I ran several emails through SA with -D and search for RBL I find things like:

[2891] dbg: async: starting: URI-DNSBL, DNSBL:multi.surbl.org.:worldchanging.com (timeout 15.0s, min 3.0s)
[2891] dbg: dns: URIBL_PH_SURBL lookup start
[2891] dbg: async: starting: URI-DNSBL, DNSBL:multi.uribl.com.:worldchanging.com (timeout 15.0s, min 3.0s)
[2891] dbg: dns: URIBL_BLACK lookup start

Is the "timeout" a concern? I seem to get it on a lot of lines. But I also see lines like:

[2891] dbg: async: completed in 0.200 s: URI-DNSBL, DNSBL:multi.surbl.org.:informationweekconference.c om
[2891] dbg: async: completed in 0.351 s: URI-DNSBL, DNSBL:multi.surbl.org.:internetevolution.com

But I don't see anything that looks like an error to me (other than the timeout above).

I changed /etc/resolv.conf to use trusted DNS servers (not Verizon), and restarted SA, but that does not seem to help.

On Thu, 31 Jan 2008, David Zinder wrote:

> What should dig return? I too have Verizon fios. If /etc/resolve.conf
> contains their DNS servers I get similar dig results as you. If I change
> it to DNS servers I trust I get:
> $ dig techweb.com.multi.surbl.org
> ; <<>> DiG 9.2.4 <<>> techweb.com.multi.surbl.org
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 11053
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0


That is the correct answer from dig.
Note the part that says: "status: NXDOMAIN"
That's dig's way of saying "Non-eXistant DOMAIN" (IE no such critter).
In other words, "techweb.com" is not found in multi.surbl.org.
So your SA should -not- be listing it.

> Is this a correct response from dig? If so, changing the DNS servers in
> /etc/resolve.conf does not fix my problem. The techweb.com email is
> still reported on the blocklists. I have also tried dig from two other
> email servers I control. They both have different DNS servers in
> /etc/resolve.conf and different ISPs. Both return similar dig results to
> what I pasted above and the techweb.com email gets the same results.

Then there's something else that is broken, your dig query clearly
shows multi.surbl.org not listing techweb.com.

Take one of your messages that contain a techweb.com, save it as a text
file, feed it to spamassassin with the -D flag and look for rbl parts.

Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
Better is not better, 'standard' is better. B{