You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Tom Yates <ma...@teaparty.net> on 2004/09/28 22:41:03 UTC
DNS-related tests don't seem to be working
i've just upgraded to SA 3.0.0 (thanks, theo) on a RH9 box, and
effectiveness has dropped from <1% false negatives to about 5% false
negatives. looking at the output, it suggests that DNS-related tests
(specifically SPF, but i also suspect the various blacklist tests) aren't
working.
i've fed it a piece of false-negative spam which i know (from the email
header checker at spftools.infinitepenguins.net) should definitely give a
softfail, and yet the SA headers make no reference to this test at all.
i'm putting some of the output of spamd -D below; there an awful lot, but
i can send the whole lot if someone's willing to plough through it!
any light anyone can shed on what's going on - are all DNS-related tests
really being skipped, and if so, why? - will be gratefully received.
debug: config: read file /usr/share/spamassassin/10_misc.cf
debug: config: read file /usr/share/spamassassin/20_anti_ratware.cf
debug: config: read file /usr/share/spamassassin/20_body_tests.cf
debug: config: read file /usr/share/spamassassin/20_compensate.cf
debug: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf
debug: config: read file /usr/share/spamassassin/20_drugs.cf
debug: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf
debug: config: read file /usr/share/spamassassin/20_head_tests.cf
debug: config: read file /usr/share/spamassassin/20_html_tests.cf
debug: config: read file /usr/share/spamassassin/20_meta_tests.cf
debug: config: read file /usr/share/spamassassin/20_phrases.cf
debug: config: read file /usr/share/spamassassin/20_porn.cf
debug: config: read file /usr/share/spamassassin/20_ratware.cf
debug: config: read file /usr/share/spamassassin/20_uri_tests.cf
debug: config: read file /usr/share/spamassassin/23_bayes.cf
debug: config: read file /usr/share/spamassassin/25_body_tests_es.cf
debug: config: read file /usr/share/spamassassin/25_hashcash.cf
debug: config: read file /usr/share/spamassassin/25_spf.cf
debug: config: read file /usr/share/spamassassin/25_uribl.cf
debug: config: read file /usr/share/spamassassin/30_text_de.cf
debug: config: read file /usr/share/spamassassin/30_text_fr.cf
debug: config: read file /usr/share/spamassassin/30_text_nl.cf
debug: config: read file /usr/share/spamassassin/30_text_pl.cf
debug: config: read file /usr/share/spamassassin/50_scores.cf
debug: config: read file /usr/share/spamassassin/60_whitelist.cf
debug: using "/etc/mail/spamassassin" for site rules dir
debug: config: read file /etc/mail/spamassassin/local.cf
debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC
debug: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x83cbad8)
debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC
debug: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8b92248)
debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC
debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x8b703a0)
[...]
debug: received-header: 'from' 127.0.0.1 has reserved IP
debug: received-header: cannot use DNS, do not trust any hosts from here on
debug: received-header: relay 127.0.0.1 trusted? yes internal? no
[...]
debug: is spam? score=-3.1 required=4
debug: tests=ALL_TRUSTED,BAYES_50,HTML_30_40,HTML_MESSAGE,MIME_HTML_ONLY
debug: subtests=__CT,__CTE,__CTYPE_HTML,__HAS_MSGID,__HAS_SUBJECT,__HAS_X_MAILER,__HAS_X_PRIORITY,__MIME_HTML,__MIME_VERSION,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__SANE_MSGID,__TAG_EXISTS_BODY,__TAG_EXISTS_HTML
logmsg: clean message (-3.1/4.0) for madhatta:500 in 3.7 seconds, 2119 bytes.
logmsg: result: . -3 - ALL_TRUSTED,BAYES_50,HTML_30_40,HTML_MESSAGE,MIME_HTML_ONLY scantime=3.7,size=2119,mid=<05...@risby.gatekeeper.ltd.uk>,bayes=0.500000000434935,autolearn=ham
--
Tom Yates
Cambridge, UK.
Re: DNS-related tests don't seem to be working
Posted by Tom Yates <ma...@teaparty.net>.
On Tue, 28 Sep 2004, Tom Yates wrote:
> i've just upgraded to SA 3.0.0 (thanks, theo) on a RH9 box, and
> effectiveness has dropped from <1% false negatives to about 5% false
> negatives. looking at the output, it suggests that DNS-related tests
> (specifically SPF, but i also suspect the various blacklist tests)
> aren't working.
in case anyone's searching the archives for a similar problem, the issue
was the Net::DNS was too old a version. this showed up when i ran
"spamassassin -D" against a piece of unfiltered spam, and got output which
included:
debug: Net::DNS version is 0.31, but need 0.34
to get SA working fully, including SPF tests, it was necessary to get from
CPAN, build, and install the following modules:
Net-DNS-0.48.tar.gz
Mail-SPF-Query-1.997.tar.gz
Net-CIDR-Lite-0.15.tar.gz
(for those even less experienced than me: download, tar xvzf to unpack, cd
to the new directory, perl Makefile.PL && make && make install). don't
forget to restart spamd afterwards.
doubtless later versions, and possibly earlier ones, would have done just
as well, but this is what i used, and this is what works for me. SA is
back to <1% false negatives, and i'm ecstatic again.
thanks to all the SA developers - you rock!
--
Tom Yates
Cambridge, UK.