normally.
Like I said before, I am using a stock SA 3.3.1 with the
updates.spamassassin.org channel set to update weekly and the 2 extra
configuration file I linked to earlier (which modify some scores and make sure
DCC is run properly).
________________________________
From: Mark Martinec <Ma...@ijs.si>
To: users@spamassassin.apache.org
Sent: Mon, August 30, 2010 3:11:59 PM
Subject: Re: enabling SpamHaus DBL
>>> spamassassin --lint -D output:
>>> http://www.lcwsoft.com/salintoutput/salintoutput_debug.txt
> > Option --lint implies --local-only
> How do I work around this?
Do not specify --lint when doing a normal mail check.
This option is intended for syntactic check of config files and rules
only, to be used (once) after editing a config file or updating rules.
It is not supposed to be used in normal mail checking operations.
Mark
Re: enabling SpamHaus DBL
Posted by Bowie Bailey <Bo...@BUC.com>.
On 8/30/2010 1:41 PM, Mark Martinec wrote:
>>>> spamassassin --lint -D output:
>>>> http://www.lcwsoft.com/salintoutput/salintoutput_debug.txt
>>> Option --lint implies --local-only
>> How do I work around this?
> Do not specify --lint when doing a normal mail check.
>
> This option is intended for syntactic check of config files and rules
> only, to be used (once) after editing a config file or updating rules.
>
> It is not supposed to be used in normal mail checking operations.
But if you leave it off, you need to pass in an email to scan otherwise
SA will just sit there waiting for input.
spamassassin -D < test.msg
--
Bowie
Re: enabling SpamHaus DBL
Posted by Mark Martinec <Ma...@ijs.si>.
>>> spamassassin --lint -D output:
>>> http://www.lcwsoft.com/salintoutput/salintoutput_debug.txt
> > Option --lint implies --local-only
> How do I work around this?
Do not specify --lint when doing a normal mail check.
This option is intended for syntactic check of config files and rules
only, to be used (once) after editing a config file or updating rules.
It is not supposed to be used in normal mail checking operations.
Mark
Re: enabling SpamHaus DBL
Posted by Benny Pedersen <me...@junc.org>.
On man 30 aug 2010 18:55:44 CEST, LAWRENCE WILLIAMS wrote
> How do I work around this?
spamassassin 2>&1 -D -t msgfile | less
--
xpoint http://www.unicom.com/pw/reply-to-harmful.html
Re: enabling SpamHaus DBL
Posted by LAWRENCE WILLIAMS <la...@nl.rogers.com>.
How do I work around this?
- Lawrence
________________________________
From: Mark Martinec <Ma...@ijs.si>
To: users@spamassassin.apache.org
Sent: Mon, August 30, 2010 2:21:03 PM
Subject: Re: enabling SpamHaus DBL
On Saturday 28 August 2010 20:00:11 LAWRENCE WILLIAMS wrote:
> He was talking about RBL checks when he said that, not the DBL. I think it
> was just that he used a non-standard format in his reply, which confuses
> some people
>
> Regardless, it is still not working for me. I completely removed and
> re-installed SA 3.3.1 again, with my only change being 2 files to override
> some scores and ensure some settings
>
> Here are links to the files so you can see them and confirm I've done
> nothing bad:
>
> http://www.lcwsoft.com/salintoutput/zlcwsoft.cf
> http://www.lcwsoft.com/salintoutput/zlcwsoft.pre
>
> spamassassin --lint -D output:
> http://www.lcwsoft.com/salintoutput/salintoutput_debug.txt
>
> I don't see anything obvious that would prevent SA from communicating with
> the DBL.
Option --lint implies --local-only
Aug 28 15:17:09.433 [12257] dbg: reporter: local tests only, disabling SpamCop
Aug 28 15:17:09.476 [12257] dbg: dcc: local tests only, disabling DCC
Aug 28 15:17:09.477 [12257] dbg: razor2: local tests only, skipping Razor
Mark
Re: enabling SpamHaus DBL
Posted by Mark Martinec <Ma...@ijs.si>.
