The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

DBL and URIRBL rules not always hitting

Discussion in 'E-mail Discussions' started by AaronRutledge, Jun 10, 2015.

  1. AaronRutledge

    AaronRutledge Registered

    Joined:
    Jun 10, 2015
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Grass Valley, CA
    cPanel Access Level:
    Root Administrator
    Hi everyone - I've burned enough hours trying to figure this one out, and I'm finally giving up to ask for help. I'm getting hit by a ton of spam, and as I go through some of the messages with low scores, I'm noticing that a lot of the messages are from source IPs that are on one (or several) of the DNSBLs that I'm using (Spamhaus, Spamcop, and Barracuda). I've also got the Spamhaus DBL score set fairly high (10, for testing), and it rarely hits, but I can manually verify some of the URLs from message bodies that aren't showing hits on the URIBL_DBL_SPAM rule and confirm that the URLs are listed on the Spamhaus DBL.

    I've run lookups via the shell from my server and confirmed that DNSBL and DBL lookups work just fine...but Spamassassin doesn't always seem to do the lookups. My mail volume is low enough that I know I'm not hitting the BLs' lookup limits/thresholds, and I'm running my own DNS server, so lookups appear to be fast. Any pointers on what may cause Spamassassin to (sometimes) not run the DNSBL/URIRBL checks?
     
  2. kamall

    kamall Active Member

    Joined:
    Mar 17, 2012
    Messages:
    40
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Bethune France
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello
    use csf that will clear you all. But dont forget to set TESTING 0 And SYs 3 recomanded and after that you have to restart csf -r OR enable your RBL DNSBL by
    Code:
    https://wiki.apache.org/spamassassin/DnsBlocklists
    Regards
    Kamall;
     
  3. AaronRutledge

    AaronRutledge Registered

    Joined:
    Jun 10, 2015
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Grass Valley, CA
    cPanel Access Level:
    Root Administrator
    Thank you for the reply, but I'm not sure I follow. I'm already using CSF, but don't see any DNSBL options in it. Even if I can/could enable DNSBL options in CSF, I would prefer them in Spamassassin since that would allow me to utilizing the scoring method that SA uses, rather than just blocking anything on the DNSBL. Also - it's clear from looking at other messages that ARE being scored by DNSBLs that the lists ARE enabled in SA, they're just not always being utilized for some reason.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    Were these senders using a valid hostname that was resolvable by SpamAssassin?

    Thank you.
     
  5. AaronRutledge

    AaronRutledge Registered

    Joined:
    Jun 10, 2015
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Grass Valley, CA
    cPanel Access Level:
    Root Administrator
    Code:
    Return-path: <Albert-Bennett@>
    Envelope-to: aaron@mydomainxxx.com
    Delivery-date: Wed, 10 Jun 2015 19:56:34 -0700
    Received: from [83.167.***.***] (port=41864 helo=)
    by web.fullspectrumia.com with esmtp (Exim 4.82)
    (envelope-from <Albert-Bennett@>)
    id 1Z2sfR-0004Ls-Md
    for aaron@mydomain***.com; Wed, 10 Jun 2015 19:56:34 -0700

    Apparently not, actually (on a few examples, like the snippet here). But, I thought RBLs were looking up IPs, not hostnames.
     
    #5 AaronRutledge, Jun 11, 2015
    Last edited by a moderator: Jun 11, 2015
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    Per:

    https://wiki.apache.org/spamassassin/DnsBlocklists

    Is this what you are referring to as happening?

    Thank you.
     
  7. AaronRutledge

    AaronRutledge Registered

    Joined:
    Jun 10, 2015
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Grass Valley, CA
    cPanel Access Level:
    Root Administrator
    I don't believe so; Spamassassin is running directly on the CPanel server, and the only firewall is IPTables, configured using CSF. There are no private IPs that lookups or any outbound traffic would route through. Also - lookups ARE working...sometimes. I don't think it's a DNS issue, since all of my testing shows that lookups themselves work consistently...it seems that SA sometimes just doesn't attempt all of the tests.

    Is there maybe something in the SA configuration that says "when these tests are positive, skip these other tests"...? I'm not seeing it, but maybe I'm just missing something.
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    This seems more likely to be the issue if lookups are not consistently working as expected. Have you considered alternate solutions such as the Greylisting feature available in cPanel version 11.50?

    Thank you.
     

Share This Page