On Mon, 2008-07-21 at 21:50 +0200, Yves Goergen wrote:
> On 20.07.2008 22:42 CE(S)T, Karsten Bräckelmann wrote:
> > Run such a message through 'spamassassin' again, to see what it reports
> > *now*. Do you still see these strange, multiple URIBL hits?
> > spamassassin < message > out
>
> It still reports that.
You do have a problem. There are pretty much 2 possible reasons left:
(a) Your DNS is broken. Your domain unclassified.de is not listed on
URIBL, yet your DNS answers that it is.
(b) The DNS you're using is a *heavy* hitter on URIBL, and they started
responding with a positive match on all your queries. URIBL warns the NS
operators a couple times by mail, and resorts to this only, if their
mail is being ignored multiple times.
In both cases, go talk to the guy running your DNS servers.
> > Also, check other email (including spam!) for multiple URIBL hits in the
> > existing report headers. Does / did it happen for that one domain only?
>
> How can I do that? I don't have any dedicated tools or methods for
> testing a spam filter.
grep. :) You can do this type of checks easily by grepping through your
mail, possibly using other tools like formail for multi-line header
wrapping.
OK, I told you to check previously received mail for the same broken
URIBL hit pattern. So you could just have a look at the X-Spam headers
using your MUA. Probably the easiest method anyway, just to spot a few
other mails showing the same pattern.
All you need are mail with URLs in the body. Spam and ham. Then check
the SA headers. I assume they all do have the same multi BL hits.
Please note that I am really talking about having a look at previously
received mail. I am not talking about re-running them through SA, just
to check the existing headers.
guenther
--
char *t="[EMAIL PROTECTED]";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