On Saturday 28 August 2010 20:00:11 LAWRENCE WILLIAMS wrote:
> He was talking about RBL checks when he said that, not the DBL. I think it
> was just that he used a non-standard format in his reply, which confuses
> some people
>
> Regardless, it is still not working for me. I completely removed and
> re-installed SA 3.3.1 again, with my only change being 2 files to override
> some scores and ensure some settings
>
> Here are links to the files so you can see them and confirm I've done
> nothing bad:
>
> http://www.lcwsoft.com/salintoutput/zlcwsoft.cf
> http://www.lcwsoft.com/salintoutput/zlcwsoft.pre
>
> spamassassin --lint -D output:
> http://www.lcwsoft.com/salintoutput/salintoutput_debug.txt
>
> I don't see anything obvious that would prevent SA from communicating with
> the DBL.
Option --lint implies --local-only
Aug 28 15:17:09.433 [12257] dbg: reporter: local tests only, disabling SpamCop
Aug 28 15:17:09.476 [12257] dbg: dcc: local tests only, disabling DCC
Aug 28 15:17:09.477 [12257] dbg: razor2: local tests only, skipping Razor
Mark
Re: enabling SpamHaus DBL
Posted by LAWRENCE WILLIAMS <la...@nl.rogers.com>.
Hi,
He was talking about RBL checks when he said that, not the DBL. I think it was
just that he used a non-standard format in his reply, which confuses some people
Regardless, it is still not working for me. I completely removed and
re-installed SA 3.3.1 again, with my only change being 2 files to override some
scores and ensure some settings
Here are links to the files so you can see them and confirm I've done nothing
bad:
http://www.lcwsoft.com/salintoutput/zlcwsoft.cf
http://www.lcwsoft.com/salintoutput/zlcwsoft.pre
spamassassin --lint -D output:
http://www.lcwsoft.com/salintoutput/salintoutput_debug.txt
I don't see anything obvious that would prevent SA from communicating with the
DBL.
Thanks to everyone for trying to help.
- Lawrence
________________________________
From: R-Elists <li...@abbacomm.net>
To: users@spamassassin.apache.org
Sent: Sat, August 28, 2010 1:33:14 PM
Subject: RE: enabling SpamHaus DBL
benny
i meant your description of DBL
i went to their website and everything they said was opposite of what you
said
- rh
RE: enabling SpamHaus DBL
Posted by R-Elists <li...@abbacomm.net>.
benny
i meant your description of DBL
i went to their website and everything they said was opposite of what you
said
- rh
RE: enabling SpamHaus DBL
Posted by Benny Pedersen <me...@junc.org>.
On lør 28 aug 2010 08:12:02 CEST, R-Elists wrote
> it appears you might have it backwards...
for the skip_rbl_checks? no
> http://www.spamhaus.org/dbl/
this list does not contain ip
if skip_rbl_checks disable uribl testing let me know :=)
--
xpoint http://www.unicom.com/pw/reply-to-harmful.html
RE: enabling SpamHaus DBL
Posted by R-Elists <li...@abbacomm.net>.
>
> this is not urls, but ip blacklisted dns ip
>
> url is another test
>
> --
> xpoint
>
benny,
it appears you might have it backwards...
http://www.spamhaus.org/dbl/
http://www.spamhaus.org/faq/answers.lasso?section=Spamhaus%20DBL#287
- rh
Re: enabling SpamHaus DBL
Posted by Benny Pedersen <me...@junc.org>.
On fre 27 aug 2010 01:30:41 CEST, LAWRENCE WILLIAMS wrote
> I figured as such. Either way, I have the following at the end of my local.cf
> file (which I confirmed SA 3.3.1 is using, as I used it to tweak
> Bayes autolearn
> settings and they are in effect).
>
> # Look up e-mail links in variable DNS BLs
> # Make sure plugin is loaded first
> loadplugin Mail::SpamAssassin::Plugin::URIDNSBL
this should not be in a cf file but pre
edit the right file helps :=)
> ifplugin Mail::SpamAssassin::Plugin::URIDNSBL
> skip_uribl_checks 0
this setting is not a plugin setting
> uridnsbl_max_domains 20
this one is ok
> rbl_timeout 20
this is not a url test
> endif
>
> I chose to be a bit more verbose in this block as I don't want to assume
> anything is set properly.
now read
perldoc Mail::SpamAssassin::Conf
maybee more perldocs ? :=)
--
xpoint http://www.unicom.com/pw/reply-to-harmful.html
Re: enabling SpamHaus DBL
Posted by LAWRENCE WILLIAMS <la...@nl.rogers.com>.
