Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: SpamAssassin: users

DnsBlocklists not working?

  

 
SpamAssassin users RSS feed   Index | Next | Previous | View Threaded


mangoo at wpkg

Oct 9, 2008, 3:07 AM

Post #1 of 14 (274 views)
Permalink
DnsBlocklists not working?
I have a mail setup, where the SMTP server (Postfix) is running on a
machine with a public IP address, and amavisd-new and spamassassin are
running on a "filter" server in a private LAN.

Basically, "mail" server receives mail via SMTP, and the mails are
checked on another machine.

I think DnsBlocklists tests are not working, i.e. if I connect and send
an email via telnet from my home ADSL address (which is listed on
Spamhaus' PBL), I don't see the mail gets any extra points.

What should I correct in my configuration? According to
http://wiki.apache.org/spamassassin/DnsBlocklists, I should "make sure
that SpamAssassin is resolving the gateway to its external address".
What does it mean?


--
Tomasz Chmielewski
http://wpkg.org


Dan.McDonald at austinenergy

Oct 9, 2008, 5:16 AM

Post #2 of 14 (261 views)
Permalink
Re: DnsBlocklists not working? [In reply to]
On Thu, 2008-10-09 at 12:07 +0200, Tomasz Chmielewski wrote:
> I have a mail setup, where the SMTP server (Postfix) is running on a
> machine with a public IP address, and amavisd-new and spamassassin are
> running on a "filter" server in a private LAN.

You need to add the public and private IP's of your external box to
trusted_networks.

--
Daniel J McDonald, CCIE #2495, CISSP #78281, CNX
Austin Energy
http://www.austinenergy.com
Attachments: signature.asc (0.19 KB)


mangoo at wpkg

Oct 9, 2008, 5:32 AM

Post #3 of 14 (261 views)
Permalink
Re: DnsBlocklists not working? [In reply to]
McDonald, Dan schrieb:
> On Thu, 2008-10-09 at 12:07 +0200, Tomasz Chmielewski wrote:
>> I have a mail setup, where the SMTP server (Postfix) is running on a
>> machine with a public IP address, and amavisd-new and spamassassin are
>> running on a "filter" server in a private LAN.
>
> You need to add the public and private IP's of your external box to
> trusted_networks.

In local.cf, I already have:


trusted_networks 192.168.113.
trusted_networks my_external_ip
internal_networks 192.168.113.


But it doesn't change anything.


This is the full mail (headers + body) I sent via telnet from a IP address listed on a PBL.
As you can see, it was received from 77.180.129.147, but no extra headers were added:

From - Thu Oct 9 14:28:02 2008
X-Account-Key: account1
X-UIDL: 1109091121.33953
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path: <tch[at]dupa.com>
Received: from imap1.syneticon.net (imap1.syneticon.net [192.168.113.5])
by imap1 (Cyrus v2.3.11-Mandriva-RPM-2.3.11-6mdv2008.1) with LMTPA;
Thu, 09 Oct 2008 14:23:31 +0200
X-Sieve: CMU Sieve 2.3
Received: from mx03.syneticon.net (postfix1.syneticon.net [192.168.113.4])
by imap1.syneticon.net (Postfix) with ESMTP id 591E3934DF
for <tch[at]wpkg.org>; Thu, 9 Oct 2008 14:23:31 +0200 (CEST)
Received: from localhost (filter1.syneticon.net [192.168.113.3])
by mx03.syneticon.net (Postfix) with ESMTP id 462A395CD
for <tch[at]wpkg.org>; Thu, 9 Oct 2008 14:23:31 +0200 (CEST)
X-Quarantine-ID: <KAdQG0FzftNK>
X-Virus-Scanned: amavisd-new at mx03.syneticon.net
X-Amavis-Alert: BAD HEADER, Missing required header field: "Date"
X-Spam-Flag: NO
X-Spam-Score: 1.11
X-Spam-Level: *
X-Spam-Status: No, score=1.11 tagged_above=-10 required=4.9
tests=[BAYES_40=-0.185, L_P0F_UNKN=0.001, MISSING_DATE=0.001,
MISSING_HEADERS=1.292, MISSING_MID=0.001]
X-Amavis-OS-Fingerprint: UNKNOWN [S4:53:1:60:S,T,M1452,N,W6:.:?:?] (NAT!) (up:
62 hrs), (link: pppoe (DSL)), [77.180.129.147]
Received: from mx03.syneticon.net ([192.168.113.4])
by localhost (mx03.syneticon.net [192.168.113.3]) (amavisd-new, port 10025)
with ESMTP id KAdQG0FzftNK for <tch[at]wpkg.org>;
Thu, 9 Oct 2008 14:23:18 +0200 (CEST)
Received: from tomek (koln-4db48193.pool.einsundeins.de [77.180.129.147])
by mx03.syneticon.net (Postfix) with SMTP
for <tch[at]wpkg.org>; Thu, 9 Oct 2008 14:23:15 +0200 (CEST)
Subject: test
Message-Id: <20081009122331.462A395CD[at]mx03.syneticon.net>
Date: Thu, 9 Oct 2008 14:23:31 +0200 (CEST)
From: tch[at]dupa.com
To: undisclosed-recipients:;

