You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Chris <cp...@embarqmail.com> on 2016/08/17 02:54:48 UTC
connection refused resolving
'166.170.166.108.bb.barracudacentral.org
I haven't been paying much attention to the spamd entries in my syslog
until I upgraded my Ubuntu 14.04 desktop to 16.04 and started running
tail on my syslog daily and noticed the issue with barracudacentral.org
and resl.emailreg.org. I started to notice the below entries. Looking
back through a years or so of hourly syslog snippets I found that all
was ok on 19 May this year
May 19 11:08:14 localhost named[1081]: success resolving
'205.6.174.108.bb.barracudacentral.org/A' (in
'bb.barracudacentral.org'?) after disabling EDNS
On the 23rd of May the below started happening:
spamd[7099]: spamd: connection from ip6-localhost [::1]:57298 to port
783, fd 5
localhost spamd[7099]: spamd: setuid to chris succeeded
localhost spamd[7099]: spamd: processing message <ab3cb9b2103ba1df4977a
32e18b512@garden.org> for chris:1000�
localhost named[25689]: connection refused resolving
'166.170.166.108.bb.barracudacentral.org/A/IN': 64.235.145.15#53
localhost named[25689]: connection refused resolving
'167.170.166.108.bb.barracudacentral.org/A/IN': 64.235.145.15#53
localhost named[25689]: connection refused resolving�
'167.170.166.108.resl.emailreg.org/A/IN': 174.129.248.63#53
localhost named[25689]: connection refused resolving
'166.170.166.108.resl.emailreg.org/A/IN': 174.129.248.63#53
Which continues through today. Is there a ruleset I can change or
something else I can do to stop this being queried?�
Info on my SA is:
SpamAssassin Server version 3.4.1
� running on Perl 5.22.1
� with SSL support (IO::Socket::SSL 2.024)
� with zlib support (Compress::Zlib 2.068)
Also Ubuntu 16.04.1LTS
--
Chris
KeyID 0xE372A7DA98E6705C
31.11972; -97.90167 (Elev. 1092 ft)
18:05:36 up 7 days, 22:57, 5 users, load average: 1.95, 1.00, 0.98
Ubuntu 16.04.1 LTS, kernel 4.4.0-34-generic #53-Ubuntu SMP Wed Jul 27 16:06:39 UTC 2016
Re: connection refused resolving
'166.170.166.108.bb.barracudacentral.org
Posted by Chris <cp...@embarqmail.com>.
On Wed, 2016-08-17 at 09:30 -0500, Chris wrote:
> On Wed, 2016-08-17 at 13:03 +0100, RW wrote:
> >
> > On Tue, 16 Aug 2016 21:54:48 -0500
> > Chris wrote:
> >
> > >
> > >
> > >
> > > spamd[7099]: spamd: connection from ip6-localhost [::1]:57298 to
> > > port
> > > 783, fd 5
> > > localhost spamd[7099]: spamd: setuid to chris succeeded
> > > localhost spamd[7099]: spamd: processing message
> > > <ab3cb9b2103ba1df4977a 32e18b512@garden.org> for chris:1000���
> > > localhost named[25689]: connection refused resolving
> > > '166.170.166.108.bb.barracudacentral.org/A/IN': 64.235.145.15#53
> > > localhost named[25689]: connection refused resolving
> > > '167.170.166.108.bb.barracudacentral.org/A/IN': 64.235.145.15#53
> > > localhost named[25689]: connection refused resolving�
> > > '167.170.166.108.resl.emailreg.org/A/IN': 174.129.248.63#53
> > > localhost named[25689]: connection refused resolving
> > > '166.170.166.108.resl.emailreg.org/A/IN': 174.129.248.63#53
> > >
> > > Which continues through today. Is there a ruleset I can change or
> > > something else I can do to stop this being queried?�
> > You can disable bb.barracudacentral.org with:
> >
> > score RCVD_IN_BRBL_LASTEXT���0
> >
> > but that one is working for me.
> >
> >
> > resl.emailreg.org isn't working for me and doesn't appear to be in
> > the
> > default rules.
> Thanks RW that took care of the 'barracudacentral' problem. My scan
> times are still running way too long and I'm sure it's due to:
>
> Aug 17 09:22:57 localhost named[25689]: connection refused resolving
> '11.134.201.205.resl.emailreg.org/A/IN': 174.129.248.63#53
>
> The seem to work together when scanning. I'll do some Googling and
> see
> what I can come up with on emailreg.
