Mailinglist Archive: opensuse (2831 mails)
| < Previous | Next > |
spamassassin and rbl checks in SuSE V9.2
- From: Peter Sutter <sutterp@xxxxxxxxxxxx>
- Date: Wed, 12 Jul 2006 23:12:40 +0800
- Message-id: <200607122312.40098.sutterp@xxxxxxxxxxxx>
I am trying to get rbl filtering of my incoming mail. I tried to configure
sendmail to do rbl checks, but since I dislike opening the smtp port on my
router, I decided to use fetchmail to periodically poll my external mail
sources, and use spamassassin for rbl checks.
Unfortunately this doe not work for me for some reason.
spamassassin -D --lint reports:
debug: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf
...
debug: is Net::DNS::Resolver available? yes
debug: Net::DNS version: 0.48
so I conclude that the rbl test are available as are the perl dns modules are
available to spamassassin.
Yet mail messages originating from sources which are listed in sorbs as
spam-sources, pass through, I never get any RCVD_IN_SORBS results, i.e. the
following received header should trigger RCVD_IN_SORBS_DUL
Received: from unknown (HELO keatingjones.com) (84.97.25.132)
by anchovy2.45ru.net.au with SMTP; 9 Jul 2006 13:36:23 -0000
because the dns reverse lookup returns a result
# nslookup 132.25.97.84.dnsbl.sorbs.net
Server: 192.168.1.186
Address: 192.168.1.186#53
Non-authoritative answer:
Name: 132.25.97.84.dnsbl.sorbs.net
Address: 127.0.0.10
What am I overlooking?
Peter
My /usr/share/spamassassin/20_dnsbl_tests.cf contains the following
# SORBS
# transfers: both axfr and ixfr available
# URL: http://www.dnsbl.sorbs.net/
# pay-to-use: no
# delist: $50 fee for RCVD_IN_SORBS_SPAM, others have free retest on request
header __RCVD_IN_SORBS eval:check_rbl('sorbs', 'dnsbl.sorbs.net.')
describe __RCVD_IN_SORBS SORBS: sender is listed in SORBS
tflags __RCVD_IN_SORBS net
header RCVD_IN_SORBS_HTTP eval:check_rbl_sub('sorbs', '127.0.0.2')
describe RCVD_IN_SORBS_HTTP SORBS: sender is open HTTP proxy server
tflags RCVD_IN_SORBS_HTTP net
header RCVD_IN_SORBS_SOCKS eval:check_rbl_sub('sorbs', '127.0.0.3')
describe RCVD_IN_SORBS_SOCKS SORBS: sender is open SOCKS proxy server
tflags RCVD_IN_SORBS_SOCKS net
header RCVD_IN_SORBS_MISC eval:check_rbl_sub('sorbs', '127.0.0.4')
describe RCVD_IN_SORBS_MISC SORBS: sender is open proxy server
tflags RCVD_IN_SORBS_MISC net
header RCVD_IN_SORBS_SMTP eval:check_rbl_sub('sorbs', '127.0.0.5')
describe RCVD_IN_SORBS_SMTP SORBS: sender is open SMTP relay
tflags RCVD_IN_SORBS_SMTP net
# delist: $50 fee
#header RCVD_IN_SORBS_SPAM eval:check_rbl_sub('sorbs', '127.0.0.6')
#describe RCVD_IN_SORBS_SPAM SORBS: sender is a spam source
#tflags RCVD_IN_SORBS_SPAM net
header RCVD_IN_SORBS_WEB eval:check_rbl_sub('sorbs', '127.0.0.7')
describe RCVD_IN_SORBS_WEB SORBS: sender is a abuseable web server
tflags RCVD_IN_SORBS_WEB net
header RCVD_IN_SORBS_BLOCK eval:check_rbl_sub('sorbs', '127.0.0.8')
describe RCVD_IN_SORBS_BLOCK SORBS: sender demands to never be tested
tflags RCVD_IN_SORBS_BLOCK net
header RCVD_IN_SORBS_ZOMBIE eval:check_rbl_sub('sorbs', '127.0.0.9')
describe RCVD_IN_SORBS_ZOMBIE SORBS: sender is on a hijacked network
tflags RCVD_IN_SORBS_ZOMBIE net
header RCVD_IN_SORBS_DUL eval:check_rbl('sorbs-notfirsthop',
'dnsbl.sorbs.net.', '127.0.0.10')
describe RCVD_IN_SORBS_DUL SORBS: sent directly from dynamic IP address
tflags RCVD_IN_SORBS_DUL net
sendmail to do rbl checks, but since I dislike opening the smtp port on my
router, I decided to use fetchmail to periodically poll my external mail
sources, and use spamassassin for rbl checks.
