You are viewing a plain text version of this content. The canonical link for it is here.
Posted to ruleqa@spamassassin.apache.org by Axb <ax...@gmail.com> on 2014/11/09 13:32:58 UTC
URIBL_BLOCKED
Guys,
these net masscheck owner's lookups are being blocked by URIBL.
URIBL_BLOCKED dwarren [corpus]
URIBL_BLOCKED mas-cps [corpus]
URIBL_BLOCKED mas-mas [corpus]
(source: http://ruleqa.spamassassin.org/20141108-r1637525-n/c/detail)
seems you may need to look into your resolver setup to avoid this as
this may also affect your mail traffic's spam detection
If you can't get a non blocked resolver, please add the following line
to your masschecks options
dns_query_restriction deny multi.uribl.com
Thx
Alex
Re: URIBL_BLOCKED
Posted by Axb <ax...@gmail.com>.
On 11/16/2014 10:27 PM, Benny Pedersen wrote:
> On November 16, 2014 9:48:54 PM Dave Warren <da...@hireahit.com> wrote:
>
>> /root/masscheckwork/weekly_mass_check/masses/../lib/Mail/SpamAssassin/Util.pm
>>
>> line 1528.
>>
>> I'll bump up the RAM and see if that makes a difference. CPU wise, I was
>> only little over 70% utilization, but I may throw another core at it too
>> just to see if that makes a difference.
>
> Should pyzor, dcc and other digest checking not be disabled for
> masschecking ?
Saturday masscheck (--net) should include network tests
Re: URIBL_BLOCKED
Posted by Dave Warren <da...@hireahit.com>.
On 2014-11-16 13:27, Benny Pedersen wrote:
> On November 16, 2014 9:48:54 PM Dave Warren <da...@hireahit.com> wrote:
>
>> /root/masscheckwork/weekly_mass_check/masses/../lib/Mail/SpamAssassin/Util.pm
>>
>> line 1528.
>>
>> I'll bump up the RAM and see if that makes a difference. CPU wise, I was
>> only little over 70% utilization, but I may throw another core at it too
>> just to see if that makes a difference.
>
> Should pyzor, dcc and other digest checking not be disabled for
> masschecking ?
Not a clue, my configuration is a bog standard install, plus a masscheck
configuration on top, but I'd expect that if so, shouldn't the masscheck
scripts set it as such?
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
Re: URIBL_BLOCKED
Posted by Axb <ax...@gmail.com>.
On 11/16/2014 11:47 PM, Marc Andre Selig wrote:
> On Sun, Nov 16, 2014 at 10:27:23PM +0100, Benny Pedersen wrote:
>
>> Should pyzor, dcc and other digest checking not be disabled for masschecking ?
>
> According to <https://wiki.apache.org/spamassassin/MassCheck> and
> <http://svn.apache.org/viewvc/spamassassin/trunk/masses/contrib/automasscheck-minimal/automasscheck-minimal.sh?view=co>
> (as of 2014-11-16), they should be enabled.
>
> Now whether it actually makes sense to have them
> enabled for mass-check is another question. The answer
> to that probably depends on how long checksums are kept.
> <http://ruleqa.spamassassin.org/20141115-r1639843-n/PYZOR_CHECK/detail>
> seems to say "long enough". :)
>
> Regards,
> Marc
>
automasscheck-minimal.sh
elif date +%w |grep -q ^6; then
# If Saturday, run the weekly_mass_check
TYPE=weekly_mass_check
echo "Syncing $TYPE"
rsync -qrz --delete
rsync://rsync.spamassassin.org/tagged_builds/$TYPE/ $WORKDIR/$TYPE/
retval=$?
JOBS=8
NET=--net
LOGTYPE=net-
RSYNCMOD=corpus
this enables network test on Sat. (eekly_mass_check)
Re: URIBL_BLOCKED
Posted by Marc Andre Selig <a2...@sedacon.com>.
On Sun, Nov 16, 2014 at 10:27:23PM +0100, Benny Pedersen wrote:
> Should pyzor, dcc and other digest checking not be disabled for masschecking ?
According to <https://wiki.apache.org/spamassassin/MassCheck> and
<http://svn.apache.org/viewvc/spamassassin/trunk/masses/contrib/automasscheck-minimal/automasscheck-minimal.sh?view=co>
(as of 2014-11-16), they should be enabled.
Now whether it actually makes sense to have them
enabled for mass-check is another question. The answer
to that probably depends on how long checksums are kept.
<http://ruleqa.spamassassin.org/20141115-r1639843-n/PYZOR_CHECK/detail>
seems to say "long enough". :)
Regards,
Marc
Re: URIBL_BLOCKED
Posted by Benny Pedersen <me...@junc.eu>.
On November 16, 2014 9:48:54 PM Dave Warren <da...@hireahit.com> wrote:
> /root/masscheckwork/weekly_mass_check/masses/../lib/Mail/SpamAssassin/Util.pm
> line 1528.
>
> I'll bump up the RAM and see if that makes a difference. CPU wise, I was
> only little over 70% utilization, but I may throw another core at it too
> just to see if that makes a difference.
Should pyzor, dcc and other digest checking not be disabled for masschecking ?
Re: URIBL_BLOCKED
Posted by Dave Warren <da...@hireahit.com>.
On 2014-11-09 14:48, Dave Warren wrote:
> On 2014-11-09 04:32, Axb wrote:
>> these net masscheck owner's lookups are being blocked by URIBL.
>>
>> URIBL_BLOCKED dwarren [corpus]
>
> I don't seem to be blocked when I look today, I run unbound as a
> resolver (no forwarding) on localhost, and it's a box dedicated to
> masscheck, not part of my mail server's SpamAssassin configuration.
