On 9/29/2023 10:59 AM, Andy Smith wrote:
Just native SA in spamd mode.
3.4.2. I know, it's ancient. An upgrade is planned but I'd still
like to know what the behaviour is. I understand if no one wants to
help and if so I might come back with questions after an upgrade.
My distro packages stopped at v3.4.2 so I'm on SA v3.4.6 via CPAN. Just
inspecting the comments in DNSEval.pm, you'll need SA version 3.4.4
(minimum).
3) Parse the message from the command line. Something like:
'cat message | spamassassin -D &> dbgout.txt'
Then: 'grep external dbgout.txt'
grep full-external: dbgout.txt
produces 15 lines all of which are identical:
Sep 29 14:36:57.221 [2611] dbg: dns: IPs found: full-external: 170.10.129.124,
66.187.233.73, 10.11.54.8, 10.30.29.100, ::1, 10.11.54.6, 10.11.55.25,
207.211.31.120, 209.85.128.43 untrusted: 170.10.129.124, 66.187.233.73,
207.211.31.120, 209.85.128.43 originating:
Good. SA core is functioning properly and detecting, in order, the
untrusted IPs.
I can see from:
grep 73.233.187.66 dbgout.txt
that it does check 66.187.233.73 against all the usual DNSBLs,
e.g.
Sep 29 14:36:57.218 [2611] dbg: async: launching
A/73.233.187.66.zen.spamhaus.org for dns:A:73.233.187.66.zen.spamhaus.org
Sep 29 14:36:57.219 [2611] dbg: dns: providing a callback for id:
31199/IN/A/73.233.187.66.zen.spamhaus.org
Sep 29 14:36:57.219 [2611] dbg: async: starting: DNSBL-A,
dns:A:73.233.187.66.zen.spamhaus.org (timeout 15.0s, min 3.0s)
Sep 29 14:36:57.378 [2611] dbg: async: calling callback on key
dns:A:73.233.187.66.zen.spamhaus.org
Sep 29 14:36:57.378 [2611] dbg: dns: hit <dns:73.233.187.66.zen.spamhaus.org>
127.0.0.3
So this is normal behaviour then, for v3.4.2 at least?
No, this is NOT normal behavior. In your case SA has the correct IP
addresses, properly orders and reverses the IP octets, but the output of
the DNSEval.pm module is incorrect. While the main files are DNSEval.pm
and 20_dnsbl_tests.cf, there are other moving parts, like AskDNS.
The code for the current versions of DNSEval.pm is clean, much more
code-function oriented, and less-prone to race conditions. This actual
comment in SA 3.4.2's DNSEval.pm module says it all:
"# Very hacky stuff and direct rbl_evals usage for now, TODO rewrite
everything"
An upgrade is in order.
-- Jared Hall