[Slackbuilds-users] Spamassassin from SBo - broken DNS RBL filtering?

Sebastian Arcus s.arcus at open-t.co.uk
Sun May 21 04:34:32 UTC 2017


On 20/05/17 20:36, Robby Workman wrote:
> On Sat, 20 May 2017 20:27:01 +0100
> Sebastian Arcus <s.arcus at open-t.co.uk> wrote:
> 
>> On 17/05/17 18:17, Sebastian Arcus wrote:
>>>
>>> On 17/05/17 16:31, Franzen wrote:
>>>> On 17.05.2017 16:18, Sebastian Arcus wrote:
>>>>> I have been chasing this issue on-and-off for months, and spent a
>>>>> lot of time the last few days on it. I run several Slackware
>>>>> servers with Spamassassin on them, and I  noticed a while ago
>>>>> that some don't use DNS blocklists.
>>>>
>>>> Maybe your are using the providers nameserver, beside a lot
>>>> others, so the providers nameserver itself may be blacklistet
>>>> because of too much reqeuests, and therfore gets no(or only
>>>> sometimes) answers from the dns blackalist severs. This also
>>>> happens if you are using google's dns 8.8.8.8
>>>
>>> Sorry, I should have mentioned it in the original post. I am
>>> running Bind locally in caching/recursive mode. Also, if that would
>>> have been the problem, the queries get flagged as blocked by
>>> SpamAssassin in the message report - so it is quite soon obvious
>>> what is going on. I've had this in the past, before configuring
>>> Bind. What I am describing is a silent issue - no errors, no
>>> messages about queries being blocked. And that is why it took me a
>>> while to realise it was a problem, because if there is no mention
>>> in the spam report of dns rbl's - the assumption would be that the
>>> dns queries returned nothing - not that they are not working
>>> altogether. Only by passing the same known spam message through
>>> SpamAssassin on different servers did I realise that the dns rbl's
>>> weren't functional.
>>
>> A follow up on this. I've tested the issue on some more machines, and
>> it seems that it is the Spamassassin version which is the problem. On
>> none of the machines I had with 3.4.1 dns rbl's were working. I have
>> one server with 3.4.0 and dns rbl's *are* working on it. I have
>> upgraded the 7 servers I had with 3.4.1 to 4.0.0 unstable and they
>> all work fine now. They were all Slackware 14.2-current in various
>> states of "freshness" - up to one year old. So if you have
>> Spamassassin 3.4.1 installed on a Slackware box, you might want to
>> check that the dns rbl's are really working - as there were no error
>> messages anywhere on mine. Oh, and for the sake of clarity, I kept
>> all the configs as they were - so it wasn't a config problem.
> 
> 
> Good catch nonetheless :-)

Thank you! It would be really interesting if others could check their 
machines and report here if they are seeing the same issue at their end. 
To test, I just passed a mail message with a known spammy URL (detected 
as a spammy URL on a good machine) through spamc - and if the spam 
report didn't mention anything about any dns rbl test, I knew 
Spamassassin wasn't working correctly.



More information about the SlackBuilds-users mailing list