spamassassin-users June 2011 archive
Main Archive Page > Month Archives  > spamassassin-users archives
spamassassin-users: Re: Debugging rules and tests: how to interp

Re: Debugging rules and tests: how to interpret them?

From: Mark Martinec <Mark.Martinec+sa_at_nospam>
Date: Thu Jun 09 2011 - 08:56:49 GMT
To: users@spamassassin.apache.org

Sandro,

> > if can(Mail::SpamAssassin::Plugin::URIDNSBL::has_tflags_domains_only)
> > urirhssub URIBL_DBL_REDIR dbl.spamhaus.org. A 127.0.1.3
> > body URIBL_DBL_REDIR eval:check_uridnsbl('URIBL_DBL_REDIR')
> > describe URIBL_DBL_REDIR Spamhaus spammed redirector domain
> > tflags URIBL_DBL_REDIR net domains_only
> > score URIBL_DBL_REDIR 2.0
> > endif
>
> this rule just works, thanks.
>
> Isn't it a pretty normal check to be done? I ask since my fear is that my
> setup is someway wrong, or at least poor. I just use default rules from
> debian spamassassin + sa-update but many times I see spam messages pass
> throught that are clearly spam and hit very few rules.

The 127.0.1.3 was a recent addition to dbl.spamhaus.org (March 2011).
Default rules do not recognize it yet.

See a thread:
  The one year anniversary of the Spamhaus DBL brings a new zone
on the users@spamassassin.apache.org ML on 2011-03-08,

and the opened RFE:
  https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6550

> > The answer was probebly 127.0.1.3. I guess you do not have any rules
> > to hit on this value.
>
> Why should it issue the query and neglect the answer?

Because the same dbl.spamhaus.org zone is used for other related and older
rules as well. All rules referring to the same zone result in a single
query. When a result comes in, it is checked against individual rules.

  Mark