blah
s



This is the log when I start "amavisd debug-sa" - I don't see 77.180.129.147 is queried anywhere:

[25047] dbg: dns: name server: 192.168.127.2, LocalAddr: 0.0.0.0
[25047] dbg: message: main message type: text/plain
[25047] dbg: received-header: parsed as [. ip=77.180.129.147 rdns=koln-4db48193.pool.einsundeins.de helo=tomek by=mx03.syneticon.net ident= envfrom= intl=0 id= auth= msa=0 ]
[25047] dbg: received-header: relay 77.180.129.147 trusted? no internal? no msa? no
[25047] dbg: metadata: X-Spam-Relays-Trusted:
[25047] dbg: metadata: X-Spam-Relays-Untrusted: [. ip=77.180.129.147 rdns=koln-4db48193.pool.einsundeins.de helo=tomek by=mx03.syneticon.net ident= envfrom= intl=0 id= auth= msa=0 ]
[25047] dbg: metadata: X-Spam-Relays-Internal:
[25047] dbg: metadata: X-Spam-Relays-External: [. ip=77.180.129.147 rdns=koln-4db48193.pool.einsundeins.de helo=tomek by=mx03.syneticon.net ident= envfrom= intl=0 id= auth= msa=0 ]
[25047] dbg: message: ---- MIME PARSER START ----
[25047] dbg: message: parsing normal part
[25047] dbg: message: ---- MIME PARSER END ----
[25047] dbg: message: no encoding detected
[25047] dbg: textcat: message too short for language analysis
[25047] dbg: textcat: X-Languages: "", X-Languages-Length: 13
[25047] dbg: uridnsbl: domains to query:
[25047] dbg: dns: checking A and MX for host dupa.com
[25047] dbg: dns: launching DNS A query for dupa.com in background
[25047] dbg: async: starting: NO_DNS_FOR_FROM, DNSBL-A, dns:A:dupa.com (timeout 15.0s, min 3.0s)
[25047] dbg: dns: launching DNS MX query for dupa.com in background
[25047] dbg: async: starting: NO_DNS_FOR_FROM, DNSBL-MX, dns:MX:dupa.com (timeout 15.0s, min 3.0s)
[25047] dbg: check: running tests for priority: -1000
[25047] dbg: async: select found no responses ready (t.o.=0.0)
[25047] dbg: async: queries completed: 0, started: 0
[25047] dbg: async: queries active: DNSBL-A=1 DNSBL-MX=1 at Thu Oct 9 14:23:29 2008
[25047] dbg: rules: running one_line_body tests; score so far=0
[25047] dbg: rules: running head tests; score so far=0
[25047] dbg: eval: all '*From' addrs: tch[at]dupa.com
[25047] dbg: eval: all '*To' addrs: tch[at]wpkg.org
[25047] dbg: rules: running body tests; score so far=0
[25047] dbg: rules: running uri tests; score so far=0
[25047] dbg: rules: running rawbody tests; score so far=0
[25047] dbg: rules: running full tests; score so far=0
[25047] dbg: rules: running meta tests; score so far=0
[25047] dbg: check: running tests for priority: -950
[25047] dbg: rules: running one_line_body tests; score so far=0
[25047] dbg: rules: running head tests; score so far=0
[25047] dbg: rules: running body tests; score so far=0
[25047] dbg: rules: running uri tests; score so far=0
[25047] dbg: rules: running rawbody tests; score so far=0
[25047] dbg: rules: running full tests; score so far=0
[25047] dbg: rules: running meta tests; score so far=0
[25047] dbg: check: running tests for priority: -900
[25047] dbg: rules: running one_line_body tests; score so far=0
[25047] dbg: rules: running head tests; score so far=0
[25047] dbg: rules: running body tests; score so far=0
[25047] dbg: rules: running uri tests; score so far=0
[25047] dbg: rules: running rawbody tests; score so far=0
[25047] dbg: rules: running full tests; score so far=0
[25047] dbg: rules: running meta tests; score so far=0
[25047] dbg: check: running tests for priority: -400
[25047] dbg: rules: running one_line_body tests; score so far=0
[25047] dbg: rules: running head tests; score so far=0
[25047] dbg: rules: running body tests; score so far=0
[25047] dbg: rules: running uri tests; score so far=0
[25047] dbg: plugin: Mail::SpamAssassin::Plugin::WLBLEval=HASH(0xa7aa9a8) implements 'check_wb_list', priority 0
[25047] dbg: bayes: tie-ing to DB file R/O /var/lib/amavis/.spamassassin/bayes_toks
[25047] dbg: bayes: tie-ing to DB file R/O /var/lib/amavis/.spamassassin/bayes_seen
