You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Sebastian Arcus <s....@open-t.co.uk> on 2017/03/26 09:23:38 UTC
Dns Blocklists always returning 0 records
I have a server with SA where I just can't seem to get DNS based block
lists / RBL working. I have tested the same email message against
another server, and it gets hits from DNS block lists. But on this
particular server they just don't seem to work - but the dns queries are
not blocked either.
1. Both servers are on SA 3.4.1
2. I've ran sa-update on both of them.
3. Both servers have Perl Net::DNS installed
4. Both servers have Bind configured locally and running fine as a
caching name server.
5. On the problematic server, the dns based checks are being run, not
being blocked, but always returning 0 records.
What else can I check in the SA config or more widely on the server?
What could possible cause this? Any suggestions would be much appreciated.
I attach below a snippet of spamassassin -D output from the problem
server - but I'm happy to enclose here, or upload the whole thing
somewhere else if it helps:
#spamassassin -D 2>&1 < /test_email.eml | grep -i -A 3 "answer records"
</snip>
Mar 26 10:12:39.060 [7061] dbg: async: calling callback on key
dns:A:109.150.73.212.bb.barracudacentral.org
Mar 26 10:12:39.062 [7061] dbg: dns: dns reply 61164 is OK, 0 answer records
Mar 26 10:12:39.062 [7061] dbg: async: calling callback on key
dns:A:109.150.73.212.zen.spamhaus.org
Mar 26 10:12:39.064 [7061] dbg: dns: dns reply 20939 is OK, 0 answer records
Mar 26 10:12:39.064 [7061] dbg: async: calling callback on key
dns:TXT:109.150.73.212.sa-accredit.habeas.com
Mar 26 10:12:39.066 [7061] dbg: dns: dns reply 56465 is OK, 0 answer records
Mar 26 10:12:39.066 [7061] dbg: async: calling callback on key
dns:A:109.150.73.212.iadb.isipp.com
Mar 26 10:12:39.069 [7061] dbg: dns: dns reply 19262 is OK, 0 answer records
</snip>
Re: Dns Blocklists always returning 0 records
Posted by Sebastian Arcus <s....@open-t.co.uk>.
On 27/03/17 11:10, Kevin A. McGrail wrote:
> On 3/27/2017 5:28 AM, Sebastian Arcus wrote:
>>
>> And yet, no dns block lists make it to the final scores
>
> I have only filed the thread briefly but check your versions of Net::DNS.
The good server has Net::DNS 0.83 - so way out of date. The problem
server has Net::DNS 1.06 - so not quite latest, but still much newer
than the sever where SA works fine.
I've just upgraded Net::DNS on the problem server to 1.09 - I'm afraid
SA is still reporting zero hits from dns blocklists:
<snip>
Mar 27 21:24:05.900 [31500] dbg: async: calling callback on key
dns:A:109.150.73.212.zen.spamhaus.org
Mar 27 21:24:05.930 [31500] dbg: dns: dns reply 17643 is OK, 0 answer
records
</snip>
Bug dig still gets a hit on the same server:
#dig 109.150.73.212.zen.spamhaus.org
; <<>> DiG 9.10.4-P1 <<>> 109.150.73.212.zen.spamhaus.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55153
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;109.150.73.212.zen.spamhaus.org. IN A
;; ANSWER SECTION:
109.150.73.212.zen.spamhaus.org. 808 IN A 127.0.0.4
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Mar 27 21:48:08 BST 2017
;; MSG SIZE rcvd: 76
Re: Dns Blocklists always returning 0 records
Posted by "Kevin A. McGrail" <KM...@PCCC.com>.
On 3/27/2017 5:28 AM, Sebastian Arcus wrote:
>
> And yet, no dns block lists make it to the final scores
I have only filed the thread briefly but check your versions of Net::DNS.
Regards,
KAM
Re: Dns Blocklists always returning 0 records
Posted by Sebastian Arcus <s....@open-t.co.uk>.
On 26/03/17 14:12, David Jones wrote:
>> From: Sebastian Arcus <s....@open-t.co.uk>
>> Sent: Sunday, March 26, 2017 4:23 AM
>> To: users@spamassassin.apache.org
>> Subject: Dns Blocklists always returning 0 records
>
>> I have a server with SA where I just can't seem to get DNS based block
>> lists / RBL working. I have tested the same email message against
>> another server, and it gets hits from DNS block lists. But on this
>> particular server they just don't seem to work - but the dns queries are
>> not blocked either.
>
>> 1. Both servers are on SA 3.4.1
>> 2. I've ran sa-update on both of them.
>> 3. Both servers have Perl Net::DNS installed
>> 4. Both servers have Bind configured locally and running fine as a
>> caching name server.
>> 5. On the problematic server, the dns based checks are being run, not
>> being blocked, but always returning 0 records.
>
>> What else can I check in the SA config or more widely on the server?
>> What could possible cause this? Any suggestions would be much appreciated.
