0

I faced the problem with my email server: too much junk mail because of failing DNS RBL (SURBL, URIBL) tests.

I prepared test message with SURBL test URL and checked it with "spamassassin" binary and it was marked properly. Then I restarted spamassassin and checked with spamc:

$ spamc < spam-test.msg
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on example.com
X-Spam-Level: ***
X-Spam-Status: No, score=3.7 required=6.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
    FREEMAIL_FROM,NML_ADSP_CUSTOM_MED,NO_RELAYS,TVD_SPACE_RATIO,URIBL_ABUSE_SURBL,
    URIBL_MW_SURBL,URIBL_PH_SURBL,URIBL_WS_SURBL autolearn=no autolearn_force=no
    version=3.4.0
Received: by 10.194.59.177 with HTTP; Sun, 3 Jul 2016 16:38:58 -0700 (PDT)
Date: Mon, 4 Jul 2016 02:38:58 +0300
Message-ID: <CACKqZKtakMrxfqTHLEYjRFJNfR6dBwtNqL=AR+D=RrbuB_cxqA@mail.gmail.com>
Subject: test
From: Alexander Gerasimov <c......@gmail.com>
To: Alexander Gerasimov <c......@gmail.com>
Content-Type: text/plain; charset=UTF-8

http://surbl-org-permanent-test-point.com/

test

Everything worked!

After 5 minutes it stops working again with the same message:

$ spamc < spam-test.msg
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on example.com
X-Spam-Level: 
X-Spam-Status: No, score=-1.0 required=6.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
    FREEMAIL_FROM,NML_ADSP_CUSTOM_MED,NO_RELAYS,TVD_SPACE_RATIO autolearn=no
    autolearn_force=no version=3.4.0
Received: by 10.194.59.177 with HTTP; Sun, 3 Jul 2016 16:38:58 -0700 (PDT)
Date: Mon, 4 Jul 2016 02:38:58 +0300
Message-ID: <CACKqZKtakMrxfqTHLEYjRFJNfR6dBwtNqL=AR+D=RrbuB_cxqA@mail.gmail.com>
Subject: test
From: Alexander Gerasimov <c......@gmail.com>
To: Alexander Gerasimov <c......@gmail.com>
Content-Type: text/plain; charset=UTF-8

http://surbl-org-permanent-test-point.com/

test

I'm running local DNS server and it works fine, please find my resolv.conf below:

# nameserver config
nameserver 127.0.0.1

No errors in logs, no errors from resolver.

OS: CentOS 7.2, SpamAssassin 3.4.0-2 from "base" repo.

Other DNS-based tests run ok at the same time: SPF, DKIM. Please advise.

Alexander Gerasimov
  • 193
  • 2
  • 11
  • many DNSBLs will cut you off when you query too much. The solution is to pay them for proper access (e.g. an rsynced feed that you host). One way you can try to stave that off would be to _block_ with the freer DNSBLs (e.g. SpamCop) before querying the rest. URI DNSBLs are all queried after IP DNSBLs. – Adam Katz Nov 09 '16 at 19:37
  • 1
    @AdamKatz, thank you for your suggestion. But I believe that the issue is not related to blocking. 1) All DNSBL services stop checks at the same time; 2) simple spamassassin restart helps immediately. – Alexander Gerasimov Nov 14 '16 at 11:59
  • Also I'm usually able to see URIBL_BLOCKED of UriBl rate limiting is in action. In my example spamassassin simply skips DNS checks. – Alexander Gerasimov Nov 14 '16 at 13:25
  • I see you have a local DNS server. Make sure it has caching enabled and that it works correctly (you already noted that there are no errors in the logs, but double-check them after enabling caching assuming it's not already enabled). – Adam Katz Nov 14 '16 at 22:22
  • Adam, I also checked with Google Public DNS. Yes, DNS server works perfectly correct, as we are using it for lot of other services here. Also, simple spamassassin service restart works with both servers (Google Public DNS and local one), so I believe this issue is not related to DNS problems. I can manually request DNS using dig in dnsbl zones, and it works correctly. – Alexander Gerasimov Nov 16 '16 at 15:15
  • I actually solved the issue by migrating to rspamd and it works with the same DNS servers well. – Alexander Gerasimov Nov 16 '16 at 15:16

1 Answers1

1

I recognize the issue that Alexander was having. It seems that SA has a problem at the moment that a DNSBL check takes too long, the result is that the rest of the SA DNSBL tests is skipped and a low score will be presented.

FrankN
  • 11
  • 1