SpamAssasin doesn't use RBL to check for SPAM

[serg499]

Hi!

I'm trying to make SpamAssasin detects SPAM using RBLs. To avoid "URIBL_BLOCKED" issue I configured BIND as a caching nameserver. URIBL_BLOCKED is not problem now, but seems that RBL are not used. In this FAQ I found that

A common mistake for client machines (such as Mandrake 9.2) is to have 127.0.0.1 in the </etc/resolv.conf> file – Net::DNS does not check multiple nameservers it appears, so you need to comment this line out for Net::DNS to work.

. My resolv.conf contains 127.0.0.1 as I'm using CPanel BIND. Could it be the reason why SpamAssasin's RBLs doesn't work? EXIM RBLs like spamcop seems working on the same machine.

 

[cPRex]

Hey there! SpamAssassin does indeed rely on the Ner::DNS perl structure, so that could be an issue. None of my personal machines have the 127.0.0.1 IP address in /etc/resolv.conf, and this would be easy enough to test by commenting out that line and saving the file.

 

[serg499]

this would be easy enough to test by commenting out that line and saving the file.

Is it OK to comment this line even if it's the only one line in the file? Will other CPanel services work without it?
Thank you!

 

[cPRex]

Ah, that would cause other issues.

I would comment out that line, and then add the Google public resolvers to ensure things continue to work properly on the machine:

nameserver 8.8.8.8
nameserver 8.8.4.4

 

[serg499]

I've tried that and have restarted spamd.
But still have no scores from RBLs:

Content analysis details:   (-1.6 points, 5.0 required)
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
                             [score: 0.0000]
  0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level
                             mail domains are different
  0.0 HTML_MESSAGE           BODY: HTML included in message
  0.1 MIME_HTML_ONLY         BODY: Message only has text/html MIME parts

Is it normal?

 

[cPRex]

I don't believe that's normal - could you create a ticket with our support team so we can do some additional troubleshooting directly on the affected system? If you are able to do that, please post the ticket number here so I can follow along and keep the thread updated.

 

[serg499]

Sure, Ticket ID: 94336682
Thank you very much!

 

[cPRex]

Thanks for that! I'm following along on my end now.

 

[serg499]

As far as I understood, SpamAssassin support custom RBL list, so I was adviced to create something like this.
So this is my custom.cf:

header        CUSTOM_LOOKUP    eval:check_rbl_txt('sorbs','dnsbl.sorbs.net.')
describe      CUSTOM_LOOKUP    Entries listed in dnsbl.sorbs.net RBL
score         CUSTOM_LOOKUP    2.0

header        CUSTOM_LOOKUP    eval:check_rbl_txt('spamcop','bl.spamcop.net.')
describe      CUSTOM_LOOKUP    Entries listed in bl.spamcop.net RBL
score         CUSTOM_LOOKUP    2.0

header        CUSTOM_LOOKUP    eval:check_rbl_txt('spamhaus','zen.spamhaus.org.')
describe      CUSTOM_LOOKUP    Entries listed in zen.spamhaus.org RBL
score         CUSTOM_LOOKUP    2.0

Are there any mistakes there or may be some RBLs should be added?

 

[serg499]

This custom.cf doesn't seems working - none of the today's spam emails war marked as spam because of any of these rules.

 

[cPRex]

Could you reply with those details to the ticket?

 

[serg499]

Could you reply with those details to the ticket?

Sure, I've created follow-up ticket with this question. Thank you!

 

[dexus]

I have the same issue. It looks like custom check_rbl_txt does not work. Is there a solution for this?

 

[dexus]

To answer my own question, problem was a resolver. You must use a local resolver or some private resolver that does not have too many queries to that RBL because most RBLs will block large DNS resolvers.

 

[cPRex]

Yes - you have t be using a non-public resolver in order for the RBLs to work properly.