Unfortunately this doe not work for me for some reason.
spamassassin -D --lint reports:
debug: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf
...
debug: is Net::DNS::Resolver available? yes
debug: Net::DNS version: 0.48
so I conclude that the rbl test are available as are the perl dns modules are
available to spamassassin.
Yet mail messages originating from sources which are listed in sorbs as
spam-sources, pass through, I never get any RCVD_IN_SORBS results, i.e. the
following received header should trigger RCVD_IN_SORBS_DUL
Received: from unknown (HELO keatingjones.com) (84.97.25.132)
by anchovy2.45ru.net.au with SMTP; 9 Jul 2006 13:36:23 -0000
because the dns reverse lookup returns a result
# nslookup 132.25.97.84.dnsbl.sorbs.net
Server: 192.168.1.186
Address: 192.168.1.186#53
Non-authoritative answer:
Name: 132.25.97.84.dnsbl.sorbs.net
Address: 127.0.0.10
What am I overlooking?
Peter
My /usr/share/spamassassin/20_dnsbl_tests.cf contains the following
# SORBS
# transfers: both axfr and ixfr available
# URL: http://www.dnsbl.sorbs.net/
# pay-to-use: no
# delist: $50 fee for RCVD_IN_SORBS_SPAM, others have free retest on request
header __RCVD_IN_SORBS eval:check_rbl('sorbs', 'dnsbl.sorbs.net.')
describe __RCVD_IN_SORBS SORBS: sender is listed in SORBS
tflags __RCVD_IN_SORBS net
header RCVD_IN_SORBS_HTTP eval:check_rbl_sub('sorbs', '127.0.0.2')
describe RCVD_IN_SORBS_HTTP SORBS: sender is open HTTP proxy server
tflags RCVD_IN_SORBS_HTTP net
header RCVD_IN_SORBS_SOCKS eval:check_rbl_sub('sorbs', '127.0.0.3')
describe RCVD_IN_SORBS_SOCKS SORBS: sender is open SOCKS proxy server
tflags RCVD_IN_SORBS_SOCKS net
header RCVD_IN_SORBS_MISC eval:check_rbl_sub('sorbs', '127.0.0.4')
describe RCVD_IN_SORBS_MISC SORBS: sender is open proxy server
tflags RCVD_IN_SORBS_MISC net
header RCVD_IN_SORBS_SMTP eval:check_rbl_sub('sorbs', '127.0.0.5')
describe RCVD_IN_SORBS_SMTP SORBS: sender is open SMTP relay
tflags RCVD_IN_SORBS_SMTP net
# delist: $50 fee
#header RCVD_IN_SORBS_SPAM eval:check_rbl_sub('sorbs', '127.0.0.6')
#describe RCVD_IN_SORBS_SPAM SORBS: sender is a spam source
#tflags RCVD_IN_SORBS_SPAM net
header RCVD_IN_SORBS_WEB eval:check_rbl_sub('sorbs', '127.0.0.7')
describe RCVD_IN_SORBS_WEB SORBS: sender is a abuseable web server
tflags RCVD_IN_SORBS_WEB net
header RCVD_IN_SORBS_BLOCK eval:check_rbl_sub('sorbs', '127.0.0.8')
describe RCVD_IN_SORBS_BLOCK SORBS: sender demands to never be tested
tflags RCVD_IN_SORBS_BLOCK net
header RCVD_IN_SORBS_ZOMBIE eval:check_rbl_sub('sorbs', '127.0.0.9')
describe RCVD_IN_SORBS_ZOMBIE SORBS: sender is on a hijacked network
tflags RCVD_IN_SORBS_ZOMBIE net
header RCVD_IN_SORBS_DUL eval:check_rbl('sorbs-notfirsthop',
'dnsbl.sorbs.net.', '127.0.0.10')
describe RCVD_IN_SORBS_DUL SORBS: sent directly from dynamic IP address
tflags RCVD_IN_SORBS_DUL net
| < Previous | Next > |