The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Apache SpamAssassin 3.0.4 breaks network checks (?)

Discussion in 'EasyApache' started by myrem, Jun 11, 2005.

  1. myrem

    myrem Well-Known Member

    Joined:
    Jul 14, 2002
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    6
    I see CP upgraded to Spamassassin 3.0.4-- after which, network tests - dnsbl, dnsuribl, spf - checking seemed to stop. :( Appears to have been some issue with the Net :: DNS 0.50 pm which was also installed at the same time... I had to roll back to Net :: DNS 0.48 and recompile SA to get the network tests working again.

    Anyone else notice similar or was it just me? Thought I would pass this along in case anyone was having issues.
     
  2. anup123

    anup123 Well-Known Member

    Joined:
    Mar 29, 2004
    Messages:
    897
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    This Planet

    I confirm this
    Don't see few things happening as it was pre upgrade.

    Anup
     
  3. myrem

    myrem Well-Known Member

    Joined:
    Jul 14, 2002
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    6
    It broke (for me) Jun 9 00:17:03 -0400 EDT (just after the nightly upcp)
     
  4. anup123

    anup123 Well-Known Member

    Joined:
    Mar 29, 2004
    Messages:
    897
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    This Planet
    I am watching and i definitely do not see the RBL network tests happening which is just letting few more length enhancers move in

    Anup
     
  5. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    Have you opened a ticket or bugzilla with cPanel to inform them and have them investigate?
     
  6. myrem

    myrem Well-Known Member

    Joined:
    Jul 14, 2002
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    6
    I have not. And since I've fixed it myself and my license is not direct with CP, I am not going to open one... but i wanted to present the potential issue here so other admins could be on the look-out for it -- and take whatever steps they need to (open the ticket, etc)
     
  7. RickG

    RickG Well-Known Member

    Joined:
    Feb 28, 2005
    Messages:
    238
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    North Carolina
    It also seems to be a problem with Net::DNS version: 0.51 which I noticed was updated last night. If I run "spamassassin -D --lint" I see the following in the results:

    debug: is Net::DNS::Resolver available? yes
    debug: Net::DNS version: 0.51
    debug: trying (3) ebay.com...
    debug: looking up NS for 'ebay.com'
    debug: NS lookup of ebay.com failed horribly => Perhaps your resolv.conf isn't pointing at a valid server?
    debug: All NS queries failed => DNS unavailable (set dns_available to override)
    debug: is DNS available? 0

    How does one roll back to Net :: DNS 0.48 ?

    Thx -
     
  8. anup123

    anup123 Well-Known Member

    Joined:
    Mar 29, 2004
    Messages:
    897
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    This Planet
    Waiting still for a bugzilla entry on Features Manager bug wrt catchall and forwarders to be fixed.

    --lint -d :

    debug: is Net::DNS::Resolver available? yes
    debug: Net::DNS version: 0.50
    debug: trying (3) sun.com...
    debug: looking up NS for 'sun.com'
    debug: NS lookup of sun.com failed horribly => Perhaps your resolv.conf isn't pointing at a valid server?
    debug: All NS queries failed => DNS unavailable (set dns_available to override)

    Anup
     
    #8 anup123, Jun 11, 2005
    Last edited: Jun 11, 2005
  9. myrem

    myrem Well-Known Member

    Joined:
    Jul 14, 2002
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    6
    I confirm 0.51 also does not work, which is why I went back to 0.48

    You can grab it here: http://search.cpan.org/~crein/Net-DNS-0.48/
    (I did a manual download/make/install)
     
  10. anup123

    anup123 Well-Known Member

    Joined:
    Mar 29, 2004
    Messages:
    897
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    This Planet
    rollback to 0.48 gets everything firing up again.

    debug: Net::DNS version: 0.48
    debug: trying (3) yahoo.com...
    debug: looking up NS for 'yahoo.com'
    debug: NS lookup of yahoo.com succeeded => Dns available (set dns_available to hardcode)
    debug: is DNS available? 1

    running upcp would again upgrade Net::DNS?

