Testing DNSRBLs using SA - SpamAssassin

This is a discussion on Testing DNSRBLs using SA - SpamAssassin ; Good morning all, I am trying to use SA to test a DNSBL and I am not having any luck getting the rule to hit. I've looked through 20_dnsbl_tests.cf, and read the appropriate section in the docs. http://spamassassin.apache.org/full/...leged_settings Here is ...

+ Reply to Thread
Results 1 to 7 of 7

Thread: Testing DNSRBLs using SA

  1. Testing DNSRBLs using SA

    Good morning all,

    I am trying to use SA to test a DNSBL and I am not having any luck
    getting the rule to hit. I've looked through 20_dnsbl_tests.cf, and read
    the appropriate section in the docs.

    http://spamassassin.apache.org/full/...leged_settings

    Here is what I have currently,

    header RCVD_IN_SIP eval:check_rbl('sip', 'sip.invaluement.com.')
    describe RCVD_IN_SIP sender is known in Invaluement list
    tflags RCVD_IN_SIP net
    score RCVD_IN_SIP 0.01

    And yes, when I query my rbldnsd server from the server running SA with
    an IP known to be in the list, I do get the proper response.

    Anyone see a flaw in this concept?

    Thanks,

    DAve

    --
    In 50 years, our descendants will look back on the early years
    of the internet, and much like we now look back on men with
    rockets on their back and feathers glued to their arms, marvel
    that we had the intelligence to wipe the drool from our chins.


  2. Re: Testing DNSRBLs using SA

    On Fri, 23 May 2008 at 10:32 -0400, dave.list@pixelhammer.com confabulated:

    > Good morning all,
    >
    > I am trying to use SA to test a DNSBL and I am not having any luck getting
    > the rule to hit. I've looked through 20_dnsbl_tests.cf, and read the
    > appropriate section in the docs.
    >
    > http://spamassassin.apache.org/full/...leged_settings
    >
    > Here is what I have currently,
    >
    > header RCVD_IN_SIP eval:check_rbl('sip', 'sip.invaluement.com.')
    > describe RCVD_IN_SIP sender is known in Invaluement list
    > tflags RCVD_IN_SIP net
    > score RCVD_IN_SIP 0.01
    >
    > And yes, when I query my rbldnsd server from the server running SA with an IP
    > known to be in the list, I do get the proper response.
    >
    > Anyone see a flaw in this concept?


    To me that rule looks fine. Perhaps your testing is completely within your
    trusted path? Feed the message with SpamAssassin with the -D debug switch
    to see for sure.


  3. Re: Testing DNSRBLs using SA

    DAve wrote:
    > I am trying to use SA to test a DNSBL
    >

    PLEASE--note that direct queries to the invaluement.com DNSBLs will
    *always* fail.

    These are *only* available via RSYNC. So please don't try to add SIP to
    your RBL list... it won't work!!!

    (Dave knows this... I'm just mentioning this for others' benefit.)

    and I'm not sure what the problem is with Dave's config. I
    use SA for some spam filtering tasks. But most of my own spam filtering
    is custom written and, therefore, I don't use SA for DNSBL lookups...
    which is why I'm sometimes caught off-guard regarding SA's dnsbl
    implemenations.


    Rob McEwen


  4. RE: Testing DNSRBLs using SA

    >
    > I am trying to use SA to test a DNSBL and I am not having any luck
    > getting the rule to hit. I've looked through 20_dnsbl_tests.cf, and read
    > the appropriate section in the docs.
    >
    > http://spamassassin.apache.org/full/...sin_Conf.html#
    > rule_definitions_and_privileged_settings
    >
    > Here is what I have currently,
    >
    > header RCVD_IN_SIP eval:check_rbl('sip', 'sip.invaluement.com.')
    > describe RCVD_IN_SIP sender is known in Invaluement list
    > tflags RCVD_IN_SIP net
    > score RCVD_IN_SIP 0.01
    >
    > And yes, when I query my rbldnsd server from the server running SA with
    > an IP known to be in the list, I do get the proper response.
    >
    > Anyone see a flaw in this concept?
    >
    > Thanks,
    >
    > Dave


    Dave

    If you are really trying to probe the local sip zone data, make it local and
    create a local zone with a name something like...

    sip.invaluement.local

    not .com even though it might work, it creates confusion...

    even though you can be locally, your name servers are not authoritive for
    invaluement.com zone.

    next, as I understand it, the sip zone is ip addresses only.... is that what
    you are trying to check?

