You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Lukas Garberg <lu...@spritelink.net> on 2008/03/25 18:21:22 UTC

uridnsbl: domains to query: empty

Hi,

I'm having trouble with lots of false negatives on my primary spam
filter box,
running SA 3.2.3 and MailScanner 4.65.3-1. I tried to redirect all scanned
messages to an older box, running SA 3.2.0 and MailScanner 4.59.4,
forwarding all messaged catched by the older box but not the newer to a
certain mailbox for observation.

Suddenly the amount of spam in my and my colleagues' mailboxes dropped
significantly.

The messages catched by the older box but not the newer with few exceptions
have one thing in common; they got no URIBL hit on the SA 3.2.3 box but a
few on the 3.2.0 one.

During a few hours I've been running SA in debug mode
(Debug SpamAssassin = yes in MailScanner.conf)
to see what's going on,and what I can see is a lot of messages like

[3403] dbg: uridnsbl: domains to query:

(as a contrast to ie. [3416] dbg: uridnsbl: domains to query: felisooi.com)
on messages that later hit the URIBL-rules on the second machine.

Does this sound familiar to anyone?

I've read through the changelog for SA 3.2.4 and see no mention of such an
error.

Any ideas on what might be causing this?

Thank you in advance,
Lukas Garberg

Re: uridnsbl: domains to query: empty - more info

Posted by Lukas Garberg <lu...@spritelink.net>.

Hi all,

as I stated in my previous message, I have  a problem with  certain messages
not getting any URIDNSBL-hits, despite containing listed URL:s. The most
interesting part is that an older (SA 3.2.0) box seems to catch them
perfectly,
when the newer (first 3.2.3, now 3.2.4) don't seem to find any URL:s at all.

Anyway, using telnet to manually send a certain mail (see
http://ninja.spritelink.net/~olle/sa.txt) I've noticed that if I place the
period finishing the data-part of the SMTP-session at the line immediately
after the last line of text, I get the following SA report:
score=5.782, required 4, BAYES_99 4.00, RCVD_IN_PBL 0.91,
RCVD_IN_SORBS_DUL 0.88

However, if I instead end the mail with en empty, blank line before the
finishing period, I get the following result:
score=14.383, required 4, BAYES_99 4.00, DCC_CHECK 2.17,
DIGEST_MULTIPLE 0.00, RAZOR2_CF_RANGE_51_100 0.50,
RAZOR2_CF_RANGE_E8_51_100 1.50, RAZOR2_CHECK 0.50,
RCVD_IN_PBL 0.91, RCVD_IN_SORBS_DUL 0.88, URIBL_BLACK 1.96,
URIBL_JP_SURBL 1.50, URIBL_SC_SURBL 0.47

Both tests were carried out on the very same machine, the one with SA 3.2.4.
I did the test a few times and so far it has been 100% repeatable, on three
different machines running SA 3.2.4 and MailScanner 4.65.3-1.

May someone confirm this, or am I the only one seeing this problem?

Thank you in advance,
Lukas Garberg