rbl_checks mit Spamassassin gehen nur im --test-mode

A

axelfrank

New Member
Hallo zusammen,

ich habe auf meinem Server den Spamassassin laufen und grundsätzlich geht das Teil auch ganz gut. Das Problem ist allerdings, dass er im "--test-mode" die Blacklists aus der 20_dnsbl_tests.cf abprüft, dies jedoch nicht in produktiven Modus macht.

Hat jemand eine Ahnung woran das liegen könnte? (die anderen Prüfungen werden fehlerfrei durchlaufen)

Danke
Axel
 
Bitte gib uns mehr Input.
Sprich: z.B. den Output vom --test-mode und die 'X-Spam'-Header bzw. den Report der Email.

Zusätzlich wäre es gut, mehr über Dein System zu erfahren. (MTA, SA-Version, wir wurde SA in den MTA integriert, etc.)

huschi.
 
Hi,

hier mehr Infos:

- SA Version: 3.0.4
- Konfiguration: qmail in Verbindung mit vpopmail
- der SA läuft über spamd

Nachfolgende Mail habe ich mit --test-mode aufgerufen und somit werden die rbl-checks durchgeführt. Die Mail ist eindeutig spam. Im produktiven Modus werden die rbl-checks nicht durchgheführt und somit erreicht die Mail keinen Punktestand von 3 Punkten. Ergebis --> wird nicht als Spam gekennzeichnet.

Hier die Mail (im --test-mode):

Received: from localhost by h72354.serverkompetenz.net
with SpamAssassin (version 3.0.4);
Thu, 09 Nov 2006 11:18:36 +0100
From: "Eula" <ace5bkwp@myway.com>
To: <mail@axel-frank.de>
Subject: ****SPAM(17.7)**** hardcore
Date: Thu, 9 Nov 2006 02:11:54 -0500
Message-Id: <5847521258.183415988315@myway.com>
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on
h72354.serverkompetenz.net
X-Spam-Level: *****************
X-Spam-Status: Yes, score=17.7 required=3.0 tests=DNS_FROM_RFC_ABUSE,
DNS_FROM_RFC_POST,DNS_FROM_RFC_WHOIS,INFO_TLD,RCVD_BY_IP,
RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_DSBL,RCVD_IN_NJABL_DUL,
RCVD_IN_NJABL_PROXY,RCVD_IN_SORBS_DUL,RCVD_IN_XBL,RCVD_NUMERIC_HELO,
URIBL_JP_SURBL,URIBL_OB_SURBL autolearn=unavailable version=3.0.4
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_4553007C.5FFECD7D"

This is a multi-part message in MIME format.

------------=_4553007C.5FFECD7D
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: 8bit

Spam detection software, running on the system "h72354.serverkompetenz.net", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see postmaster for details.

Content preview: Black tranny in leather boots Asian girl peeing
anywhere http://antaer.info/hums/jasmine.html?XjbY.jMfY-eSjWZ,gf
Brunette latina posing on couch hardcore sex in the swinging seventies
Small tittied blonde coed fuck [...]

Content analysis details: (17.7 points, 3.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
0.0 RCVD_BY_IP Received by mail server with no name
1.5 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO
0.5 INFO_TLD URI: Contains an URL in the INFO top-level domain
0.4 DNS_FROM_RFC_ABUSE RBL: Envelope sender in abuse.rfc-ignorant.org
0.5 DNS_FROM_RFC_WHOIS RBL: Envelope sender in whois.rfc-ignorant.org
1.0 RCVD_IN_NJABL_PROXY RBL: NJABL: sender is an open proxy
[218.18.23.57 listed in combined.njabl.org]
2.5 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
[218.18.23.57 listed in sbl-xbl.spamhaus.org]
0.1 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address
[218.18.23.57 listed in dnsbl.sorbs.net]
2.8 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org
[<http://dsbl.org/listing?218.18.23.57>]
1.8 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see <http://www.spamcop.net/bl.shtml?218.18.23.57>]
1.4 DNS_FROM_RFC_POST RBL: Envelope sender in postmaster.rfc-ignorant.org
1.7 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP
[218.18.23.57 listed in combined.njabl.org]
1.5 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
[URIs: antaer.info]
2.0 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist
[URIs: antaer.info]


------------=_4553007C.5FFECD7D
Content-Type: message/rfc822; x-spam-type=original
Content-Description: original message before SpamAssassin
Content-Disposition: inline
Content-Transfer-Encoding: 8bit