I figured as such. Either way, I have the following at the end of my local.cf
file (which I confirmed SA 3.3.1 is using, as I used it to tweak Bayes autolearn
settings and they are in effect).
# Look up e-mail links in variable DNS BLs
# Make sure plugin is loaded first
loadplugin Mail::SpamAssassin::Plugin::URIDNSBL
ifplugin Mail::SpamAssassin::Plugin::URIDNSBL
skip_uribl_checks 0
uridnsbl_max_domains 20
rbl_timeout 20
endif
I chose to be a bit more verbose in this block as I don't want to assume
anything is set properly.
________________________________
From: Benny Pedersen <me...@junc.org>
To: users@spamassassin.apache.org
Sent: Thu, August 26, 2010 8:34:37 PM
Subject: Re: enabling SpamHaus DBL
On fre 27 aug 2010 00:09:51 CEST, LAWRENCE WILLIAMS wrote
> I am getting nothing hitting on it. I had one e-mail with a link directly to
> midpage dot ru (HTML link) and nothing was triggered. What do you have set for
>skip_rbl_checks?
this is not urls, but ip blacklisted dns ip
url is another test
--xpoint http://www.unicom.com/pw/reply-to-harmful.html
Re: enabling SpamHaus DBL
Posted by Benny Pedersen <me...@junc.org>.
On fre 27 aug 2010 00:09:51 CEST, LAWRENCE WILLIAMS wrote
> I am getting nothing hitting on it. I had one e-mail with a link directly to
> midpage dot ru (HTML link) and nothing was triggered. What do you
> have set for skip_rbl_checks?
this is not urls, but ip blacklisted dns ip
url is another test
--
xpoint http://www.unicom.com/pw/reply-to-harmful.html
Re: enabling SpamHaus DBL
Posted by LAWRENCE WILLIAMS <la...@nl.rogers.com>.
I am getting nothing hitting on it. I had one e-mail with a link directly to
midpage dot ru (HTML link) and nothing was triggered. What do you have set for
skip_rbl_checks?
________________________________
From: RW <rw...@googlemail.com>
To: users@spamassassin.apache.org
Sent: Thu, August 26, 2010 7:26:49 PM
Subject: Re: enabling SpamHaus DBL
On Thu, 26 Aug 2010 14:35:25 -0700 (PDT)
LAWRENCE WILLIAMS <la...@nl.rogers.com> wrote:
> Hi,
>
> I installed SpamAssassin 3.3.1 from CPAN (running CentOS 5.5) 5 days
> ago and have it running as a daemon (spamd).
>
> I see that support for the SpamHaus DBL was added in 3.3.1, but it
> seems to be disabled by default (I've had several near-spam messages
> come in that contain domains listed in the DBL) as the URIBL_DBL_SPAM
> rule is mentioned nowhere in the headers of any of them.
>
> I see it is listed in the file 25_uribl.cf (ran sa-update as soon as
> install was finished and restarted spamd). How do I go about enabling
> it? What do I have to add to local.cf or edit elsewhere?
>
It's enabled by default.
score URIBL_DBL_SPAM 0 1.7 0 1.7
if it were disabled those score would all be zero. I'm getting hits on
it.
Re: enabling SpamHaus DBL
Posted by RW <rw...@googlemail.com>.
On Thu, 26 Aug 2010 14:35:25 -0700 (PDT)
LAWRENCE WILLIAMS <la...@nl.rogers.com> wrote:
> Hi,
>
> I installed SpamAssassin 3.3.1 from CPAN (running CentOS 5.5) 5 days
> ago and have it running as a daemon (spamd).
>
> I see that support for the SpamHaus DBL was added in 3.3.1, but it
> seems to be disabled by default (I've had several near-spam messages
> come in that contain domains listed in the DBL) as the URIBL_DBL_SPAM
> rule is mentioned nowhere in the headers of any of them.
>
> I see it is listed in the file 25_uribl.cf (ran sa-update as soon as
> install was finished and restarted spamd). How do I go about enabling
> it? What do I have to add to local.cf or edit elsewhere?
>
It's enabled by default.
score URIBL_DBL_SPAM 0 1.7 0 1.7
if it were disabled those score would all be zero. I'm getting hits on
it.