Mark Martinec wrote the following on 6/15/2007 10:41 AM -0800:
> Bill,
>
>
>>> There is now an additional patch at:
>>> http://issues.apache.org/SpamAssassi...ug.cgi?id=5511
>>> which should fix this.
>>>

>
>
>> Mark, thanks for the patches. However, even with both Dns.pm patches
>> applied, unless I set "rbl_timeout" to a high enough time interval, SA
>> still misses the URIBL test results in the sample messages I posted in
>> bugzilla 5506.
>> For example, if I set "rbl_timeout 15", I get no URIBL hit results.
>> However, if I set "rbl_timeout 60", I do get URIBL hit results. This is
>> because the 60 interval is long enough for Botnet's (in this case) RDNS
>> test to timeout before the "rbl_timeout" interval.
>>

>
> Don't know. I was using your test case (test1.txt) to cause a Botnet hang,
> had rbl_timeout at 15, and I did get the RBL hits.
>
> Try spamassassin from a command line with -t -D.
> If you applied both patches, there should be something
> like the following in the debug output.
>
> 19:26:55.558 8.010 0.000 [13051] dbg: Botnet: no trusted relays
> 19:26:55.558 8.010 0.000 [13051] dbg: Botnet: get_relay didn't find RDNS
> ...a bug pause here...
> 19:27:24.558 37.010 28.999 [13051] dbg: Botnet: IP is '66.17.235.109'
> 19:27:24.558 37.010 0.001 [13051] dbg: Botnet: RDNS is ''
> 19:27:24.559 37.011 0.001 [13051] dbg: Botnet: HELO is 'xxxxxx'
> 19:27:24.559 37.011 0.000 [13051] dbg: Botnet: BADDNS miss
> ...
> 19:27:26.269 38.721 0.002 [13051] dbg: rules: running meta tests; score so far=12.753
> 19:27:26.269 38.721 0.001 [13051] dbg: rules: compiled meta tests
> 19:27:26.271 38.723 0.002 [13051] dbg: check: running tests for priority: 500
> 19:27:26.274 38.726 0.002 [13051] dbg: async: select found 1 socks ready
> 19:27:26.275 38.727 0.001 [13051] dbg: uridnsbl: query for xxx took 35 seconds to look up (dob.sibl.support-intelligence.net:xxx)
> ...
> 19:27:26.281 38.733 0.001 [13051] dbg: async: queries completed: 15 started: 2
> 19:27:26.283 38.735 0.001 [13051] dbg: async: queries active: at Fri Jun 15 19:27:26 2007
>
> vvvvvvvvvvv
> 19:27:26.283 38.735 0.001 [13051] dbg: dns: harvest_dnsbl_queries: on extended
> time, overdue by 30.000 s, still 1.200 s
> ^^^^^^^^^^^^
>
> 19:27:26.295 38.747 0.011 [13051] dbg: async: select found 1 socks ready
> 19:27:26.297 38.749 0.002 [13051] dbg: async: queries completed: 1 started: 2
> 19:27:26.297 38.749 0.000 [13051] dbg: async: queries active: URI-A=1 at Fri
> ...
>
> 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS
> 3.4 HEADER_SPAM Bulk email fingerprint (header-based) found
> 0.1 BOTNET Relay might be a spambot or virusbot
> [botnet0.7,ip=66.17.235.109,nordns]
> 0.0 DKIM_POLICY_SIGNSOME Domain Keys Identified Mail: policy says domain
> signs some mails
> 0.0 BOTNET_NORDNS Relay's IP address has no PTR record
> [botnet_nordns,ip=66.17.235.109]
> 1.2 HTML_IMAGE_ONLY_28 BODY: HTML: images with 2400-2800 bytes of words
> 0.2 HTML_MESSAGE BODY: HTML included in message
> 3.0 BAYES_95 BODY: Bayesian spam probability is 95 to 99%
> [score: 0.9658]
> 1.5 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
> 0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
> 2.8 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/)
> 2.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist
> [URIs: xxx]
> 1.5 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist
> [URIs: xxx]
> 0.0 DIGEST_MULTIPLE Message hits more than one network digest check
> 0.5 BOTNET_OTHER BOTNET_OTHER
> -1.2 AWL AWL: From: address is in the auto white-list
>
> (I had to strike the uri in the log to be able to post the message
>
> Mark
>

Mark, I'm really sorry if I caused you to unnecessarily spin your wheels
on this, I applied the second patch to the wrong SA version of Dns.pm.
The patches work fine. Again, my sincere apologies... :-(

Bill