----- Original Message ----- From: "Matt Kettler" <[EMAIL PROTECTED]>
> I know nothing about amavis, but SA will always query all of the RBL's that > have a score greater than zero. (or none at all if you use the -L > parameter). It does not even have the option of being configured to "only > check until you hit one, and then skip the rest". I got confirmation from the developer of amavisd-new on the amavis list that there is nothing in amavis that would stop spamassassin from completing it's DNS queries. I could not find a spamassassin config option to limit the number of RBLs queried, that's why I thought it strange that it will most often only list one RBL response, and once in a while it will list two, but never more than two, even though if I turn on querylog on my bind server, it shows that all of the RBLs were actually queried. > If you can verify this as an issue when calling spamassassin directly (not > via amavis) and you're using SA 2.55, post some more details to help us > verify it, as it might be a bug. (The reason I ask to verify it directly is > amavis might do it's own RBL checking, and skip SA entirely when it hits > one. I have no idea what it can be configured to do). I am using SA 2.55, and here is an example from a quarantined file: ===== X-Spam-Status: Yes, hits=24.3 tag1=1.0 tag2=15.0 kill=1.0 tests=CLICK_BELOW, DCC_CHECK, EXCUSE_1, EXCUSE_19, FRONTPAGE, HTML_40_50, HTML_FONT_BIG, HTML_FONT_COLOR_BLUE, HTML_FONT_COLOR_RED, HTML_FONT_COLOR_UNSAFE, HTML_FONT_FACE_ODD, HTML_FORM_ACTION_MAILTO, HTML_MESSAGE, HTML_SHOUTING3, HTML_TABLE_THICK_BORDER, MARKETING_PARTNERS, NO_REAL_NAME, OFFERS_ETC, OPT_OUT, RAZOR2_CHECK, RCVD_IN_NJABL, SUBJ_HAS_SPACES, X_PRIORITY_HIGH ===== and from the notification for this message: ===== Content analysis details: (24.30 points, 1 required) X_PRIORITY_HIGH (1.9 points) Sent with 'X-Priority' set to high NO_REAL_NAME (0.8 points) From: does not include a real name SUBJ_HAS_SPACES (1.7 points) Subject contains lots of white space OPT_OUT (0.0 points) BODY: Talks about opting out (lowercase version) MARKETING_PARTNERS (2.1 points) BODY: Claims you registered with some kind of partner EXCUSE_19 (0.6 points) BODY: Claims you opted-in or registered EXCUSE_1 (0.7 points) BODY: Gives a lame excuse about why you were sent this spam OFFERS_ETC (0.8 points) BODY: Stop with the offers, coupons, discounts etc! HTML_40_50 (1.1 points) BODY: Message is 40% to 50% HTML HTML_FONT_FACE_ODD (0.3 points) BODY: HTML font face is not a commonly used face HTML_FONT_COLOR_RED (0.1 points) BODY: HTML font color is red HTML_MESSAGE (0.1 points) BODY: HTML included in message HTML_FORM_ACTION_MAILTO (4.3 points) BODY: HTML includes a form which sends mail HTML_FONT_BIG (0.3 points) BODY: FONT Size +2 and up or 3 and up HTML_FONT_COLOR_UNSAFE (0.1 points) BODY: HTML font color not within safe 6x6x6 palette HTML_SHOUTING3 (0.3 points) BODY: HTML has very strong "shouting" markup HTML_FONT_COLOR_BLUE (0.1 points) BODY: HTML font color is blue HTML_TABLE_THICK_BORDER (1.1 points) BODY: HTML table has thick border FRONTPAGE (0.7 points) BODY: Frontpage used to create the message DCC_CHECK (3.0 points) Listed in DCC, see http://rhyolite.com/anti-spam/dcc/ RAZOR2_CHECK (2.1 points) Listed in Razor2, see http://razor.sf.net/ RCVD_IN_NJABL (2.0 points) RBL: Received from NJABL [RBL check: found 76.200.63.4.dnsbl.njabl.org.,] [type: 127.0.0.9] CLICK_BELOW (0.1 points) Asks you to click below ===== The sending mail servers IP address 4.63.200.76 actually failed 12 of the RBLs (see attached dig output) I have listed in my local.cf file (see attached cf snippet). If there is no config option to limit the number of RBL that SA will accept responses from, then I guess this must be a bug. Bill
samples.zip
Description: Zip compressed data
