SpamAssasin doesn't use RBL to check for SPAM

Operating System & Version
CentOS 7
cPanel & WHM Version
96.0.9

serg499

Member
Nov 19, 2020
21
1
3
USA
cPanel Access Level
Root Administrator
Hi!

I'm trying to make SpamAssasin detects SPAM using RBLs. To avoid "URIBL_BLOCKED" issue I configured BIND as a caching nameserver. URIBL_BLOCKED is not problem now, but seems that RBL are not used. In this FAQ I found that
A common mistake for client machines (such as Mandrake 9.2) is to have 127.0.0.1 in the </etc/resolv.conf> file – Net::DNS does not check multiple nameservers it appears, so you need to comment this line out for Net::DNS to work.
. My resolv.conf contains 127.0.0.1 as I'm using CPanel BIND. Could it be the reason why SpamAssasin's RBLs doesn't work? EXIM RBLs like spamcop seems working on the same machine.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
15,235
2,423
363
cPanel Access Level
Root Administrator
Hey there! SpamAssassin does indeed rely on the Ner::DNS perl structure, so that could be an issue. None of my personal machines have the 127.0.0.1 IP address in /etc/resolv.conf, and this would be easy enough to test by commenting out that line and saving the file.
 

serg499

Member
Nov 19, 2020
21
1
3
USA
cPanel Access Level
Root Administrator
I've tried that and have restarted spamd.
But still have no scores from RBLs:

Code:
Content analysis details:   (-1.6 points, 5.0 required)
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
                             [score: 0.0000]
  0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level
                             mail domains are different
  0.0 HTML_MESSAGE           BODY: HTML included in message
  0.1 MIME_HTML_ONLY         BODY: Message only has text/html MIME parts
Is it normal?
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
15,235
2,423
363
cPanel Access Level
Root Administrator
I don't believe that's normal - could you create a ticket with our support team so we can do some additional troubleshooting directly on the affected system? If you are able to do that, please post the ticket number here so I can follow along and keep the thread updated.
 

serg499

Member
Nov 19, 2020
21
1
3
USA
cPanel Access Level
Root Administrator
As far as I understood, SpamAssassin support custom RBL list, so I was adviced to create something like this.
So this is my custom.cf:
Code:
header        CUSTOM_LOOKUP    eval:check_rbl_txt('sorbs','dnsbl.sorbs.net.')
describe      CUSTOM_LOOKUP    Entries listed in dnsbl.sorbs.net RBL
score         CUSTOM_LOOKUP    2.0

header        CUSTOM_LOOKUP    eval:check_rbl_txt('spamcop','bl.spamcop.net.')
describe      CUSTOM_LOOKUP    Entries listed in bl.spamcop.net RBL
score         CUSTOM_LOOKUP    2.0

header        CUSTOM_LOOKUP    eval:check_rbl_txt('spamhaus','zen.spamhaus.org.')
describe      CUSTOM_LOOKUP    Entries listed in zen.spamhaus.org RBL
score         CUSTOM_LOOKUP    2.0
Are there any mistakes there or may be some RBLs should be added?
 
Last edited:

dexus

Well-Known Member
Jan 14, 2006
188
12
168
cPanel Access Level
Root Administrator
To answer my own question, problem was a resolver. You must use a local resolver or some private resolver that does not have too many queries to that RBL because most RBLs will block large DNS resolvers.