[SAtalk] Need help interfacing with local RBL

Tue, 29 Oct 2002 09:17:48 -0800 

To supplement our local SA setup I'm trying to setup a local RBL and
configure SA to check it.  I'm trying to use rbldns from djbdns and I've
got it setup to only listen on localhost (it's running on the mail
server itself).  I've added rbl.mail.premiernet.net. to /etc/hosts entry
for 127.0.0.1 and I have a single entry configured for rbldns, so I can
now successfully check via:

mail:/etc/rbldns/env# dig @rbl.mail.premiernet.net.
20.236.158.12.rbl.mail.premiernet.net. a

; <<>> DiG 9.2.1 <<>> @rbl.mail.premiernet.net.
20.236.158.12.rbl.mail.premiernet.net. a
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47476
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;20.236.158.12.rbl.mail.premiernet.net. IN A

;; ANSWER SECTION:
20.236.158.12.rbl.mail.premiernet.net. 2048 IN A 127.0.0.2

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(rbl.mail.premiernet.net.)
;; WHEN: Tue Oct 29 10:49:24 2002
;; MSG SIZE  rcvd: 71

mail:/etc/rbldns/env# dig @rbl.mail.premiernet.net.
20.236.158.12.rbl.mail.premiernet.net. txt

; <<>> DiG 9.2.1 <<>> @rbl.mail.premiernet.net.
20.236.158.12.rbl.mail.premiernet.net. txt
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19475
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;20.236.158.12.rbl.mail.premiernet.net. IN TXT

;; ANSWER SECTION:
20.236.158.12.rbl.mail.premiernet.net. 2048 IN TXT "Listed in PremierNET
local RBL ( [EMAIL PROTECTED] ) - 12.158.236.20"

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(rbl.mail.premiernet.net.)
;; WHEN: Tue Oct 29 10:49:32 2002
;; MSG SIZE  rcvd: 139

Now I try to configure SA, by adding to /etc/spamassassin/local.cf:

# Local RBL Check

header LISTED_IN_LOCAL_RBL             
rbleval:check_rbl('local','rbl.mail.premiernet.net.')
describe LISTED_IN_LOCAL_RBL            Listed in local realtime
blackhole list
score LISTED_IN_LOCAL_RBL               5.0

However this doesn't seem to be working:

mail:~# spamassassin -tD <spam.eml         
debug: using "/usr/share/spamassassin" for default rules dir
debug: using "/etc/spamassassin" for site rules dir
debug: using "/root/.spamassassin" for user state dir
debug: using "/root/.spamassassin/user_prefs" for user prefs file
debug: is Net::DNS::Resolver unavailable? 0
debug: trying (3) slashdot.org...
debug: looking up MX for 'slashdot.org'
debug: MX for 'slashdot.org' exists? 1
debug: MX lookup of slashdot.org succeeded => Dns available (set
dns_available to hardcode)
debug: is DNS available? 1
debug: running header regexp tests; score so far=0
debug: running body-text per-line regexp tests; score so far=1.5
debug: check_for_very_long_text: found 772 bytes
debug: check_for_very_long_text: found 772 bytes
debug: spam-phrase score: 0.298273155416013: hits: free shipping, you
relax
debug: running raw-body-text per-line regexp tests; score so far=2.5
debug: running uri tests; score so far=3.2
debug: uri tests: Done uriRE
debug: running full-text regexp tests; score so far=3.2
debug: Razor2 is not available
debug: DCC is not available: dccproc not found
debug: Pyzor is not available: pyzor not found
debug: DNS MX records found: 1
debug: forged_rcvd_trail: entry 0: by=premiernet.net from=hsmmailer.com
mismatches=0
debug: running meta tests; score so far=4.1
debug: is spam? score=4.1 required=5
tests=MAY_BE_FORGED,MIME_HTML_NO_CHARSET,MSG_ID_ADDED_BY_MTA_3,ONLY_COST,SPAM_PHRASE_00_01
Received: from run1.hsmmailer.com (run1.hsmailer.com [12.158.236.20]
(may be forged))
        by mail.premiernet.net (8.12.6/8.12.6/Debian-6) with ESMTP id
g9SHc2Af009180
        for <[EMAIL PROTECTED]>; Mon, 28 Oct 2002 11:38:03 -0600
Received: from [10.0.1.12]
        by run1.hsm-mailerdirect.com (10.0.1.32) with QMQP; 28 Oct 2002
09:38:01 +0000
Message-Id: <1mqf7p$[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Date: Mon, 28 Oct 2002 09:13:00 -0800
Reply-To: [EMAIL PROTECTED]
From: Mandy <[EMAIL PROTECTED]>
Subject: This is your perfect mouse
MIME-Version: 1.0
X-Mailer-Version: v 27282389
Content-Type: multipart/alternative;
boundary="_----------=_102870244522821"
X-UIDL: F%V"!cQo"!GXT!!Vb+"!
X-Spam-Status: No, hits=4.1 required=5.0
        tests=MAY_BE_FORGED,MIME_HTML_NO_CHARSET,MSG_ID_ADDED_BY_MTA_3,
              ONLY_COST,SPAM_PHRASE_00_01
        version=2.43
X-Spam-Level: ****

This is a multi-part message in MIME format.

--_----------=_102870244522821
Content-Type: text/plain
Content-Transfer-Encoding: 8bit

RocketMouse
For a limit'd time only '$29.95' with 'free' shipping.

The new RocketMouse 'frees' your hand from the desk and lets you relax
at your computer in comfort.

The RocketMouse may help relieve arm, wrist, and back pain associated
with poor posture, arthritis, RSI, and carpal tunnel syndrome.

To discontinue the receipt of emails, visit the following link: 


--_----------=_102870244522821
Content-Type: text/html
Content-Transfer-Encoding: 8bit

 at your computer in comfort.<br><br> The RocketMouse may help relieve
arm, wrist, and back pain associated <P> <P>
<P><center><FONT face="helvetica,arial" size="1.5">To discontinue the
receipt of emails, visit the following link<A

--_----------=_102870244522821--

------=_NextPart_000_0052_01C27E9E.B4A770C0--


SPAM: -------------------- Start SpamAssassin results
----------------------
SPAM: This mail is probably spam.  The original message has been altered
SPAM: so you can recognise or block similar unwanted mail in future.
SPAM: See http://spamassassin.org/tag/ for more details.
SPAM: 
SPAM: Content analysis details:   (4.10 hits, 5 required)
SPAM: MAY_BE_FORGED      (1.5 points)  'Received:' has 'may be forged'
warning
SPAM: ONLY_COST          (0.2 points)  BODY: Only $$$
SPAM: SPAM_PHRASE_00_01  (0.8 points)  BODY: Spam phrases score is 00 to
01 (low)
SPAM:                    [score: 0]
SPAM: MIME_HTML_NO_CHARSET (0.7 points)  RAW: Message text in HTML
without specified charset
SPAM: MSG_ID_ADDED_BY_MTA_3 (0.9 points)  'Message-Id' was added by a
relay (3)
SPAM: 
SPAM: -------------------- End of SpamAssassin results
---------------------

It doesn't appear to be even trying RBL checks.  I don't have it
disabled:

mail:~# grep skip_rbl_check /etc/spamassassin/*
/usr/share/spamassassin/*
/usr/share/spamassassin/10_misc.cf:# skip_rbl_checks       0

All help is appreciated.

Ken Causey



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Reply via email to