[25047] dbg: bayes: found bayes db version 3
[25047] dbg: bayes: DB journal sync: last sync: 1223552408
[25047] dbg: bayes: corpus size: nspam = 42946, nham = 148011
[25047] dbg: bayes: score = 0.309434590735524
[25047] dbg: bayes: DB journal sync: last sync: 1223552408
[25047] dbg: bayes: untie-ing
[25047] dbg: rules: running rawbody tests; score so far=0
[25047] dbg: rules: running full tests; score so far=0
[25047] dbg: rules: running meta tests; score so far=0
[25047] dbg: check: running tests for priority: 0
[25047] dbg: rules: running one_line_body tests; score so far=0
[25047] dbg: zoom: run_body_fast_scan for body_0 start
[25047] dbg: zoom: run_body_fast_scan for body_0 done
[25047] dbg: rules: running head tests; score so far=0
[25047] dbg: rules: ran header rule MISSING_MID ======> got hit: "UNSET"
[25047] dbg: rules: ran header rule __LAST_UNTRUSTED_RELAY_NO_AUTH ======> got hit: "[. ip=77.180.129.147 rdns=koln-4db48193.pool.einsundeins.de helo=tomek by=mx03.syneticon.net ident= envfrom= intl=0 id= auth= "
[25047] dbg: rules: ran header rule __HELO_NO_DOMAIN ======> got hit: "[ ip=77.180.129.147 rdns=koln-4db48193.pool.einsundeins.de helo=tomek "
[25047] dbg: rules: ran header rule __MISSING_REF ======> got hit: "UNSET"
[25047] dbg: rules: ran header rule MISSING_DATE ======> got hit: "UNSET"
[25047] dbg: rules: ran header rule __DOS_SINGLE_EXT_RELAY ======> got hit: "[. ip=77.180.129.147 rdns=koln-4db48193.pool.einsundeins.de helo=tomek by=mx03.syneticon.net ident= envfrom= intl=0 id= auth= msa=0 ]"
[25047] dbg: rules: ran header rule __HAS_RCVD ======> got hit: "f"
[25047] dbg: rules: ran header rule __DOS_RCVD_THU ======> got hit: " Thu, "
[25047] dbg: rules: ran header rule L_P0F_UNKN ======> got hit: "UNKNOWN"
[25047] dbg: rules: ran header rule __HAS_SUBJECT ======> got hit: "t"
[25047] dbg: spf: checking to see if the message has a Received-SPF header that we can use
[25047] dbg: spf: checking HELO (helo=tomek, ip=77.180.129.147)
[25047] dbg: spf: cannot check HELO of 'tomek', skipping
[25047] dbg: dkim: check_dkim_whitelist: could not find author address
[25047] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks
[25047] dbg: spf: checking EnvelopeFrom (helo=tomek, ip=77.180.129.147, envfrom=tch[at]dupa.com)
[25047] dbg: dns: hit <dns:dupa.com> 208.254.3.166
[25047] dbg: dns: hit <dns:dupa.com?type=MX> 0 dev.null.
[25047] dbg: spf: query for tch[at]dupa.com/77.180.129.147/tomek: result: none, comment: , text: No applicable sender policy available
[25047] dbg: dkim: performing public key lookup and signature verification
[25047] dbg: dkim: signature verification result: none
[25047] dbg: dkim: policy: performing lookup
[25047] dbg: dkim: policy: none
[25047] dbg: spf: def_spf_whitelist_from: already checked spf and didn't get pass, skipping whitelist check
[25047] dbg: rules: ran eval rule MISSING_HEADERS ======> got hit (1)
[25047] dbg: spf: whitelist_from_spf: already checked spf and didn't get pass, skipping whitelist check
[25047] dbg: rules: running body tests; score so far=1.295
[25047] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "t"
[25047] dbg: async: select found no responses ready (t.o.=0.0)
[25047] dbg: async: completed in 0.114 s: NO_DNS_FOR_FROM, DNSBL-MX, dns:MX:dupa.com
[25047] dbg: async: completed in 0.110 s: NO_DNS_FOR_FROM, DNSBL-A, dns:A:dupa.com
[25047] dbg: dns: harvested completed queries
[25047] dbg: rules: running uri tests; score so far=1.295
[25047] dbg: rules: ran eval rule BAYES_40 ======> got hit (1)
[25047] dbg: eval: stock info total: 0
[25047] dbg: rules: running rawbody tests; score so far=1.11
[25047] dbg: rules: ran rawbody rule __TVD_BODY ======> got hit: "blah"
[25047] dbg: rules: running full tests; score so far=1.11
[25047] dbg: info: entering helper-app run mode
