You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Tom Yates <ma...@teaparty.net> on 2004/09/28 22:41:03 UTC

DNS-related tests don't seem to be working

i've just upgraded to SA 3.0.0 (thanks, theo) on a RH9 box, and 
effectiveness has dropped from <1% false negatives to about 5% false 
negatives.  looking at the output, it suggests that DNS-related tests 
(specifically SPF, but i also suspect the various blacklist tests) aren't 
working.

i've fed it a piece of false-negative spam which i know (from the email 
header checker at spftools.infinitepenguins.net) should definitely give a 
softfail, and yet the SA headers make no reference to this test at all.

i'm putting some of the output of spamd -D below; there an awful lot, but 
i can send the whole lot if someone's willing to plough through it!

any light anyone can shed on what's going on - are all DNS-related tests 
really being skipped, and if so, why? - will be gratefully received.



debug: config: read file /usr/share/spamassassin/10_misc.cf
debug: config: read file /usr/share/spamassassin/20_anti_ratware.cf
debug: config: read file /usr/share/spamassassin/20_body_tests.cf
debug: config: read file /usr/share/spamassassin/20_compensate.cf
debug: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf
debug: config: read file /usr/share/spamassassin/20_drugs.cf
debug: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf
debug: config: read file /usr/share/spamassassin/20_head_tests.cf
debug: config: read file /usr/share/spamassassin/20_html_tests.cf
debug: config: read file /usr/share/spamassassin/20_meta_tests.cf
debug: config: read file /usr/share/spamassassin/20_phrases.cf
debug: config: read file /usr/share/spamassassin/20_porn.cf
debug: config: read file /usr/share/spamassassin/20_ratware.cf
debug: config: read file /usr/share/spamassassin/20_uri_tests.cf
debug: config: read file /usr/share/spamassassin/23_bayes.cf
debug: config: read file /usr/share/spamassassin/25_body_tests_es.cf
debug: config: read file /usr/share/spamassassin/25_hashcash.cf
debug: config: read file /usr/share/spamassassin/25_spf.cf
debug: config: read file /usr/share/spamassassin/25_uribl.cf
debug: config: read file /usr/share/spamassassin/30_text_de.cf
debug: config: read file /usr/share/spamassassin/30_text_fr.cf
debug: config: read file /usr/share/spamassassin/30_text_nl.cf
debug: config: read file /usr/share/spamassassin/30_text_pl.cf
debug: config: read file /usr/share/spamassassin/50_scores.cf
debug: config: read file /usr/share/spamassassin/60_whitelist.cf
debug: using "/etc/mail/spamassassin" for site rules dir
debug: config: read file /etc/mail/spamassassin/local.cf
debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC
debug: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x83cbad8)
debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC
debug: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8b92248)
debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC
debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x8b703a0)
[...]
debug: received-header: 'from' 127.0.0.1 has reserved IP
debug: received-header: cannot use DNS, do not trust any hosts from here on
debug: received-header: relay 127.0.0.1 trusted? yes internal? no
[...]
debug: is spam? score=-3.1 required=4
debug: tests=ALL_TRUSTED,BAYES_50,HTML_30_40,HTML_MESSAGE,MIME_HTML_ONLY
debug: subtests=__CT,__CTE,__CTYPE_HTML,__HAS_MSGID,__HAS_SUBJECT,__HAS_X_MAILER,__HAS_X_PRIORITY,__MIME_HTML,__MIME_VERSION,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__SANE_MSGID,__TAG_EXISTS_BODY,__TAG_EXISTS_HTML
logmsg: clean message (-3.1/4.0) for madhatta:500 in 3.7 seconds, 2119 bytes.
logmsg: result: . -3 - ALL_TRUSTED,BAYES_50,HTML_30_40,HTML_MESSAGE,MIME_HTML_ONLY scantime=3.7,size=2119,mid=<05...@risby.gatekeeper.ltd.uk>,bayes=0.500000000434935,autolearn=ham


-- 

   Tom Yates
   Cambridge, UK.

Re: DNS-related tests don't seem to be working

Posted by Tom Yates <ma...@teaparty.net>.

On Tue, 28 Sep 2004, Tom Yates wrote:

> i've just upgraded to SA 3.0.0 (thanks, theo) on a RH9 box, and 
> effectiveness has dropped from <1% false negatives to about 5% false 
> negatives.  looking at the output, it suggests that DNS-related tests 
> (specifically SPF, but i also suspect the various blacklist tests) 
> aren't working.

in case anyone's searching the archives for a similar problem, the issue 
was the Net::DNS was too old a version.  this showed up when i ran 
"spamassassin -D" against a piece of unfiltered spam, and got output which 
included:

debug: Net::DNS version is 0.31, but need 0.34

to get SA working fully, including SPF tests, it was necessary to get from 
CPAN, build, and install the following modules:

Net-DNS-0.48.tar.gz
Mail-SPF-Query-1.997.tar.gz
Net-CIDR-Lite-0.15.tar.gz

(for those even less experienced than me: download, tar xvzf to unpack, cd 
to the new directory, perl Makefile.PL && make && make install).  don't 
forget to restart spamd afterwards.

doubtless later versions, and possibly earlier ones, would have done just 
as well, but this is what i used, and this is what works for me.  SA is 
back to <1% false negatives, and i'm ecstatic again.

thanks to all the SA developers - you rock!

-- 

   Tom Yates
   Cambridge, UK.