> <...>
>> seems you may need to look into your resolver setup to avoid this as
>> this may also affect your mail traffic's spam detection
>>
>> If you can't get a non blocked resolver, please add the following
>> line to your masschecks options
>>
>> dns_query_restriction deny multi.uribl.com
>
>
> Aside from whatever traffic SA's masscheck generates, I wouldn't
> expect any DNSBL traffic at all from this box, so there shouldn't be
> any reason for it to be blocked.
>
> Should I see what happens next week? Or can I safely run the weekly
> run again without screwing up anything on SA's side?
>
I got the logs for this run and I seem to have tons of memory errors...
This Saturday's run took over 24 hours for me.
pyzor: check failed: util: cannot fork: Can't fork: Cannot allocate
memory at
/root/masscheckwork/weekly_mass_check/masses/../lib/Mail/SpamAssassin/Util.pm
line 1525. at
/root/masscheckwork/weekly_mass_check/masses/../lib/Mail/SpamAssassin/Util.pm
line 1528.
I'll bump up the RAM and see if that makes a difference. CPU wise, I was
only little over 70% utilization, but I may throw another core at it too
just to see if that makes a difference.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
Re: URIBL_BLOCKED
Posted by Dave Warren <da...@hireahit.com>.
On 2014-11-09 04:32, Axb wrote:
> these net masscheck owner's lookups are being blocked by URIBL.
>
> URIBL_BLOCKED dwarren [corpus]
I don't seem to be blocked when I look today, I run unbound as a
resolver (no forwarding) on localhost, and it's a box dedicated to
masscheck, not part of my mail server's SpamAssassin configuration.
# host -tA 2.0.0.127.multi.uribl.com
2.0.0.127.multi.uribl.com has address 127.0.0.1
# host -tA blocked.uribl.com
Host blocked.uribl.com not found: 3(NXDOMAIN)
# cat /etc/resolv.conf
nameserver 127.0.0.1
# cat /etc/unbound/unbound.conf
server:
access-control: 127.0.0.0/8 allow
interface: 127.0.0.1
harden-glue: yes
do-not-query-address: 127.0.0.1/8
do-not-query-localhost: yes
do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
harden-glue: yes
cache-min-ttl: 30
num-threads: 1
val-clean-additional: yes
auto-trust-anchor-file: root.key
root-hints: root.hints
prefetch: yes
remote-control:
control-enable: yes
control-interface: 127.0.0.1
control-port: 953
server-key-file: "/etc/unbound/unbound_server.key"
server-cert-file: "/etc/unbound/unbound_server.pem"
control-key-file: "/etc/unbound/unbound_control.key"
control-cert-file: "/etc/unbound/unbound_control.pem"
> seems you may need to look into your resolver setup to avoid this as
> this may also affect your mail traffic's spam detection
>
> If you can't get a non blocked resolver, please add the following line
> to your masschecks options
>
> dns_query_restriction deny multi.uribl.com
Aside from whatever traffic SA's masscheck generates, I wouldn't expect
any DNSBL traffic at all from this box, so there shouldn't be any reason
for it to be blocked.
Should I see what happens next week? Or can I safely run the weekly run
again without screwing up anything on SA's side?
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
Re: URIBL_BLOCKED
Posted by Marc Andre Selig <a2...@sedacon.com>.
On Sun, Nov 09, 2014 at 03:17:04PM +0100, Axb wrote:
> you can test with
>
> # host -tA 2.0.0.127.multi.uribl.com
> 2.0.0.127.multi.uribl.com has address 127.0.0.14
Thanks, I figured as much from their web site. Looking at the txt
record was even more helpful: It shows the actual resolver used, which
is how I learned dnsmasq is just a forwarder, not a recursive resolver
(makes sense, though).
I did not take the time to find out why having --reuse in the mass-check
command line does not prevent the problem, as the machine receiving
mail for these corpora has had a recursive resolver of its own for a
long time, and it definitely includes URIBL_* (not URIBL_BLOCKED) in
SpamAssassin headers. Anywhere obvious I should be looking?
Regards,
Marc
Re: URIBL_BLOCKED
Posted by Axb <ax...@gmail.com>.
On 11/09/2014 02:41 PM, Marc Andre Selig wrote:
> On Sun, Nov 09, 2014 at 01:32:58PM +0100, Axb wrote:
>
>> these net masscheck owner's lookups are being blocked by URIBL.
> [...]
>> URIBL_BLOCKED mas-cps [corpus]
>> URIBL_BLOCKED mas-mas [corpus]
>
> Thanks for the alert. I have now set up a recursive nameserver on the
> machine running these mass-checks to (hopefully) get around this problem.
>
> Regards,
> Marc
>
you can test with
# host -tA 2.0.0.127.multi.uribl.com
2.0.0.127.multi.uribl.com has address 127.0.0.14
if you're not blocked:
host -tA blocked.uribl.com
Host blocked.uribl.com not found: 3(NXDOMAIN)
if blocked you'll see
blocked.uribl.com has address 127.0.0.255
Re: URIBL_BLOCKED
Posted by Marc Andre Selig <a2...@sedacon.com>.
On Sun, Nov 09, 2014 at 01:32:58PM +0100, Axb wrote:
> these net masscheck owner's lookups are being blocked by URIBL.
[...]
> URIBL_BLOCKED mas-cps [corpus]
> URIBL_BLOCKED mas-mas [corpus]
Thanks for the alert. I have now set up a recursive nameserver on the
machine running these mass-checks to (hopefully) get around this problem.
Regards,
Marc