On Wed, Sep 07, 2005 at 11:35:53AM -0400, Matt Kettler wrote:
>George Georgalis wrote:
>> it would seem the following rule is not being used...
>>
>> header __RCVD_IN_SBL_XBL eval:check_rbl('sblxbl',
>> 'sbl-xbl.spamhaus.org.')
>> describe __RCVD_IN_SBL_XBL Received via a relay in Spamhaus SBL+XBL
>> tflags __RCVD_IN_SBL_XBL net
>>
>> I do have Mail::SpamAssassin::Plugin::URIDNSBL but maybe I need another
>> plugin?
>>
>> What's missing?
>
>1) that's an RBL, not a URIDNSBL. You don't need anything but a reasonably
>recent version of Net::DNS
>
>2) That's a RBL parent test. You can pick it out by the fact that it's name
>begins with double underscore (__), which means it will run with no score.
>
>You'll never see it in a hit list for a message. Instead, you'll see it's
>children matching messages:
>
>header RCVD_IN_SBL eval:check_rbl_sub('sblxbl', '127.0.0.2')
>header RCVD_IN_XBL eval:check_rbl('sblxbl-notfirsthop',
>'sbl-xbl.spamhaus.org.', '127.0.0.[456]')
>
>The parent test exists to perform a single DNS query that the two children will
>later check against. This saves the overhead of doing a separate DNS query for
>each child.
Thanks for the breakdown! I had Net::DNS, but for kicks I
installed the CPAN version, no change. I've been happy with SURBL
but I'm not getting hits on SBL+XBL when I should be...
I've gone through configs and "skip_rbl_checks" is definatly not
set, nor do I see anything else that might turn it off. Do I have
to turn it on? Here is a sanitized debug log ('s/x/2' to get the
ip), I normally check in smtp so no user_prefs is okay.
2005-09-07 13:49:10.956908500 logmsg: connection from sta.duo [192.168.80.50]
at port 33528
2005-09-07 13:49:10.960013500 debug: read_scoreonly_config: cannot open
"/home/geo/.spamassassin/user_prefs": Permission denied
2005-09-07 13:49:10.960572500 debug: user has changed
2005-09-07 13:49:10.963970500 debug: Score set 1 chosen.
2005-09-07 13:49:10.975816500 logmsg: checking message <[EMAIL PROTECTED]> for
geo:1002.
2005-09-07 13:49:10.986551500 debug: received-header: parsed as [
ip=83.x2.166.71 rdns=eac71.neoplus.adsl.tpnet.pl
helo=eac71.neoplus.adsl.tpnet.pl by=sta.galis.org ident= envfrom= intl=0 id=
auth= ]
2005-09-07 13:49:10.989047500 debug: received-header: relay 83.x2.166.71
trusted? no internal? no
2005-09-07 13:49:10.989055500 debug: metadata: X-Spam-Relays-Trusted:
2005-09-07 13:49:10.989059500 debug: metadata: X-Spam-Relays-Untrusted: [
ip=83.x2.166.71 rdns=eac71.neoplus.adsl.tpnet.pl
helo=eac71.neoplus.adsl.tpnet.pl by=sta.galis.org ident= envfrom= intl=0 id=
auth= ]
2005-09-07 13:49:10.990619500 debug: ---- MIME PARSER START ----
2005-09-07 13:49:10.991358500 debug: main message type: text/plain
2005-09-07 13:49:10.991804500 debug: parsing normal part
2005-09-07 13:49:10.992416500 debug: added part, type: text/plain
2005-09-07 13:49:10.992857500 debug: ---- MIME PARSER END ----
2005-09-07 13:49:10.993882500 debug: decoding: other encoding type (8bit),
ignoring
2005-09-07 13:49:10.996434500 debug: URIDNSBL: domains to query:
2005-09-07 13:49:11.002893500 debug: is Net::DNS::Resolver available? yes
2005-09-07 13:49:11.005369500 debug: Net::DNS version: 0.53
2005-09-07 13:49:11.009737500 Argument "REPORT" isn't numeric in subroutine
entry at /usr/share/perl/5.6.1/IO/Socket/INET.pm line 223, <GEN3> line 58.
2005-09-07 13:49:11.026387500 Argument "REPORT" isn't numeric in subroutine
entry at /usr/share/perl/5.6.1/IO/Socket/INET.pm line 223, <GEN3> line 58.
2005-09-07 13:49:11.030191500 Argument "REPORT" isn't numeric in subroutine
entry at /usr/share/perl/5.6.1/IO/Socket/INET.pm line 223, <GEN3> line 58.
