You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by DAve <da...@pixelhammer.com> on 2008/05/23 16:32:25 UTC
Testing DNSRBLs using SA
Good morning all,
I am trying to use SA to test a DNSBL and I am not having any luck
getting the rule to hit. I've looked through 20_dnsbl_tests.cf, and read
the appropriate section in the docs.
http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Conf.html#rule_definitions_and_privileged_settings
Here is what I have currently,
header RCVD_IN_SIP eval:check_rbl('sip', 'sip.invaluement.com.')
describe RCVD_IN_SIP sender is known in Invaluement list
tflags RCVD_IN_SIP net
score RCVD_IN_SIP 0.01
And yes, when I query my rbldnsd server from the server running SA with
an IP known to be in the list, I do get the proper response.
Anyone see a flaw in this concept?
Thanks,
DAve
--
In 50 years, our descendants will look back on the early years
of the internet, and much like we now look back on men with
rockets on their back and feathers glued to their arms, marvel
that we had the intelligence to wipe the drool from our chins.
Re: Testing DNSRBLs using SA
Posted by DAve <da...@pixelhammer.com>.
DAve wrote:
> D Hill wrote:
>> To me that rule looks fine. Perhaps your testing is completely within
>> your trusted path? Feed the message with SpamAssassin with the -D
>> debug switch to see for sure.
>
> That is how I have been testing it.
>
> spamassassin -D < test-mail 2>&1 | grep invaluement
>
> No joy, no real clue where to check next. Here is a link to the rule,
> message, and results from spamassassin debug.
>
> http://pixelhammer.com/Dan/dnsbl_rule_test.txt
PEBKAC!
#skip_rbl_checks 1
Works now.
DAve
--
In 50 years, our descendants will look back on the early years
of the internet, and much like we now look back on men with
rockets on their back and feathers glued to their arms, marvel
that we had the intelligence to wipe the drool from our chins.
Re: Testing DNSRBLs using SA
Posted by DAve <da...@pixelhammer.com>.
D Hill wrote:
> On Fri, 23 May 2008 at 10:32 -0400, dave.list@pixelhammer.com confabulated:
>
>> Good morning all,
>>
>> I am trying to use SA to test a DNSBL and I am not having any luck
>> getting the rule to hit. I've looked through 20_dnsbl_tests.cf, and
>> read the appropriate section in the docs.
>>
>> http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Conf.html#rule_definitions_and_privileged_settings
>>
>>
>> Here is what I have currently,
>>
>> header RCVD_IN_SIP eval:check_rbl('sip', 'sip.invaluement.com.')
>> describe RCVD_IN_SIP sender is known in Invaluement list
>> tflags RCVD_IN_SIP net
>> score RCVD_IN_SIP 0.01
>>
>> And yes, when I query my rbldnsd server from the server running SA
>> with an IP known to be in the list, I do get the proper response.
>>
>> Anyone see a flaw in this concept?
>
> To me that rule looks fine. Perhaps your testing is completely within
> your trusted path? Feed the message with SpamAssassin with the -D debug
> switch to see for sure.
That is how I have been testing it.
spamassassin -D < test-mail 2>&1 | grep invaluement
No joy, no real clue where to check next. Here is a link to the rule,
message, and results from spamassassin debug.
http://pixelhammer.com/Dan/dnsbl_rule_test.txt
DAve
--
In 50 years, our descendants will look back on the early years
of the internet, and much like we now look back on men with
rockets on their back and feathers glued to their arms, marvel
that we had the intelligence to wipe the drool from our chins.
Re: Testing DNSRBLs using SA
Posted by D Hill <d....@yournetplus.com>.
On Fri, 23 May 2008 at 10:32 -0400, dave.list@pixelhammer.com confabulated:
> Good morning all,
>
> I am trying to use SA to test a DNSBL and I am not having any luck getting
> the rule to hit. I've looked through 20_dnsbl_tests.cf, and read the
> appropriate section in the docs.
