I ran several emails through SA with -D and search for RBL I find things like:
[2891] dbg: async: starting: URI-DNSBL,
DNSBL:multi.surbl.org.:worldchanging.com (timeout 15.0s, min 3.0s)
[2891] dbg: dns: URIBL_PH_SURBL lookup start
[2891] dbg: async: starting: URI-DNSBL,
DNSBL:multi.uribl.com.:worldchanging.com (timeout 15.0s, min 3.0s)
[2891] dbg: dns: URIBL_BLACK lookup start
Is the "timeout" a concern? I seem to get it on a lot of lines. But I also see
lines like:
[2891] dbg: async: completed in 0.200 s: URI-DNSBL,
DNSBL:multi.surbl.org.:informationweekconference.com
[2891] dbg: async: completed in 0.351 s: URI-DNSBL,
DNSBL:multi.surbl.org.:internetevolution.com
But I don't see anything that looks like an error to me (other than the timeout
above).
I changed /etc/resolv.conf to use trusted DNS servers (not Verizon), and
restarted SA, but that does not seem to help.
On Thu, 31 Jan 2008, David Zinder wrote:
What should dig return? I too have Verizon fios. If /etc/resolve.conf
contains their DNS servers I get similar dig results as you. If I change
it to DNS servers I trust I get:
$ dig techweb.com.multi.surbl.org
; <<>> DiG 9.2.4 <<>> techweb.com.multi.surbl.org
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 11053
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
[snip..]
^^^^^^^^^^^^^^^^^
That is the correct answer from dig.
Note the part that says: "status: NXDOMAIN"
That's dig's way of saying "Non-eXistant DOMAIN" (IE no such critter).
In other words, "techweb.com" is not found in multi.surbl.org.
So your SA should -not- be listing it.
Is this a correct response from dig? If so, changing the DNS servers in
/etc/resolve.conf does not fix my problem. The techweb.com email is
still reported on the blocklists. I have also tried dig from two other
email servers I control. They both have different DNS servers in
/etc/resolve.conf and different ISPs. Both return similar dig results to
what I pasted above and the techweb.com email gets the same results.
Then there's something else that is broken, your dig query clearly
shows multi.surbl.org not listing techweb.com.
Take one of your messages that contain a techweb.com, save it as a text
file, feed it to spamassassin with the -D flag and look for rbl parts.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
