search

spamhaus / spamassassin-dqs

Spamhaus code for the Spamassassin plugin. See https://docs.spamhaustech.com/40-real-world-usage/SpamAssassin/000-intro.html
Apache License 2.0
54 stars 15 forks source link

I must be doing something wrong: plugin not adding points #51

Closed dingesista closed 1 year ago

dingesista commented 1 year ago

I'm trying to find out how what I'm doing wrong, but not sure where to look next.

This is on a server running Debian stable, spamassassin 3.4.6-1, in combination with Exim 4.94.2-7.

The plugin seems to be installed ok, and it also seems to work. But none of the test messages are scored as spam.

Below I quote from the output from spamassassin -D < /tmp/message.txt, which is run as user Debian-spamd and where message.txt is one of the test-mails sent from blt.spamhaus.com. It should pick up on this bad domain: zrdtest.com.

Plugin OK? I see: plugin: loading Mail::SpamAssassin::Plugin::SH from /etc/spamassassin/SH.pm

so that seems OK.

I also see several mentions of the bad domain being looked up at spamhaus, for example:

async: starting: URIBL_DBL_PHISH, URI-DNSBL, DNSBL:zrdtest.com:my-key-here.dbl.dq.spamhaus.net (timeout 15.0s, min 3.0s) dns: URIBL_DBL_PHISH lookup start

and

async: query 17181/IN/A/zrdtest.com.my-key-here.dbl.dq.spamhaus.net already done, re-using for SH:zrdtest.com.my-key-here.dbl.dq.spamhaus.net, callback SHPlugin: _finish_lookup on zrdtest.com / SH_DBL_ABUSED_FULLHOST / ^127.0.1.10[2-6]$

with this ^^^ line I would expect to see the spam score to go up with 6 points (that is what I assume from the scores file). However .. the "score so far" never goes up. In the end, the message is accepted like this: "check: is spam? score=0.989"

ricalfieri commented 1 year ago

I hope that you are using your actual key instead of "my-key-here" :)

Jokes aside, this line:

async: query 17181/IN/A/zrdtest.com.my-key-here.dbl.dq.spamhaus.net already done, re-using for SH:zrdtest.com.my-key-here.dbl.dq.spamhaus.net, callback

would not trigger ZRD, as it resides in the dedicated *.my-key-here.zrd.dq.spamhaus.net zone.

So, first of all, what happens if you do a 

$ dig +short zrdtest.com.<your-key>.zrd.dq.spamhaus.net
$ dig +short dbltest.com.<your-key>.dbl.dq.spamhaus.net

You should get positive answers from those queries

Then, you should paste the full output of a 

spamassassin -t -D < /tmp/message.txt

And last, as this looks to me like a SpamAssassin misconfig, I can help only so much, as every setup is different and I only deal with the plugin

dingesista commented 1 year ago

Yes,it is for most likely a misconfiguration.

dig +short zrdtest.com.<that-key-again>.zrd.dq.spamhaus.net
127.0.2.2

However

dig +short dbltest.com.<same>.dbl.dq.spamhaus.net

gives ... no answer

ricalfieri commented 1 year ago

Are you on a free tier DQS account?

dingesista commented 1 year ago

Are you on a free tier DQS account?

Yes

ricalfieri commented 1 year ago

Please send me your DQS key at riccardo.alfieri[-at-]spamhaus.com

ricalfieri commented 1 year ago

(continued via email)