Re: Correct way to allowlist an IP from DNSBL checks when it's not the final Received?

Sat, 30 Sep 2023 08:54:08 -0700 

On 9/29/2023 10:59 AM, Andy Smith wrote:

Just native SA in spamd mode.

3.4.2. I know, it's ancient. An upgrade is planned but I'd still
like to know what the behaviour is. I understand if no one wants to
help and if so I might come back with questions after an upgrade.
My distro packages stopped at v3.4.2 so I'm on SA v3.4.6 via CPAN. Just inspecting the comments in DNSEval.pm, you'll need SA version 3.4.4 (minimum). 
3) Parse the message from the command line.  Something like:
'cat message | spamassassin -D &> dbgout.txt'
Then: 'grep external dbgout.txt'

grep full-external: dbgout.txt

produces 15 lines all of which are identical:

Sep 29 14:36:57.221 [2611] dbg: dns: IPs found: full-external: 170.10.129.124, 
66.187.233.73, 10.11.54.8, 10.30.29.100, ::1, 10.11.54.6, 10.11.55.25, 
207.211.31.120, 209.85.128.43 untrusted: 170.10.129.124, 66.187.233.73, 
207.211.31.120, 209.85.128.43 originating:
Good.  SA core is functioning properly and detecting, in order, the untrusted IPs. 
I can see from:

grep 73.233.187.66 dbgout.txt

that it does check 66.187.233.73 against all the usual DNSBLs,
e.g.

Sep 29 14:36:57.218 [2611] dbg: async: launching 
A/73.233.187.66.zen.spamhaus.org for dns:A:73.233.187.66.zen.spamhaus.org
Sep 29 14:36:57.219 [2611] dbg: dns: providing a callback for id: 
31199/IN/A/73.233.187.66.zen.spamhaus.org
Sep 29 14:36:57.219 [2611] dbg: async: starting: DNSBL-A, 
dns:A:73.233.187.66.zen.spamhaus.org (timeout 15.0s, min 3.0s)
Sep 29 14:36:57.378 [2611] dbg: async: calling callback on key 
dns:A:73.233.187.66.zen.spamhaus.org
Sep 29 14:36:57.378 [2611] dbg: dns: hit <dns:73.233.187.66.zen.spamhaus.org> 
127.0.0.3

So this is normal behaviour then, for v3.4.2 at least?
No, this is NOT normal behavior.  In your case SA has the correct IP addresses, properly orders and reverses the IP octets, but the output of the DNSEval.pm module is incorrect.  While the main files are DNSEval.pm and 20_dnsbl_tests.cf, there are other moving parts, like AskDNS.
The code for the current versions of DNSEval.pm is clean, much more code-function oriented, and less-prone to race conditions.  This actual comment in SA 3.4.2's DNSEval.pm module says it all:
"# Very hacky stuff and direct rbl_evals usage for now, TODO rewrite everything" 

An upgrade is in order.

-- Jared Hall

Reply via email to