[25047] dbg: info: leaving helper-app run mode
[25047] dbg: razor2: part=0 engine=4 contested=0 confidence=0
[25047] dbg: razor2: results: spam? 0
[25047] dbg: razor2: results: engine 8, highest cf score: 0
[25047] dbg: razor2: results: engine 4, highest cf score: 0
[25047] dbg: pyzor: pyzor is available: /usr/bin/pyzor
[25047] dbg: info: entering helper-app run mode
[25047] dbg: pyzor: opening pipe: /usr/bin/pyzor check < /var/lib/amavis/tmp/.spamassassin250473TGLxwtmp
[25058] dbg: util: setuid: ruid=73 euid=73
[25047] dbg: pyzor: [25058] finished: exit=0x0100
[25047] dbg: info: leaving helper-app run mode
[25047] dbg: pyzor: check failed: no response
[25047] dbg: dcc: dccifd is not available: no r/w dccifd socket found
[25047] dbg: dcc: dccproc is available: /usr/bin/dccproc
[25047] dbg: info: entering helper-app run mode
[25047] dbg: dcc: opening pipe: /usr/bin/dccproc -H -x 0 -a 77.180.129.147 < /var/lib/amavis/tmp/.spamassassin250473TGLxwtmp
[25059] dbg: util: setuid: ruid=73 euid=73
[25047] dbg: dcc: got response: X-DCC-Rhyolite-Metrics: filter1 104; Body=0
[25047] dbg: info: leaving helper-app run mode
[25047] dbg: rules: running meta tests; score so far=1.11
[25047] dbg: check: running tests for priority: 500
[25047] dbg: dns: harvest_dnsbl_queries
[25047] dbg: async: timing: 0.110 . dns:A:dupa.com
[25047] dbg: async: timing: 0.114 . dns:MX:dupa.com
[25047] dbg: rules: running one_line_body tests; score so far=1.11
[25047] dbg: rules: running head tests; score so far=1.11
[25047] dbg: rules: running body tests; score so far=1.11
[25047] dbg: rules: running uri tests; score so far=1.11
[25047] dbg: rules: running rawbody tests; score so far=1.11
[25047] dbg: rules: running full tests; score so far=1.11
[25047] dbg: rules: running meta tests; score so far=1.11
[25047] dbg: check: running tests for priority: 900
[25047] dbg: rules: running one_line_body tests; score so far=1.11
[25047] dbg: rules: running head tests; score so far=1.11
[25047] dbg: rules: running body tests; score so far=1.11
[25047] dbg: rules: running uri tests; score so far=1.11
[25047] dbg: FuzzyOcr: Starting FuzzyOcr...
[25047] info: FuzzyOcr: Processing Message with ID "<no messageid>" (<no sender> -> <no receipients>)
[25047] dbg: FuzzyOcr: Skipping OCR, no image files found...
[25047] dbg: FuzzyOcr: Processed in 0.001019 sec.
[25047] dbg: rules: running rawbody tests; score so far=1.11
[25047] dbg: rules: running full tests; score so far=1.11
[25047] dbg: rules: running meta tests; score so far=1.11
[25047] dbg: check: running tests for priority: 1000
[25047] dbg: rules: running one_line_body tests; score so far=1.11
[25047] dbg: rules: running head tests; score so far=1.11
[25047] dbg: rules: running body tests; score so far=1.11
[25047] dbg: rules: running uri tests; score so far=1.11
[25047] dbg: rules: running rawbody tests; score so far=1.11
[25047] dbg: rules: running full tests; score so far=1.11
[25047] dbg: rules: running meta tests; score so far=1.11
[25047] dbg: plugin: Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0xa49a550) implements 'autolearn_discriminator', priority 0
[25047] dbg: learn: auto-learn: currently using scoreset 3, recomputing score based on scoreset 1
[25047] dbg: learn: auto-learn: message score: 1.11, computed score for autolearn: 1.584
[25047] dbg: learn: auto-learn? ham=0.1, spam=12, body-points=1.584, head-points=1.584, learned-points=-0.185
[25047] dbg: learn: auto-learn? no: inside auto-learn thresholds, not considered ham or spam
[25047] dbg: check: is spam? score=1.11 required=5
[25047] dbg: check: tests=BAYES_40,L_P0F_UNKN,MISSING_DATE,MISSING_HEADERS,MISSING_MID
[25047] dbg: check: subtests=__DOS_DIRECT_TO_MX,__DOS_RCVD_THU,__DOS_SINGLE_EXT_RELAY,__HAS_RCVD,__HAS_SUBJECT,__HELO_NO_DOMAIN,__LAST_UNTRUSTED_RELAY_NO_AUTH,__MISSING_REF,__NONEMPTY_BODY,__TVD_BODY