>
> Chris
Hmm, that seemed to work when I inserted what you put above for a
couple of scans but now it's back
Aug 17 10:41:21 localhost named[25689]: connection refused resolving
'167.170.166.108.bb.barracudacentral.org/A/IN': 64.235.145.15#53
Aug 17 10:41:21 localhost named[25689]: connection refused resolving
'166.170.166.108.bb.barracudacentral.org/A/IN': 64.235.145.15#53
Aug 17 10:41:21 localhost named[25689]: connection refused resolving
'167.170.166.108.resl.emailreg.org/A/IN': 174.129.248.63#53
Aug 17 10:41:21 localhost named[25689]: connection refused resolving
'166.170.166.108.resl.emailreg.org/A/IN': 174.129.248.63#53
--
Chris
KeyID 0xE372A7DA98E6705C
31.11972; -97.90167 (Elev. 1092 ft)
11:03:10 up 8 days, 15:54, 5 users, load average: 1.10, 0.58, 0.53
Ubuntu 16.04.1 LTS, kernel 4.4.0-34-generic #53-Ubuntu SMP Wed Jul 27 16:06:39 UTC 2016
Re: connection refused resolving
'166.170.166.108.bb.barracudacentral.org
Posted by Chris <cp...@embarqmail.com>.
On Wed, 2016-08-17 at 13:03 +0100, RW wrote:
> On Tue, 16 Aug 2016 21:54:48 -0500
> Chris wrote:
>
> >
> >
> > spamd[7099]: spamd: connection from ip6-localhost [::1]:57298 to
> > port
> > 783, fd 5
> > localhost spamd[7099]: spamd: setuid to chris succeeded
> > localhost spamd[7099]: spamd: processing message
> > <ab3cb9b2103ba1df4977a 32e18b512@garden.org> for chris:1000���
> > localhost named[25689]: connection refused resolving
> > '166.170.166.108.bb.barracudacentral.org/A/IN': 64.235.145.15#53
> > localhost named[25689]: connection refused resolving
> > '167.170.166.108.bb.barracudacentral.org/A/IN': 64.235.145.15#53
> > localhost named[25689]: connection refused resolving�
> > '167.170.166.108.resl.emailreg.org/A/IN': 174.129.248.63#53
> > localhost named[25689]: connection refused resolving
> > '166.170.166.108.resl.emailreg.org/A/IN': 174.129.248.63#53
> >
> > Which continues through today. Is there a ruleset I can change or
> > something else I can do to stop this being queried?�
> You can disable bb.barracudacentral.org with:
>
> score RCVD_IN_BRBL_LASTEXT���0
>
> but that one is working for me.
>
>
> resl.emailreg.org isn't working for me and doesn't appear to be in
> the
> default rules.
Thanks RW that took care of the 'barracudacentral' problem. My scan
times are still running way too long and I'm sure it's due to:
Aug 17 09:22:57 localhost named[25689]: connection refused resolving
'11.134.201.205.resl.emailreg.org/A/IN': 174.129.248.63#53
The seem to work together when scanning. I'll do some Googling and see
what I can come up with on emailreg.
Chris
--
Chris
KeyID 0xE372A7DA98E6705C
31.11972; -97.90167 (Elev. 1092 ft)
09:27:27 up 8 days, 14:18, 5 users, load average: 0.94, 1.00, 0.82
Ubuntu 16.04.1 LTS, kernel 4.4.0-34-generic #53-Ubuntu SMP Wed Jul 27 16:06:39 UTC 2016
Re: connection refused resolving
'166.170.166.108.bb.barracudacentral.org
Posted by RW <rw...@googlemail.com>.
On Tue, 16 Aug 2016 21:54:48 -0500
Chris wrote:
>
> spamd[7099]: spamd: connection from ip6-localhost [::1]:57298 to port
> 783, fd 5
> localhost spamd[7099]: spamd: setuid to chris succeeded
> localhost spamd[7099]: spamd: processing message
> <ab3cb9b2103ba1df4977a 32e18b512@garden.org> for chris:1000
> localhost named[25689]: connection refused resolving
> '166.170.166.108.bb.barracudacentral.org/A/IN': 64.235.145.15#53
> localhost named[25689]: connection refused resolving
> '167.170.166.108.bb.barracudacentral.org/A/IN': 64.235.145.15#53
> localhost named[25689]: connection refused resolving
> '167.170.166.108.resl.emailreg.org/A/IN': 174.129.248.63#53
> localhost named[25689]: connection refused resolving
> '166.170.166.108.resl.emailreg.org/A/IN': 174.129.248.63#53
>
> Which continues through today. Is there a ruleset I can change or
> something else I can do to stop this being queried?
You can disable bb.barracudacentral.org with:
score RCVD_IN_BRBL_LASTEXT 0
but that one is working for me.
resl.emailreg.org isn't working for me and doesn't appear to be in the
default rules.