2005-09-07 13:49:11.044506500 debug: all '*From' addrs: [EMAIL PROTECTED]
2005-09-07 13:49:11.048007500 Argument "REPORT" isn't numeric in subroutine
entry at /usr/share/perl/5.6.1/IO/Socket/INET.pm line 223, <GEN3> line 58.
2005-09-07 13:49:11.066033500 debug: Running tests for priority: 0
2005-09-07 13:49:11.066527500 debug: running header regexp tests; score so far=0
2005-09-07 13:49:11.151217500 debug: all '*To' addrs: [EMAIL PROTECTED] [EMAIL
PROTECTED]
2005-09-07 13:49:11.153705500 debug: forged-HELO: from=adsl.tpnet.pl
helo=adsl.tpnet.pl by=galis.org
2005-09-07 13:49:11.162099500 debug: running body-text per-line regexp tests;
score so far=-0.7
2005-09-07 13:49:11.466932500 debug: running uri tests; score so far=-0.7
2005-09-07 13:49:11.483724500 debug: Razor2 is not available
2005-09-07 13:49:11.495036500 debug: running raw-body-text per-line regexp
tests; score so far=-0.7
2005-09-07 13:49:11.520367500 debug: running full-text regexp tests; score so
far=-0.7
2005-09-07 13:49:11.522513500 debug: Razor2 is not available
2005-09-07 13:49:11.523012500 debug: DCCifd is not available: no r/w dccifd
socket found.
2005-09-07 13:49:11.524709500 debug: DCC is not available: no executable
dccproc found.
2005-09-07 13:49:11.525918500 debug: Pyzor is not available: pyzor not found
2005-09-07 13:49:11.526343500 debug: Running tests for priority: 500
2005-09-07 13:49:11.547875500 debug: RBL: success for 4 of 4 queries
2005-09-07 13:49:11.549006500 debug: running meta tests; score so far=-0.7
2005-09-07 13:49:11.560222500 debug: running header regexp tests; score so
far=-0.7
2005-09-07 13:49:11.560761500 debug: running body-text per-line regexp tests;
score so far=-0.7
2005-09-07 13:49:11.561137500 debug: running uri tests; score so far=-0.7
2005-09-07 13:49:11.570745500 debug: running raw-body-text per-line regexp
tests; score so far=-0.7
2005-09-07 13:49:11.571165500 debug: running full-text regexp tests; score so
far=-0.7
2005-09-07 13:49:11.571505500 debug: Running tests for priority: 1000
2005-09-07 13:49:11.571837500 debug: running meta tests; score so far=-0.7
2005-09-07 13:49:11.572461500 debug: running header regexp tests; score so
far=-0.7
2005-09-07 13:49:11.573040500 debug: running body-text per-line regexp tests;
score so far=-0.7
2005-09-07 13:49:11.573402500 debug: running uri tests; score so far=-0.7
2005-09-07 13:49:11.582738500 debug: running raw-body-text per-line regexp
tests; score so far=-0.7
2005-09-07 13:49:11.583100500 debug: running full-text regexp tests; score so
far=-0.7
2005-09-07 13:49:11.583878500 debug: is spam? score=-0.7 required=4
2005-09-07 13:49:11.584301500 debug: tests=GEO_TO
2005-09-07 13:49:11.584647500 debug:
subtests=__CT,__CTE,__CT_TEXT_PLAIN,__HAS_MSGID,__HAS_SUBJECT,__HAS_X_MAILER,__HAS_X_PRIORITY,__MIME_VERSION,__MSGID_OK_DIGITS,__SANE_MSGID,__SARE_BODY_BLANKS_5_100,__SARE_BODY_BLNK_5_100,__SARE_HEAD_HDR_MIMEV,__SARE_HEAD_HDR_RCVD,__SARE_HEAD_MAIL_BAT1,__SARE_HEAD_MIME_VALID,__SARE_HTML_HAS_MSG,__SARE_HTML_HAS_TO,__SARE_SPEC_WATCH_BODY,__THEBAT_MUA,__THEBAT_MUA_V1
2005-09-07 13:49:11.594118500 logmsg: clean message (-0.7/4.0) for geo:1002 in
1.0 seconds, 1764 bytes.
2005-09-07 13:49:11.594660500 logmsg: result: . 0 - GEO_TO
scantime=1.0,size=1764,mid=<[EMAIL PROTECTED]>,autolearn=disabled
// George
--
George Georgalis, systems architect, administrator <IXOYE><
http://galis.org/ cell:646-331-2027 mailto:[EMAIL PROTECTED]