Return-Path: <ace5bkwp@myway.com>
Delivered-To: mail@axel-frank.de
Received: (qmail 29043 invoked by uid 60000); 9 Nov 2006 07:29:27 -0000
Received: from 218.18.23.57 by h72354 (envelope-from <ace5bkwp@myway.com>, uid 60004) with qmail-scanner-1.24st SA 24
(spamassassin: 3.0.4.
Clear:RC:0(218.18.23.57):SA:0(2.4/3.0):.
Processed in 3.609632 secs); 09 Nov 2006 07:29:27 -0000
X-Spam-Status: No, hits=2.4 required=3.0
X-Envelope-From: ace5bkwp@myway.com
Received: from unknown (HELO 218.18.23.57) (218.18.23.57)
by ezh-service.com with SMTP; 9 Nov 2006 07:29:23 -0000
Received: from mprdmxin.myway.com
by 218.18.23.57 (8.9.3/8.9.3) with ESMTP id mXT1phZhJEhQ
for <mail@axel-frank.de>; Thu, 9 Nov 2006 02:11:54 -0500
Received: from 39.25.254.12 ([39.25.254.12])
by mprdmxin.myway.com (8.12.3 da nor stuldap/8.12.3) with SMTP id D7KBj3ThEwtv
for <mail@axel-frank.de>; Thu, 9 Nov 2006 02:11:54 -0500
Reply-To: "Eula Franklin" <ace5bkwp@myway.com>
From: "Eula" <ace5bkwp@myway.com>
Message-ID: <5847521258.183415988315@myway.com>
Date: Thu, 9 Nov 2006 02:11:54 -0500
To: <mail@axel-frank.de>
Subject: hardcore
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on
h72354.serverkompetenz.net
X-Spam-Level: **
X-Qmail-Scanner-MOVED-X-Spam-Status: No, score=2.4 required=3.0 tests=INFO_TLD,RCVD_NUMERIC_HELO
autolearn=no version=3.0.4


Black tranny in leather boots
Asian girl peeing anywhere http://antaer.info/hums/jasmine.html?XjbY.jMfY-eSjWZ,gf
Brunette latina posing on couch
hardcore sex in the swinging seventies
Small tittied blonde coed fuck



------------=_4553007C.5FFECD7D--

Spam detection software, running on the system "h72354.serverkompetenz.net", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see postmaster for details.

Content preview: Black tranny in leather boots Asian girl peeing
anywhere http://antaer.info/hums/jasmine.html?XjbY.jMfY-eSjWZ,gf
Brunette latina posing on couch hardcore sex in the swinging seventies
Small tittied blonde coed fuck [...]

Content analysis details: (17.7 points, 3.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
0.0 RCVD_BY_IP Received by mail server with no name
1.5 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO
0.5 INFO_TLD URI: Contains an URL in the INFO top-level domain
0.4 DNS_FROM_RFC_ABUSE RBL: Envelope sender in abuse.rfc-ignorant.org
0.5 DNS_FROM_RFC_WHOIS RBL: Envelope sender in whois.rfc-ignorant.org
1.0 RCVD_IN_NJABL_PROXY RBL: NJABL: sender is an open proxy
[218.18.23.57 listed in combined.njabl.org]
2.5 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
[218.18.23.57 listed in sbl-xbl.spamhaus.org]
0.1 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address
[218.18.23.57 listed in dnsbl.sorbs.net]
2.8 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org
[<http://dsbl.org/listing?218.18.23.57>]
1.8 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see <http://www.spamcop.net/bl.shtml?218.18.23.57>]
1.4 DNS_FROM_RFC_POST RBL: Envelope sender in postmaster.rfc-ignorant.org
1.7 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP
[218.18.23.57 listed in combined.njabl.org]
1.5 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
[URIs: antaer.info]
2.0 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist
[URIs: antaer.info]
 
Problem gelöst

Hallo zusammen,

jetzt habe ich das Problem doch noch gefunden.
Die Serverkonfiguration hat den "spamd" mit der Option "-L" aufgerufen.
Das hat dafür gesorgt, dass die Prüfung der Blacklists geskippt wurde.

Die Option wird in folgender Datei eingestellt:

/etc/sysconfig/spamd

## Path: Network/Mail/Spamassassin
## Description: Arguments for the spam daemon
## Type: string
## Default: "-d -c -L"
## ServiceRestart: spamd
#
# The arguments passed to spamd.
# See spamd(1) man page.
# Default is "-d -c -L"
#SPAMD_ARGS="-d -c -L"
#SPAMD_ARGS="-d -L -m 10 --vpopmail --username=vpopmail"
SPAMD_ARGS="-d -m 10 --vpopmail --username=vpopmail"

Gruss
Axel

P.S. Ich hoffe dieser Eintrag hilft anderen :)
 
You must log in or register to reply here.
Back
Top