--
Tomasz Chmielewski
http://wpkg.org


ned at unixmail

Oct 9, 2008, 5:50 AM

Post #4 of 14 (261 views)
Permalink
Re: DnsBlocklists not working? [In reply to]
Tomasz Chmielewski wrote:
> I have a mail setup, where the SMTP server (Postfix) is running on a
> machine with a public IP address, and amavisd-new and spamassassin are
> running on a "filter" server in a private LAN.
>

Just a quick observation - does the machine on the private lan have
Internet access to perform the DNSBL lookups or can it only see the
postfix mail gateway. The amavisd-new/SA box must be able to access the
Internet to perform any tests that need Internet access.

> Basically, "mail" server receives mail via SMTP, and the mails are
> checked on another machine.
>
> I think DnsBlocklists tests are not working, i.e. if I connect and send
> an email via telnet from my home ADSL address (which is listed on
> Spamhaus' PBL), I don't see the mail gets any extra points.
>
> What should I correct in my configuration? According to
> http://wiki.apache.org/spamassassin/DnsBlocklists, I should "make sure
> that SpamAssassin is resolving the gateway to its external address".
> What does it mean?
>
>


mangoo at wpkg

Oct 9, 2008, 5:53 AM

Post #5 of 14 (261 views)
Permalink
Re: DnsBlocklists not working? [In reply to]
Daniel J McDonald schrieb:
> On Thu, 2008-10-09 at 14:32 +0200, Tomasz Chmielewski wrote:
>> McDonald, Dan schrieb:
>>> On Thu, 2008-10-09 at 12:07 +0200, Tomasz Chmielewski wrote:
>>>> I have a mail setup, where the SMTP server (Postfix) is running on a
>>>> machine with a public IP address, and amavisd-new and spamassassin are
>>>> running on a "filter" server in a private LAN.
>>> You need to add the public and private IP's of your external box to
>>> trusted_networks.
>
> I think you want to remove the internal_networks statement.
>
> from the pod:
> internal_networks ip.add.re.ss[/mask] ... (default: none)
> What networks or hosts are 'internal' in your setup. Internal
> means that relay hosts on these networks are considered to be
> MXes for your domain(s), or internal relays. This uses the
> same format as "trusted_networks", above.

It makes no difference if I remove it or not.
In fact, I think I already tried all combinations of internal_newtorks /
trusted_networks, but it didn't make a difference.



--
Tomasz Chmielewski
http://wpkg.org


d.hill at yournetplus

Oct 9, 2008, 5:57 AM

Post #6 of 14 (261 views)
Permalink
Re: DnsBlocklists not working? [In reply to]
On Thu, 9 Oct 2008, Tomasz Chmielewski wrote:

> McDonald, Dan schrieb:
>> On Thu, 2008-10-09 at 12:07 +0200, Tomasz Chmielewski wrote:
>>> I have a mail setup, where the SMTP server (Postfix) is running on a
>>> machine with a public IP address, and amavisd-new and spamassassin are
>>> running on a "filter" server in a private LAN.
>>
>> You need to add the public and private IP's of your external box to
>> trusted_networks.
>
> In local.cf, I already have:
>
>
> trusted_networks 192.168.113.
> trusted_networks my_external_ip
> internal_networks 192.168.113.

Do you:

clear_trusted_networks
clear_internal_networks

before you set them? I run an SMTP server here on my workstation. This is
how I have it set up and works perfect:

clear_trusted_networks
clear_internal_networks

trusted_networks 192.168.1.10 # The only IP on this machine
trusted_networks our.ip.range.1 # Public IP range
trusted_networks our.ip.range.2 # Public IP range
trusted_networks off.ice.ip.1 # Public IP range
trusted_networks off.ice.ip.2 # Public IP range
trusted_networks off.ice.ip.3 # This range has my Internet
# facing router this machine
# is connected to

internal_networks 192.168.1.10 # The only IP on this machine

> But it doesn't change anything.

