I ran several emails through SA with -D and search for RBL I find things like:

[2891] dbg: async: starting: URI-DNSBL, DNSBL:multi.surbl.org.:worldchanging.com (timeout 15.0s, min 3.0s)
[2891] dbg: dns: URIBL_PH_SURBL lookup start
[2891] dbg: async: starting: URI-DNSBL, DNSBL:multi.uribl.com.:worldchanging.com (timeout 15.0s, min 3.0s)
[2891] dbg: dns: URIBL_BLACK lookup start

Is the "timeout" a concern? I seem to get it on a lot of lines. But I also see lines like:

[2891] dbg: async: completed in 0.200 s: URI-DNSBL, DNSBL:multi.surbl.org.:informationweekconference.c om
[2891] dbg: async: completed in 0.351 s: URI-DNSBL, DNSBL:multi.surbl.org.:internetevolution.com

But I don't see anything that looks like an error to me (other than the timeout above).

I changed /etc/resolv.conf to use trusted DNS servers (not Verizon), and restarted SA, but that does not seem to help.




On Thu, 31 Jan 2008, David Zinder wrote:

> What should dig return? I too have Verizon fios. If /etc/resolve.conf
> contains their DNS servers I get similar dig results as you. If I change
> it to DNS servers I trust I get:
>
> $ dig techweb.com.multi.surbl.org
>
> ; <<>> DiG 9.2.4 <<>> techweb.com.multi.surbl.org
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 11053
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

[snip..]
^^^^^^^^^^^^^^^^^

That is the correct answer from dig.
Note the part that says: "status: NXDOMAIN"
That's dig's way of saying "Non-eXistant DOMAIN" (IE no such critter).
In other words, "techweb.com" is not found in multi.surbl.org.
So your SA should -not- be listing it.


> Is this a correct response from dig? If so, changing the DNS servers in
> /etc/resolve.conf does not fix my problem. The techweb.com email is
> still reported on the blocklists. I have also tried dig from two other
> email servers I control. They both have different DNS servers in
> /etc/resolve.conf and different ISPs. Both return similar dig results to
> what I pasted above and the techweb.com email gets the same results.
>


Then there's something else that is broken, your dig query clearly
shows multi.surbl.org not listing techweb.com.

Take one of your messages that contain a techweb.com, save it as a text
file, feed it to spamassassin with the -D flag and look for rbl parts.

--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include
Better is not better, 'standard' is better. B{