SA not performing DNSBL queries correctly

[Sebastian Arcus <s....@open-t.co.uk>]

I have 2 servers with SA 3.4.1 running on Slackware, with Bind in 
caching/recursive mode. For months one of them has been unable to 
correctly do dns blocklists (but the queries are not blocked). I have 
pored over the logs, and the main difference is that, although both of 
them pick up on the bad urls in the body of the message, the bad server 
is unable to resolve the url to an IP address for some reason (but dig 
works fine on the command line on both servers):

On the good server:

dbg: uridnsbl: complete_ns_lookup NS:spamdomain.com
dbg: uridnsbl: got(1) NS for spamdomain.com: spamdomain.com. 45 IN NS 
ns3.bkdns.vn.
</snip>
dbg: uridnsbl: complete_a_lookup A:spamdomain.com
dbg: uridnsbl: complete_a_lookup got(1) A for spamdomain.com: 
spamdomain.com. 45 IN A 1.2.3.4

On the broken server I only get:

dbg: uridnsbl: complete_ns_lookup NS:spamdomain.com
dbg: dns: dns reply 62167 is OK, 0 answer records
dbg: async: calling callback on key A:spamdomain.com
dbg: uridnsbl: complete_a_lookup A:spamdomain.com
dbg: dns: dns reply 36552 is OK, 0 answer records

Would anybody know why the broken server is unable to resolve domains to 
IP's in SA (but works ok through dig)? There are no error messages 
anywhere that I can find and spamassassin -D --lint is not complaining 
of anything.

Re: SA not performing DNSBL queries correctly

[Sebastian Arcus <s....@open-t.co.uk>]

On 17/05/17 18:11, Sebastian Arcus wrote:
> 
> 
> 
> On 17/05/17 16:53, David Mehler wrote:
>> Hi,
>>
>> I don't see your SA issue here, but since your running 3.41 can I get
>> a look at your SA configuration to compare against mine?
>> Thanks.
>> Dave.
> 
> Yes - you are correct. As I pointed out in my last email, it looks like 
> there might be an issue with the package supplied by Slackware at 
> slackbuilds.org - and I am chasing it up with them there. But thanks to 
> the advice on this list, I've managed to narrow things down - so I am 
> grateful for the hints.


Just a follow-up and clarification on this issue - after more testing, 
it seems that it was the Spamassassin version which was the problem. I 
have had to upgrade SA on 7 servers running 3.4.1 on Slackware - as the 
dns rbl's weren't working on any of them. The only server I had with SA 
3.4.0 *was* actually working correctly. After upgrading all the boxes to 
4.0.0, the dns rbl's are now working correctly. I have *not* changed any 
configuration options in SA - I left all the servers as they were in 
this respect - so it seems it was not a configuration issue.

I'm afraid I haven't been able to narrow it down further than this. The 
servers were all running various kernels, both x86 and x86_64 
architectures, and several different versions of Perl - so I would guess 
the SA version was the common factor and the likely culprit.

Re: SA not performing DNSBL queries correctly

[Sebastian Arcus <s....@open-t.co.uk>]

On 17/05/17 16:53, David Mehler wrote:
> Hi,
> 
> I don't see your SA issue here, but since your running 3.41 can I get
> a look at your SA configuration to compare against mine?
> Thanks.
> Dave.

Yes - you are correct. As I pointed out in my last email, it looks like 
there might be an issue with the package supplied by Slackware at 
slackbuilds.org - and I am chasing it up with them there. But thanks to 
the advice on this list, I've managed to narrow things down - so I am 
grateful for the hints.




> 
> 
> On 5/17/17, Sebastian Arcus <s....@open-t.co.uk> wrote:
>> On 17/05/17 14:54, Sebastian Arcus wrote:
>>> On 17/05/17 14:21, Kevin A. McGrail wrote:
>>>> On 5/17/2017 8:22 AM, Sebastian Arcus wrote:
>>>>> I have 2 servers with SA 3.4.1 running on Slackware, with Bind in
>>>>> caching/recursive mode. For months one of them has been unable to
>>>>> correctly do dns blocklists (but the queries are not blocked). I have
>>>>> pored over the logs, and the main difference is that, although both
>>>>> of them pick up on the bad urls in the body of the message, the bad
>>>>> server is unable to resolve the url to an IP address for some reason
>>>>> (but dig works fine on the command line on both servers):
>>>> What version of Net::DNS on the two boxes?  Does the 3.4 branch from
>>>> SVN work?
>>>>
>>>> There have been changes to Net::DNS that are my likely first guess.
>>>
>>> Thank you for the suggestion. I have Net::DNS 1.10. I have just
>>> recompiled SA from SVN and it is using dnsrbl's correctly. Have there
>>> been some changes in the way SA works recently?
>>
>> A small update to this - I recompiled 3.4.1 by hand - and this is
>> working fine as well. This would suggest that the Slackware package is
>> somehow the problem - unless it is all coincidental and I am somehow
>> chasing my own tail. I will update here if I find out more. Thank you
>> again for the suggestion.
>>

Re: SA not performing DNSBL queries correctly

[Sebastian Arcus <s....@open-t.co.uk>]

On 17/05/17 14:54, Sebastian Arcus wrote:
> On 17/05/17 14:21, Kevin A. McGrail wrote:
>> On 5/17/2017 8:22 AM, Sebastian Arcus wrote:
>>> I have 2 servers with SA 3.4.1 running on Slackware, with Bind in 
>>> caching/recursive mode. For months one of them has been unable to 
>>> correctly do dns blocklists (but the queries are not blocked). I have 
>>> pored over the logs, and the main difference is that, although both 
>>> of them pick up on the bad urls in the body of the message, the bad 
>>> server is unable to resolve the url to an IP address for some reason 
>>> (but dig works fine on the command line on both servers): 
>> What version of Net::DNS on the two boxes?  Does the 3.4 branch from 
>> SVN work?
>>
>> There have been changes to Net::DNS that are my likely first guess.
> 
> Thank you for the suggestion. I have Net::DNS 1.10. I have just 
> recompiled SA from SVN and it is using dnsrbl's correctly. Have there 
> been some changes in the way SA works recently?

A small update to this - I recompiled 3.4.1 by hand - and this is 
working fine as well. This would suggest that the Slackware package is 
somehow the problem - unless it is all coincidental and I am somehow 
chasing my own tail. I will update here if I find out more. Thank you 
again for the suggestion.

Re: SA not performing DNSBL queries correctly

[Sebastian Arcus <s....@open-t.co.uk>]

On 17/05/17 14:21, Kevin A. McGrail wrote:
> On 5/17/2017 8:22 AM, Sebastian Arcus wrote:
>> I have 2 servers with SA 3.4.1 running on Slackware, with Bind in 
>> caching/recursive mode. For months one of them has been unable to 
>> correctly do dns blocklists (but the queries are not blocked). I have 
>> pored over the logs, and the main difference is that, although both of 
>> them pick up on the bad urls in the body of the message, the bad 
>> server is unable to resolve the url to an IP address for some reason 
>> (but dig works fine on the command line on both servers): 
> What version of Net::DNS on the two boxes?  Does the 3.4 branch from SVN 
> work?
> 
> There have been changes to Net::DNS that are my likely first guess.

Thank you for the suggestion. I have Net::DNS 1.10. I have just 
recompiled SA from SVN and it is using dnsrbl's correctly. Have there 
been some changes in the way SA works recently?