You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Justin Mason <jm...@jmason.org> on 2005/02/17 21:49:51 UTC

Re: Continued problems with RBL

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Austin Weidner writes:
> > 127.0.0.2 is the standard answer that Spamcop gives if the requested
> > address is in its list.   If the address is not in its list, if returns
> > a NOT FOUND.   So it looks like you are right in that the problem is not
> > access-related.   Do you have a "dns_available" entry in your
> > /etc/mail/spamassassin/local.cf file?
> 
> Kevin,
> Initially I did not have a dns_available entry. Then, when I found out the
> DNS was timing out at 15 seconds, all my spamassassin scans were taking 20+
> seconds. So I added a dns_available no entry. This made my scans go down to
> less than a second, but obviously not using any outside tests.
> 
> HOWEVER, for testing purposes I have been commenting that out so it acts
> like a default config (and then restarting SA). I have tried both no entry
> and dns_available yes... neither with any success.
> 
> I think SA uses Net::DNS when it checks all the blacklists. We've proved NS
> lookup works so there is no problem there, so I think the problem is
> something with Net::DNS. Any other tips, I would sure appreciate it!

1. there have been some reports that Net::DNS will only look at the very
first nameserver listed in /etc/resolv.conf.   Have you checked how long
that takes to look up a (non-cached!) record?

2. I know you're not using Comcast's nameservers ;)   but FWIW, I had to
stop using them since they would regularly time out, even on routine
web-browsing queries.   I instead run my own root-querying named locally
now as a result.   Many large, inept ISPs have this problem.

- --j.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Exmh CVS

iD8DBQFCFQNvMJF5cimLx9ARArgcAJ9LZD2Xzt07QEgWBvfXcSD1asIEvwCfWWQ5
QPLSOsGbU7jkvfj06RMBfdU=
=XHV1
-----END PGP SIGNATURE-----

RE: Continued problems with RBL

Posted by Austin Weidner <we...@comcast.net>.

> 1. there have been some reports that Net::DNS will only look at the very
> first nameserver listed in /etc/resolv.conf.   Have you checked how long
> that takes to look up a (non-cached!) record?

I tried switching the order of the nameservers, no luck. Tried adding a new
nameserver (public nameserver), lo luck. Still getting:
---------
debug: RBL: success for 0 of 12 queries
debug: DNS: timeout for rfci_envfrom after 20 seconds
debug: DNS: timeout for NO_DNS_FOR_FROM after 20 seconds
---------
Does Net::DNS even look in resolv.conf? There seems to be some links to a
file called ".resolv.conf". I wonder if Net::DNS isn't even looking there?