    Anup
     
  11. SageBrian

    SageBrian Well-Known Member

    Joined:
    Jun 1, 2002
    Messages:
    415
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    NY/CT (US)
    cPanel Access Level:
    Root Administrator
    so that explains the extra spams getting through. I'm getting a lot more "Spam Assassin Time Outs" since the update. I hadn't had time to track down the cause, so not sure if it's related, but likely is.
     
  12. myrem

    myrem Well-Known Member

    Joined:
    Jul 14, 2002
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    6
    I believe it very well may. I turned off automatic update for "cPanel Package Updates" to prevent it from breaking me on the next run just to be safe.

    I have non-web hosting clients who use me for mail filtering services only, so SA being a primary tool for that segment of business, I can't afford to have it breaking. :D
     
  13. anup123

    anup123 Well-Known Member

    Joined:
    Mar 29, 2004
    Messages:
    897
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    This Planet
    Very much in the same scenario as yours.
    Have had auto updates off eversince one night it brought my server down long back. So wouldn't do a upcp for quite sometime now :)

    Anup
     
  14. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Just been looking at this in the SpamAssassin code. Haven't nailed it down yet, but if you are desperate for a quick and dirty (very dirty) workaorund, you can:

    Edit /usr/lib/perl5/site_perl/5.8.1/Mail/SpamAssassin/Dns.pm (sub your version of perl in to the path as appropriate) and change line 1264 from:

    Code:
          $IS_DNS_AVAILABLE = 0; # should already be 0, but let's be sure.
    to:

    Code:
          $IS_DNS_AVAILABLE = 1; # should already be 0, but let's be sure.
    The subsequent URIDNSBL checks will then be done. As I said, this is not a fix, just a way of getting it working until the problem can be found.
     
  15. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Scratch that, the prettier workaround is to edit /etc/mail/spamassassin/local.cf and add:

    dns_available yes

    SpamAssassin will then skip the NS record test and continue on working.
     
  16. myrem

    myrem Well-Known Member

    Joined:
    Jul 14, 2002
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    6
    Thanks chirpy dude. Hope that temporarily helps those who are not sure how to flip perl modules around.

    Still begs the question-- where is the failure for cp hosts? SA, Net:: DNS, cspan, or CP?

    Net:: DNS 0.50/51 seems to be the problem. I could not run SA 3.0.3 under it either. When the upcp process runs, is it 'cpan' that decides what is going to be upgraded for perl modules?
     
    #16 myrem, Jun 11, 2005
    Last edited: Jun 11, 2005
  17. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    The problem lies between the Net::DNS module and Mail::SpamAssassin, cPanel simply installs the latest version from cpan.org whenever upcp runs and so are pretty much out of the picture.

    Having done some extensive debugging it looks like there's a problem the the Net::DNS persistence as the port is not being kept open after the initiation of the DNS query.

    If you change the following part of Mail::SpamAssassin::Dns.pm from (line 1046):
    Code:
          my $query = $self->{res}->search($dom, 'NS');
    to:

    Code:
    	  my $resme = Net::DNS::Resolver->new;
    	  my $query = $resme->search("$dom", 'NS');
    then it all works OK. this doesn't show whether the problem is in the SpamAssassin module or the Net::DNS module, but that is where the problem is. I would suspect that this is something the SpamAssassin team will have to investigate. Feel free to post it on the SA bugzilla.

    If you have a lot of servers, the following will save you some typing:

    echo dns_available yes >> /etc/mail/spamassassin/local.cf
     
    #17 chirpy, Jun 11, 2005
    Last edited: Jun 11, 2005
  18. big

    big Well-Known Member

    Joined:
    Aug 12, 2001
    Messages:
    224
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Earth
    so adding dns_available yes would fix the problem or need to edit Dns.pm too?
     
  19. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    You just need to add the directive, no need to edit DNS.pm - that was just me working through how to get around the issue.
     
  20. tmuldrow

    tmuldrow Member

    Joined:
    Jul 19, 2003
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Here is the SpamAssassin Bugzilla report on this issue for those that are interested:

    http://bugzilla.spamassassin.org/show_bug.cgi?id=4403

    It's apparently been closed as a WON'T FIX as it is working fine in the 3.1.x branch of SpamAssassin with the latest version of NET:: DNS
     
Loading...

Share This Page