You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2009/05/13 06:15:41 UTC
[Bug 6112] New: non-RBL DNS timeouts
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6112
Summary: non-RBL DNS timeouts
Product: Spamassassin
Version: 3.2.5
Platform: Other
OS/Version: All
Status: NEW
Severity: normal
Priority: P5
Component: Libraries
AssignedTo: dev@spamassassin.apache.org
ReportedBy: jhaar@trimble.co.nz
Hi there
I just had some casino spam get into my INBOX. Running "spamassassin -D" took
over *TWO MINUTES* and contains the lines:
[14167] dbg: async: completed in 136.660 s: NO_DNS_FOR_FROM, DNSBL-A,
dns:A:yapost.com
[14167] dbg: async: completed in 136.659 s: NO_DNS_FOR_FROM, DNSBL-MX,
dns:MX:yapost.com
[14167] dbg: async: timing: 136.659 . dns:MX:yapost.com
[14167] dbg: async: timing: 136.660 . dns:A:yapost.com
Sure enough, the "yapost" domain has 4 NS records and none are working.
Whatever is happening also seems to mean our DNS servers cannot cache this
failure - so every lookup goes through the entire cycle again and again (ie
yes, we have local cache DNS servers).
Shouldn't there be a SA option to set the max timeouts of "generic" DNS
lookups? (like dns_timeout 15).
More info. Net::DNS::Resolver defaults to 120s for TCP-based lookups, so I
thought that might be the cause. I edited Net/Resolver/Base.pm directly and
changed the default to "10" and it made no difference - so that's not it.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 6112] non-RBL DNS timeouts
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6112
Karsten Bräckelmann <gu...@rudersport.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
--- Comment #7 from Karsten Bräckelmann <gu...@rudersport.de> 2009-06-09 06:20:56 PST ---
(In reply to comment #5)
> We use Botnet-0.8, and that's where the issue is! The moment I rename
> Botnet.cf, this issue disappears!
Good catch. Not a SA bug but an issue with a third-party plugin. Closing
RESOLVED INVALID.
The link in comment 6 doesn't only mention the issue, but also contains a fix.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 6112] non-RBL DNS timeouts
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6112
--- Comment #3 from Jason Haar <jh...@trimble.co.nz> 2009-05-17 19:45:17 PST ---
Created an attachment (id=4447)
--> (https://issues.apache.org/SpamAssassin/attachment.cgi?id=4447)
spam causing dns timeouts
...and here's another - the domain hurting.com seems to be the culprit in this
one.
Even after repeatedly running it from SA-3.2.5 with a local caching DNS server,
it still takes > 145 sec
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 6112] non-RBL DNS timeouts
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6112
--- Comment #6 from Henrik Krohns <he...@hege.li> 2009-06-08 20:00:47 PST ---
It's something that Mr Rudd hasn't bothered to fix yet.
http://www.mail-archive.com/users@spamassassin.apache.org/msg53371.html
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 6112] non-RBL DNS timeouts
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6112
Justin Mason <jm...@jmason.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|Undefined |3.3.0
--- Comment #1 from Justin Mason <jm...@jmason.org> 2009-05-13 02:01:47 PST ---
Jason, can you share the sample?
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 6112] non-RBL DNS timeouts
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6112
--- Comment #4 from Jason Haar <jh...@trimble.co.nz> 2009-06-08 17:31:44 PST ---
Is there anything else you need (besides time!)?
We are continually getting hit by this. Some appreciable non-zero percentage of
spam basically bypasses SA as it isn't aggressive enough in these non-RBL
timeouts
As a good example, just now I personally ended up with a spam message in my
inbox - again from yapost.com! I initially thought the spammers were setting up
throwaway domains, but this is now nearly a month since I reported it and the
domain still exists and is involved in spam - and yet the DNS servers don't
respond. I guess they shouldn't break something that works for them eh? :-(
Thanks
Jason
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 6112] non-RBL DNS timeouts
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6112
--- Comment #2 from Jason Haar <jh...@trimble.co.nz> 2009-05-13 03:57:31 PST ---
Created an attachment (id=4445)
--> (https://issues.apache.org/SpamAssassin/attachment.cgi?id=4445)
sample spam showing DNS issue
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
Re: [Bug 6112] non-RBL DNS timeouts
Posted by John Hardin <jh...@impsec.org>.
On Mon, 8 Jun 2009, bugzilla-daemon@issues.apache.org wrote:
> https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6112
>
> --- Comment #5 from Jason Haar <jh...@trimble.co.nz> 2009-06-08 18:16:45 PST ---
> John Hardin just responded, and whilst researching his query I came across an
> important point.
>
> We use Botnet-0.8, and that's where the issue is! The moment I rename
> Botnet.cf, this issue disappears!
>
> It appears Botnet uses some different DNS calls or something and is
> really impacted by such DNS calls?
>
> Anyway, I'm disabling Botnet for the moment, I'm sure John will have a
> more direct interest in this ticket now ;-)
>
> Jason
Heh. No, I'm not associated with Botnet in any way... :)
I don't recall off the top of my head who owns it, but you might post a
note about this problem on the users list so that he will see it.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Liberals love sex ed because it teaches kids to be safe around their
sex organs. Conservatives love gun education because it teaches kids
to be safe around guns. However, both believe that the other's
education goals lead to dangers too terrible to contemplate.
-----------------------------------------------------------------------
49 days since 9th Circuit incorporated 2nd Amdt - MSM still silent
[Bug 6112] non-RBL DNS timeouts
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6112
--- Comment #5 from Jason Haar <jh...@trimble.co.nz> 2009-06-08 18:16:45 PST ---
John Hardin just responded, and whilst researching his query I came across an
important point.
We use Botnet-0.8, and that's where the issue is! The moment I rename
Botnet.cf, this issue disappears!
It appears Botnet uses some different DNS calls or something and is really
impacted by such DNS calls?
Anyway, I'm disabling Botnet for the moment, I'm sure John will have a more
direct interest in this ticket now ;-)
Jason
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.