[snip]


mangoo at wpkg

Oct 9, 2008, 6:03 AM

Post #7 of 14 (261 views)
Permalink
Re: DnsBlocklists not working? [In reply to]
Ned Slider schrieb:
> Tomasz Chmielewski wrote:
>> I have a mail setup, where the SMTP server (Postfix) is running on a
>> machine with a public IP address, and amavisd-new and spamassassin are
>> running on a "filter" server in a private LAN.
>>
>
> Just a quick observation - does the machine on the private lan have
> Internet access to perform the DNSBL lookups or can it only see the
> postfix mail gateway. The amavisd-new/SA box must be able to access the
> Internet to perform any tests that need Internet access.

Yes, it can download files etc. Besides, spamassassing queries
Pyzor/Razor without problems.


I just started tcpdump to see what addresses the "filter" box connects
to when it receives mail for filtering - I see:
- packets from/to the SMTP server
- packets from/to the DNS server (asking for the domain used in
MAIL FROM:<user[at]domain-asked-for> and Razor servers
- packets to/from 208.83.137.117, 208.83.137.115, which is Razor
- packets to/from 209.169.14.30, which is DCC


And that's it. No other DNS queries, no other packets.


--
Tomasz Chmielewski
http://wpkg.org


mangoo at wpkg

Oct 9, 2008, 6:07 AM

Post #8 of 14 (261 views)
Permalink
Re: DnsBlocklists not working? [In reply to]
Duane Hill schrieb:
> On Thu, 9 Oct 2008, Tomasz Chmielewski wrote:
>
>> McDonald, Dan schrieb:
>>> On Thu, 2008-10-09 at 12:07 +0200, Tomasz Chmielewski wrote:
>>>> I have a mail setup, where the SMTP server (Postfix) is running on a
>>>> machine with a public IP address, and amavisd-new and spamassassin
>>>> are running on a "filter" server in a private LAN.
>>>
>>> You need to add the public and private IP's of your external box to
>>> trusted_networks.
>>
>> In local.cf, I already have:
>>
>>
>> trusted_networks 192.168.113.
>> trusted_networks my_external_ip
>> internal_networks 192.168.113.
>
> Do you:
>
> clear_trusted_networks
> clear_internal_networks
>
> before you set them?

No, I did not. But I just did to make sure, and it doesn't change anything.
Besides, with or without "clear_...", "amavisd debug-sa" shows:

[25472] dbg: received-header: parsed as [. ip=77.180.129.147 rdns=koln-4db48193.pool.einsundeins.de helo=tomek by=mx03.syneticon.net ident= envfrom= intl=0 id= auth= msa=0 ]
[25472] dbg: received-header: relay 77.180.129.147 trusted? no internal? no msa? no
[25472] dbg: metadata: X-Spam-Relays-Trusted:
[25472] dbg: metadata: X-Spam-Relays-Untrusted: [. ip=77.180.129.147 rdns=koln-4db48193.pool.einsundeins.de helo=tomek by=mx03.syneticon.net ident= envfrom= intl=0 id= auth= msa=0 ]
[25472] dbg: metadata: X-Spam-Relays-Internal:
[25472] dbg: metadata: X-Spam-Relays-External: [. ip=77.180.129.147 rdns=koln-4db48193.pool.einsundeins.de helo=tomek by=mx03.syneticon.net ident= envfrom= intl=0 id= auth= msa=0 ]

Which means the IP in question (77.180.129.147) is not trusted, internal etc.


> I run an SMTP server here on my workstation. This
> is how I have it set up and works perfect:
>
> clear_trusted_networks
> clear_internal_networks

Is your amavisd-new on an external machine to the SMTP server?


