Bug 216858
Summary: | test update 3.1.7 too aggressive! | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Neal Becker <ndbecker2> |
Component: | spamassassin | Assignee: | Warren Togami <wtogami> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 6 | CC: | felicity, jm, parkerm, perl-devel, reg+redhat, wtogami |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2006-12-04 00:05:47 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Neal Becker
2006-11-22 12:01:56 UTC
is it possible you've changed something in your DNS configuration, perhaps using a new third-party DNS server? techsay.com is referred to in almost every mail sent via a sourceforge-hosted list; if those DNS blocklists really were listing it (which AFAICS they're not), then we'd all be seeing a massive FP rate, too. A likely explanation is that something in your DNS config is "correcting" DNS lookups and returning some kind of TXT record for non-existent lookups, which isn't compatible with Spamassassin's use of DNS for DNSBL lookups. Can you suggest a test I could do?
I tried this:
nslookup
> set type=any
> techsay.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
techsay.com nameserver = dns04.savvis.net.
techsay.com nameserver = dns01.savvis.net.
techsay.com nameserver = dns02.savvis.net.
techsay.com nameserver = dns03.savvis.net.
Authoritative answers can be found from:
techsay.com nameserver = dns03.savvis.net.
techsay.com nameserver = dns04.savvis.net.
techsay.com nameserver = dns01.savvis.net.
techsay.com nameserver = dns02.savvis.net.
dns01.savvis.net internet address = 209.1.222.244
dns02.savvis.net internet address = 209.1.222.245
dns03.savvis.net internet address = 209.1.222.246
dns04.savvis.net internet address = 209.1.222.247
techsay.com does not show up if you check the SURBL at http://www.rulesemporium.com/cgi-bin/uribl.cgi However, if you are using OpenDNS or a DNS proxy it can change some of the responses resulting in FPs, as described, with a workaround, at http://www.surbl.org/faq.html#opendns I'm also seeing a false URIBL_AB_SURBL and URIBL_PH_SURBL on my domain. The DNS, spamassassin, sendmail, and spamass-milter are all running on the same FC6 server. All are running the most recent patched versions for FC6. Looking up the domain on the surbl.org site shows no listings for the IP of the mail server or any of the domains it hosts. This only started with the latest SA upgrade. If I don't include my domain name in the body of the e-mail it goes through OK without the warning. If I include my standard signature which includes the four domain names I am responsible for, I get the error. Problem was opendns. Excellent detective work! |