>
> http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Conf.html#rule_definitions_and_privileged_settings
>
> Here is what I have currently,
>
> header RCVD_IN_SIP eval:check_rbl('sip', 'sip.invaluement.com.')
> describe RCVD_IN_SIP sender is known in Invaluement list
> tflags RCVD_IN_SIP net
> score RCVD_IN_SIP 0.01
>
> And yes, when I query my rbldnsd server from the server running SA with an IP
> known to be in the list, I do get the proper response.
>
> Anyone see a flaw in this concept?
To me that rule looks fine. Perhaps your testing is completely within your
trusted path? Feed the message with SpamAssassin with the -D debug switch
to see for sure.
Re: Testing DNSRBLs using SA
Posted by DAve <da...@pixelhammer.com>.
Rob McEwen wrote:
> DAve wrote:
>> I am trying to use SA to test a DNSBL
>> <SNIP>
> PLEASE--note that direct queries to the invaluement.com DNSBLs will
> *always* fail.
>
> These are *only* available via RSYNC. So please don't try to add SIP to
> your RBL list... it won't work!!!
>
> (Dave knows this... I'm just mentioning this for others' benefit.)
>
> <embarrassed>and I'm not sure what the problem is with Dave's config. I
> use SA for some spam filtering tasks. But most of my own spam filtering
> is custom written and, therefore, I don't use SA for DNSBL lookups...
> which is why I'm sometimes caught off-guard regarding SA's dnsbl
> implemenations.</embarrassed>
>
Sorry Rob, I should have mentioned that so no one tried to duplicate my
rule and test it.
DAve
--
In 50 years, our descendants will look back on the early years
of the internet, and much like we now look back on men with
rockets on their back and feathers glued to their arms, marvel
that we had the intelligence to wipe the drool from our chins.
Re: Testing DNSRBLs using SA
Posted by Rob McEwen <ro...@invaluement.com>.
DAve wrote:
> I am trying to use SA to test a DNSBL
> <SNIP>
PLEASE--note that direct queries to the invaluement.com DNSBLs will
*always* fail.
These are *only* available via RSYNC. So please don't try to add SIP to
your RBL list... it won't work!!!
(Dave knows this... I'm just mentioning this for others' benefit.)
<embarrassed>and I'm not sure what the problem is with Dave's config. I
use SA for some spam filtering tasks. But most of my own spam filtering
is custom written and, therefore, I don't use SA for DNSBL lookups...
which is why I'm sometimes caught off-guard regarding SA's dnsbl
implemenations.</embarrassed>
Rob McEwen
RE: Testing DNSRBLs using SA
Posted by Robert - elists <li...@abbacomm.net>.
>
> I am trying to use SA to test a DNSBL and I am not having any luck
> getting the rule to hit. I've looked through 20_dnsbl_tests.cf, and read
> the appropriate section in the docs.
>
> http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Conf.html#
> rule_definitions_and_privileged_settings
>
> Here is what I have currently,
>
> header RCVD_IN_SIP eval:check_rbl('sip', 'sip.invaluement.com.')
> describe RCVD_IN_SIP sender is known in Invaluement list
> tflags RCVD_IN_SIP net
> score RCVD_IN_SIP 0.01
>
> And yes, when I query my rbldnsd server from the server running SA with
> an IP known to be in the list, I do get the proper response.
>
> Anyone see a flaw in this concept?
>
> Thanks,
>
> Dave
Dave
If you are really trying to probe the local sip zone data, make it local and
create a local zone with a name something like...
sip.invaluement.local
not .com even though it might work, it creates confusion...
even though you can be locally, your name servers are not authoritive for
invaluement.com zone.
next, as I understand it, the sip zone is ip addresses only.... is that what
you are trying to check?
You can also look at the rbldnsd logs to see what is happening as well.
- rh