--
Tomasz Chmielewski
http://wpkg.org


d.hill at yournetplus

Oct 9, 2008, 6:53 AM

Post #9 of 14 (252 views)
Permalink
Re: DnsBlocklists not working? [In reply to]
On Thu, 9 Oct 2008, Tomasz Chmielewski wrote:

> Duane Hill schrieb:
>> On Thu, 9 Oct 2008, Tomasz Chmielewski wrote:
>>
>>> McDonald, Dan schrieb:
>>>> On Thu, 2008-10-09 at 12:07 +0200, Tomasz Chmielewski wrote:
>>>>> I have a mail setup, where the SMTP server (Postfix) is running on a
>>>>> machine with a public IP address, and amavisd-new and spamassassin are
>>>>> running on a "filter" server in a private LAN.
>>>>
>>>> You need to add the public and private IP's of your external box to
>>>> trusted_networks.
>>>
>>> In local.cf, I already have:
>>>
>>>
>>> trusted_networks 192.168.113.
>>> trusted_networks my_external_ip
>>> internal_networks 192.168.113.
>>
>> Do you:
>>
>> clear_trusted_networks
>> clear_internal_networks
>>
>> before you set them?
>
> No, I did not. But I just did to make sure, and it doesn't change anything.
> Besides, with or without "clear_...", "amavisd debug-sa" shows:
>
> [25472] dbg: received-header: parsed as [. ip=77.180.129.147
> rdns=koln-4db48193.pool.einsundeins.de helo=tomek by=mx03.syneticon.net
> ident= envfrom= intl=0 id= auth= msa=0 ]
> [25472] dbg: received-header: relay 77.180.129.147 trusted? no internal? no
> msa? no
> [25472] dbg: metadata: X-Spam-Relays-Trusted:
> [25472] dbg: metadata: X-Spam-Relays-Untrusted: [. ip=77.180.129.147
> rdns=koln-4db48193.pool.einsundeins.de helo=tomek by=mx03.syneticon.net
> ident= envfrom= intl=0 id= auth= msa=0 ]
> [25472] dbg: metadata: X-Spam-Relays-Internal:
> [25472] dbg: metadata: X-Spam-Relays-External: [. ip=77.180.129.147
> rdns=koln-4db48193.pool.einsundeins.de helo=tomek by=mx03.syneticon.net
> ident= envfrom= intl=0 id= auth= msa=0 ]
> Which means the IP in question (77.180.129.147) is not trusted, internal etc.
>
>
>> I run an SMTP server here on my workstation. This is how I have it set up
>> and works perfect:
>>
>> clear_trusted_networks
>> clear_internal_networks
>
> Is your amavisd-new on an external machine to the SMTP server?

I don't use amavisd-new. I was just talking about SpamAssassin. Have
you tried running the message through SpamAssassin itself, bypassing
amavisd-new? Perhaps there is a config option that is preventing the
lookups. Amavisd-new does integrate into SpamAssassin directly; bypassing
the need for spamc/spamd (at least I think it does).


mangoo at wpkg

Oct 9, 2008, 7:10 AM

Post #10 of 14 (252 views)
Permalink
Re: DnsBlocklists not working? [In reply to]
Duane Hill schrieb:

(...)

>>> I run an SMTP server here on my workstation. This is how I have it
>>> set up and works perfect:
>>>
>>> clear_trusted_networks
>>> clear_internal_networks
>>
>> Is your amavisd-new on an external machine to the SMTP server?
>
> I don't use amavisd-new. I was just talking about SpamAssassin. Have you
> tried running the message through SpamAssassin itself, bypassing
> amavisd-new? Perhaps there is a config option that is preventing the
> lookups. Amavisd-new does integrate into SpamAssassin directly;
> bypassing the need for spamc/spamd (at least I think it does).

Yes, I tried running spamassassin -D < /tmp/email.eml

It checks against URIBL if there is a link inside the message body.
It doesn't seem to check against DNSBL at all.


--
Tomasz Chmielewski
http://wpkg.org


rickm at ummm-beer

Oct 9, 2008, 7:19 AM

Post #11 of 14 (252 views)
Permalink
Re: DnsBlocklists not working? [In reply to]
Tomasz Chmielewski wrote:
>
> Yes, I tried running spamassassin -D < /tmp/email.eml
>
> It checks against URIBL if there is a link inside the message body.
> It doesn't seem to check against DNSBL at all.
>
>

Can you post a link to your .cf files and the spamd run arguments ?

