Richard Frovarp wrote:
mouss wrote:
Skip wrote:
Periodically I have seen spam come in my inbox and after reviewing
the headers, I'd see that it didn't hit any of the DNS/URL BL
checks. So I left SA running in debug mode for a while and saw some
strange entries (sorry for the long post here). Fortunately, these
don't happen too often, but I would like to know if there is
anything I can do...
1) ...to configure my setup more correctly. For instance, I believe
spamhaus is now closed, correct? I see that same abort message in
EVERY message. So, how should I disable the spamhaus check. Or, if
it is still working, why is mine not?
possibly because you (or your dns forwarder) generate(s) too many
connections per day:
http://www.spamhaus.org/organization/dnsblusage.html
2) What can I do in procmail to check to make sure the DNS tests
were completed? Maybe give each mail a second or third chance to
get the DNS checks done. I'll probably have to pick one or two of
them and call them vital, and run a check against them just to see
if it was successful in testing the message, and if not, do it
again. Something like that, perhaps???
I don't understand this part.
Looks like they have timeouts. Make sure you use a local caching
nameserver. Sometimes things will just timeout due to other issues,
but a caching nameserver helps big time.
As for too many connection per day, my domain certainly does not
generate anywhere near the 100,000 connections spamhaus considers as the
cutoff, but I'll be my host (bluehost) does. If all they check is
originating IP address, then I'm sure I'll fall in that category.
As for the timeouts, I won't have access to that, since I am on a shared
hosting system, but are you sure that those errors are what's being
reported by the local nameserver? I am surprised that every test would
fail (that is, not complete) in one case, and then in the next case all
but the spamhaus test would complete.
Finally, as for the procmail question, what I meant was, when those test
complete, and the IP addresses were hit in the test, it's easy for me to
write a rule in procmail because SA puts information in the headers
about this fact. However, on the contrary, if a message is tested and
passes (NON_HIT), then SA has no reason to write anything additional in
the header. Futhermore, if the test fails completely (times out, for
instance, and no report made at all), then again, no information is
added to the header of the email. I have no way to test in procmail
whether the test failed or passed--I can only test whether it was a
"HIT". I would like to know if there's a clever way to add a little
more information about the results of these tests in the headers (call
it "HIT", "NON_HIT", and "FAIL"), so I can make decisions whether or not
to reprocess the message the SA.
Skip
--
Get my PGP Public key here:
http://pelorus.org/[EMAIL PROTECTED]
