Sorry to respond so late. Jeff Chan <[EMAIL PROTECTED]> said:
> On Wednesday, December 20, 2006, 5:44:09 AM, Dhaval Patel wrote: > > Hello all, I have been using spamassassin for quite some time and just > > recently I > > have seen some false positives. Looking at the content analysis I see that > > it is > > the URIBL*SURBL rules that is throwing it over the edge. What is surprising > > is that > > in some of the emails, the URI is not even in the email itself. (see > > content details > > below) > > Can you show how the URI is not in the message? If it truly > isn't then you may be having the "DNS answers get mixed up" bug, > which can be fixed by upgrading to SpamAssassin versions 3.1 or > later, and by upgrading your Net::DNS. I store my e-mail in Maildir format so I cat the file (e-mail) and grepped for the URI. The only place where it was found was in the Content analysis. > http://bugzilla.spamassassin.org/show_bug.cgi?id=3997 > > What versions of SpamAssassin and Net::DNS are you running? spamassassin 3.1.7 perl 5.8.4 Net::DNS 0.58 (I have been trying to upgrade with "upgrade" in cpan but have been getting errors *********************** cpan errors ***************************************** Running make for N/NW/NWCLARK/perl-5.8.8.tar.gz The most recent version "0.66" of the module "B::Concise" comes with the current version of perl (5.8.8). I'll build that only if you ask for something like force install B::Concise or install N/NW/NWCLARK/perl-5.8.8.tar.gz Running make test Can't test without successful make Has no own directory Running make install Has no own directory make had returned bad status, install seems impossible Running install for module B::Deparse Running make for N/NW/NWCLARK/perl-5.8.8.tar.gz ********************************************************************************* I might just have to "install N/NW/NWCLARK/perl-5.8.8.tar.gz" but I want to be cautious as not to break perl, then nothing will work. :) > > There is another case where the URI that it found to be on the blocklist > > was our > > own domain. I checked phistank to see if it was part of it, and it turns out that it > > isn't. Where else can I look to make sure that my domain is not part of this list? > That sounds like the DNS bug, unless your domain was actually > blacklisted. You can look up domains by doing a DNS query: > > dig mydomain.com.multi.surbl.org > > or using the web query: > > http://www.rulesemporium.com/cgi-bin/uribl.cgi I checked the list, I even e-mailed the maintainer of the list and he confirmed that my domain was not on the list. Perhaps it is a DNS bug. But I am surprised that more people are not hitting it. Thanks, Dhaval