Regards,

Rick


mouss at netoyen

Oct 9, 2008, 7:20 AM

Post #12 of 14 (252 views)
Permalink
Re: DnsBlocklists not working? [In reply to]
Tomasz Chmielewski wrote:
> Duane Hill schrieb:
>> On Thu, 9 Oct 2008, Tomasz Chmielewski wrote:
>>
>>> McDonald, Dan schrieb:
>>>> On Thu, 2008-10-09 at 12:07 +0200, Tomasz Chmielewski wrote:
>>>>> I have a mail setup, where the SMTP server (Postfix) is running on
>>>>> a machine with a public IP address, and amavisd-new and
>>>>> spamassassin are running on a "filter" server in a private LAN.
>>>>
>>>> You need to add the public and private IP's of your external box to
>>>> trusted_networks.
>>>
>>> In local.cf, I already have:
>>>
>>>
>>> trusted_networks 192.168.113.
>>> trusted_networks my_external_ip
>>> internal_networks 192.168.113.
>>
>> Do you:
>>
>> clear_trusted_networks
>> clear_internal_networks
>>
>> before you set them?
>
> No, I did not. But I just did to make sure, and it doesn't change anything.
> Besides, with or without "clear_...", "amavisd debug-sa" shows:
>
> [25472] dbg: received-header: parsed as [. ip=77.180.129.147
> rdns=koln-4db48193.pool.einsundeins.de helo=tomek by=mx03.syneticon.net
> ident= envfrom= intl=0 id= auth= msa=0
> ]
> [25472] dbg: received-header: relay 77.180.129.147 trusted? no internal?
> no msa?
> no
> [25472] dbg: metadata:
> X-Spam-Relays-Trusted:
> [25472] dbg: metadata: X-Spam-Relays-Untrusted: [. ip=77.180.129.147
> rdns=koln-4db48193.pool.einsundeins.de helo=tomek by=mx03.syneticon.net
> ident= envfrom= intl=0 id= auth= msa=0
> ]
> [25472] dbg: metadata:
> X-Spam-Relays-Internal:
> [25472] dbg: metadata: X-Spam-Relays-External: [. ip=77.180.129.147
> rdns=koln-4db48193.pool.einsundeins.de helo=tomek by=mx03.syneticon.net
> ident= envfrom= intl=0 id= auth= msa=0 ]
> Which means the IP in question (77.180.129.147) is not trusted, internal
> etc.
>

your X-Spam-Relays-External looks good, so it should trigger a PBL
lookup. do you see anything in the -D output that is related to spamhaus
or to the IP (77.180.129.147)?

does anything in your config disable the PBL? you say URIBL gets
queried, so network tests aren't disabled. but check this to make sure.

if you run
$ host 147.129.180.77.zen.spamhaus.org
on the SA box, does it return 127.0.0.11 ?


mangoo at wpkg

Oct 9, 2008, 7:27 AM

Post #13 of 14 (252 views)
Permalink
Re: DnsBlocklists not working? [In reply to]
Tomasz Chmielewski schrieb:
> Duane Hill schrieb:
>
> (...)
>
>>>> I run an SMTP server here on my workstation. This is how I have it
>>>> set up and works perfect:
>>>>
>>>> clear_trusted_networks
>>>> clear_internal_networks
>>>
>>> Is your amavisd-new on an external machine to the SMTP server?
>>
>> I don't use amavisd-new. I was just talking about SpamAssassin. Have
>> you tried running the message through SpamAssassin itself, bypassing
>> amavisd-new? Perhaps there is a config option that is preventing the
>> lookups. Amavisd-new does integrate into SpamAssassin directly;
>> bypassing the need for spamc/spamd (at least I think it does).
>
> Yes, I tried running spamassassin -D < /tmp/email.eml
>
> It checks against URIBL if there is a link inside the message body.
> It doesn't seem to check against DNSBL at all.

Ugh! Found it!

/var/lib/amavis/.spamassassin/user_prefs -> skip_rbl_checks 1

It is 0 by default, I would find it faster if there was an information
about the default feature being disabled it in the debug output ;)

Sorry for taking your time.


--
Tomasz Chmielewski
http://wpkg.org


roberth at abbacomm

Oct 9, 2008, 7:37 AM

Post #14 of 14 (252 views)
Permalink
RE: DnsBlocklists not working? [In reply to]
> Yes, I tried running spamassassin -D < /tmp/email.eml
>
> It checks against URIBL if there is a link inside the message body.
> It doesn't seem to check against DNSBL at all.
>
>
> --
> Tomasz Chmielewski
> http://wpkg.org
>

Check these type of things, this is a cut from one of our
/etc/mail/spamassassin/local.cf files

Notice they get commented or uncommented as necessary

#
#
rbl_timeout 15
#
# commented out 5/23/2008 by rh for local rbltesting
#
#skip_rbl_checks 1

#use_auto_whitelist 0

# Set headers which may provide inappropriate cues to the Bayesian
# classifier
#
# bayes_ignore_header X-Bogosity
# bayes_ignore_header X-Spam-Flag
# bayes_ignore_header X-Spam-Status
#
#
#
# Enable or disable network checks
# skip_rbl_checks 0
# use_razor2 1
# use_dcc 1
# use_pyzor 1

- rh

SpamAssassin users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact lists@gossamer-threads.com
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.