    You can also look at the rbldnsd logs to see what is happening as well.

    - rh


  5. Re: Testing DNSRBLs using SA

    Rob McEwen wrote:
    > DAve wrote:
    >> I am trying to use SA to test a DNSBL
    >>

    > PLEASE--note that direct queries to the invaluement.com DNSBLs will
    > *always* fail.
    >
    > These are *only* available via RSYNC. So please don't try to add SIP to
    > your RBL list... it won't work!!!
    >
    > (Dave knows this... I'm just mentioning this for others' benefit.)
    >
    > and I'm not sure what the problem is with Dave's config. I
    > use SA for some spam filtering tasks. But most of my own spam filtering
    > is custom written and, therefore, I don't use SA for DNSBL lookups...
    > which is why I'm sometimes caught off-guard regarding SA's dnsbl
    > implemenations.

    >


    Sorry Rob, I should have mentioned that so no one tried to duplicate my
    rule and test it.

    DAve


    --
    In 50 years, our descendants will look back on the early years
    of the internet, and much like we now look back on men with
    rockets on their back and feathers glued to their arms, marvel
    that we had the intelligence to wipe the drool from our chins.


  6. Re: Testing DNSRBLs using SA

    D Hill wrote:
    > On Fri, 23 May 2008 at 10:32 -0400, dave.list@pixelhammer.com confabulated:
    >
    >> Good morning all,
    >>
    >> I am trying to use SA to test a DNSBL and I am not having any luck
    >> getting the rule to hit. I've looked through 20_dnsbl_tests.cf, and
    >> read the appropriate section in the docs.
    >>
    >> http://spamassassin.apache.org/full/...leged_settings
    >>
    >>
    >> Here is what I have currently,
    >>
    >> header RCVD_IN_SIP eval:check_rbl('sip', 'sip.invaluement.com.')
    >> describe RCVD_IN_SIP sender is known in Invaluement list
    >> tflags RCVD_IN_SIP net
    >> score RCVD_IN_SIP 0.01
    >>
    >> And yes, when I query my rbldnsd server from the server running SA
    >> with an IP known to be in the list, I do get the proper response.
    >>
    >> Anyone see a flaw in this concept?

    >
    > To me that rule looks fine. Perhaps your testing is completely within
    > your trusted path? Feed the message with SpamAssassin with the -D debug
    > switch to see for sure.


    That is how I have been testing it.

    spamassassin -D < test-mail 2>&1 | grep invaluement

    No joy, no real clue where to check next. Here is a link to the rule,
    message, and results from spamassassin debug.

    http://pixelhammer.com/Dan/dnsbl_rule_test.txt

    DAve


    --
    In 50 years, our descendants will look back on the early years
    of the internet, and much like we now look back on men with
    rockets on their back and feathers glued to their arms, marvel
    that we had the intelligence to wipe the drool from our chins.


  7. Re: Testing DNSRBLs using SA

    DAve wrote:
    > D Hill wrote:
    >> To me that rule looks fine. Perhaps your testing is completely within
    >> your trusted path? Feed the message with SpamAssassin with the -D
    >> debug switch to see for sure.

    >
    > That is how I have been testing it.
    >
    > spamassassin -D < test-mail 2>&1 | grep invaluement
    >
    > No joy, no real clue where to check next. Here is a link to the rule,
    > message, and results from spamassassin debug.
    >
    > http://pixelhammer.com/Dan/dnsbl_rule_test.txt


    PEBKAC!

    #skip_rbl_checks 1

    Works now.

    DAve

    --
    In 50 years, our descendants will look back on the early years
    of the internet, and much like we now look back on men with
    rockets on their back and feathers glued to their arms, marvel
    that we had the intelligence to wipe the drool from our chins.


+ Reply to Thread