You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Andrea Bencini <an...@tin.it> on 2006/04/06 18:04:45 UTC

blacklist-database

I installed spamassassin-3.0.4
I would like to test if the e-mails, MTA receives, are spam using
20_dnsbl_test.cf.
Suppose my MTA receives an e-mail pippo@thisisblacklist.com and the domain
"thisisblacklist.com" is in the database of dnsbl.njabl.org.
How do I to see if my spamassassin checks in dnsbl.njabl.org or in other
database?
In my local.cf I have
use_bayes 1
skip_rbl_checks 0
What other parameters do I have to set?
Thank
Andrea

Re: blacklist-database

Posted by Matt Kettler <mk...@evi-inc.com>.

Andrea Bencini wrote:
> I installed spamassassin-3.0.4

Why did you install an already outdated version? We're on 3.1.1 now...

> I would like to test if the e-mails, MTA receives, are spam using
> 20_dnsbl_test.cf.
> Suppose my MTA receives an e-mail pippo@thisisblacklist.com and the domain
> "thisisblacklist.com" is in the database of dnsbl.njabl.org.
> How do I to see if my spamassassin checks in dnsbl.njabl.org or in other
> database?

SA does not check email addresses against blacklists. Most DNS blacklists list
IP addresses, not domains.

DNS blacklists are also designed to list the IPs of systems SENDING spam, not
inbound MXes. So, even if you did a MX lookup on "thisisblacklist.com" you would
not always get the correct IP. (note that this email is sent by 208.39.141.86,
but the MX for evi-inc.com is 208.39.141.94)

Thirdly, in the case of spam, the email address is forged 99.99% of the time, so
 again you'd be looking at the wrong target.

Thus, checking the domain part of a From: or Return-Path: against DNSBLs is a
complete waste of time.

SpamAssassin checks hosts in the Received: headers against blacklists. This
lines up with the data hosted by the DNSBLs, and accurately captures at least
the host which dropped mail off at your network as being the true relay for the
spam.

As for checking to see if it's working:

1) you must have the perl module Net::DNS installed.. If you do not, then
they're disabled no matter what your config says.

2) run spamassassin --lint -D. Check for a debug message indicating if DNS is
available.

3) look for rule hits starting with "RCVD_IN_" in your logs or X-Spam-Status
headers.