>
>> I attach below a snippet of spamassassin -D output from the problem
>> server - but I'm happy to enclose here, or upload the whole thing
>> somewhere else if it helps:
>
>> #spamassassin -D 2>&1 < /test_email.eml | grep -i -A 3 "answer records"
>
>> </snip>
>
>> Mar 26 10:12:39.060 [7061] dbg: async: calling callback on key
>> dns:A:109.150.73.212.bb.barracudacentral.org
>> Mar 26 10:12:39.062 [7061] dbg: dns: dns reply 61164 is OK, 0 answer records
>> Mar 26 10:12:39.062 [7061] dbg: async: calling callback on key
>> dns:A:109.150.73.212.zen.spamhaus.org
>> Mar 26 10:12:39.064 [7061] dbg: dns: dns reply 20939 is OK, 0 answer records
>> Mar 26 10:12:39.064 [7061] dbg: async: calling callback on key
>> dns:TXT:109.150.73.212.sa-accredit.habeas.com
>> Mar 26 10:12:39.066 [7061] dbg: dns: dns reply 56465 is OK, 0 answer records
>> Mar 26 10:12:39.066 [7061] dbg: async: calling callback on key
>> dns:A:109.150.73.212.iadb.isipp.com
>> Mar 26 10:12:39.069 [7061] dbg: dns: dns reply 19262 is OK, 0 answer records
>
>> </snip>
>
> I get this response on my working SA servers for the IP address above:
>
> ;; ANSWER SECTION:
> 109.150.73.212.zen.spamhaus.org. 300 IN A 127.0.0.4
>
> What does the output of this commnd say on your SA server?
>
> dig test.dbl.spamhaus.org
>
> Compare the output on both servers. I suspect this will point you in
> the right direction. For example, "SERVER:" should point to 127.0.0.1.
On the problem server, if I run:
#dig 109.150.73.212.zen.spamhaus.org
I get:
;; ANSWER SECTION:
109.150.73.212.zen.spamhaus.org. 337 IN A 127.0.0.4
And I can also see it is using 127.0.0.1 as the server.
I can even see in the SA debug output (on the problem server):
Mar 27 10:25:12.173 [23914] dbg: dns: hit
<dns:109.150.73.212.zen.spamhaus.org> 127.0.0.4
And yet, no dns block lists make it to the final scores.
Re: Dns Blocklists always returning 0 records
Posted by David Jones <dj...@ena.com>.
>From: Sebastian Arcus <s....@open-t.co.uk>
>Sent: Sunday, March 26, 2017 4:23 AM
>To: users@spamassassin.apache.org
>Subject: Dns Blocklists always returning 0 records
>I have a server with SA where I just can't seem to get DNS based block
>lists / RBL working. I have tested the same email message against
>another server, and it gets hits from DNS block lists. But on this
>particular server they just don't seem to work - but the dns queries are
>not blocked either.
>1. Both servers are on SA 3.4.1
>2. I've ran sa-update on both of them.
>3. Both servers have Perl Net::DNS installed
>4. Both servers have Bind configured locally and running fine as a
>caching name server.
>5. On the problematic server, the dns based checks are being run, not
>being blocked, but always returning 0 records.
>What else can I check in the SA config or more widely on the server?
>What could possible cause this? Any suggestions would be much appreciated.
>I attach below a snippet of spamassassin -D output from the problem
>server - but I'm happy to enclose here, or upload the whole thing
>somewhere else if it helps:
>#spamassassin -D 2>&1 < /test_email.eml | grep -i -A 3 "answer records"
></snip>
>Mar 26 10:12:39.060 [7061] dbg: async: calling callback on key
>dns:A:109.150.73.212.bb.barracudacentral.org
>Mar 26 10:12:39.062 [7061] dbg: dns: dns reply 61164 is OK, 0 answer records
>Mar 26 10:12:39.062 [7061] dbg: async: calling callback on key
>dns:A:109.150.73.212.zen.spamhaus.org
>Mar 26 10:12:39.064 [7061] dbg: dns: dns reply 20939 is OK, 0 answer records
>Mar 26 10:12:39.064 [7061] dbg: async: calling callback on key
>dns:TXT:109.150.73.212.sa-accredit.habeas.com
>Mar 26 10:12:39.066 [7061] dbg: dns: dns reply 56465 is OK, 0 answer records
>Mar 26 10:12:39.066 [7061] dbg: async: calling callback on key
>dns:A:109.150.73.212.iadb.isipp.com
>Mar 26 10:12:39.069 [7061] dbg: dns: dns reply 19262 is OK, 0 answer records
></snip>
I get this response on my working SA servers for the IP address above:
;; ANSWER SECTION:
109.150.73.212.zen.spamhaus.org. 300 IN A 127.0.0.4
What does the output of this commnd say on your SA server?
dig test.dbl.spamhaus.org
Compare the output on both servers. I suspect this will point you in
the right direction. For example, "SERVER:" should point to 127.0.0.1.
Dave