error /SpamAssassin/Plugin/DNSEval.pm

config looks plain and unchanged :/

a) please reboot (stop it and start it again) your PMG
b) what are you using as DNS-server in your network (based on the dig output a while ago - what is the DNS-server running on 192.168.100.1 for a piece of equipment/software)
 
a)I've restarted it several times and it didn't fix it.
b)This is a Miktorik router, it is the DNS server for my entire network
 
I can confirm, the Mikrotik DNS Proxy is the culprit.

I don't know why but I think the DNS Proxy is not capable of querying the DMARC settings...
 
  • Like
Reactions: t.lamprecht
thanks all,

unfortunately I don't see that it has been fixed, I'll try it with other dns settings.
 
Hy Stoiko,
I installed a unique dns server within pmg.
https://pmg.proxmox.com/wiki/index.php/DNS_server_on_Proxmox_Mail_Gateway
Since then I see this error:
Oct 13 11:21:36 smtp postfix/dnsblog[4438]: warning: dnsblog_query: lookup error for DNS query 21.133.80.45.b.barracudacentral.org: Host or domain name not found. Name service error for name=21.133.80.45.b.barracudacentral.org type=A: Host not found, try again
Oct 13 11:21:36 smtp postfix/postscreen[4437]: warning: dnsblog reply timeout 10s for b.barracudacentral.org

What could be the problem?
 
Hi,
I have the same issue and it seems the issue in my spamassassin/custom.cf: there are records for uridnsbl_skip_domains. The message appears for domains in this config. Maybe it sends $null value in this case.
 
knorbi said:
Since then I see this error:
Oct 13 11:21:36 smtp postfix/dnsblog[4438]: warning: dnsblog_query: lookup error for DNS query 21.133.80.45.b.barracudacentral.org: Host or domain name not found. Name service error for name=21.133.80.45.b.barracudacentral.org type=A: Host not found, try again
Oct 13 11:21:36 smtp postfix/postscreen[4437]: warning: dnsblog reply timeout 10s for b.barracudacentral.org
Click to expand...
sorry for overlooking that question - in case it's still relevant - this looks like the local DNS-server is not able to connect to the public internet on port 53? - check the unbound logs and your firewall settings.
 
rexxer777 said:
Hi,
I have the same issue and it seems the issue in my spamassassin/custom.cf: there are records for uridnsbl_skip_domains. The message appears for domains in this config. Maybe it sends $null value in this case.
Click to expand...
please share the actual logs (also consider creating a new thread the next time) - make sure that your DNS-resolution works in all cases.
 
Sorry, I'm just trying to help in this thread: maybe the additional info will be useful.
Logs:
Code: 
2024-01-12T16:10:51.789123-08:00 pmg postfix/smtpd[2729506]: connect from out-21.smtp.github.com[192.30.252.204]
2024-01-12T16:10:52.148928-08:00 pmg pmgpolicy[2729016]: SPF says pass
2024-01-12T16:10:52.149812-08:00 pmg postfix/smtpd[2729506]: 248793FEDA: client=out-21.smtp.github.com[192.30.252.204]
2024-01-12T16:10:52.206018-08:00 pmg postfix/cleanup[2729180]: 248793FEDA: message-id=<apache/beam/pull/29954/c1890166478@github.com>
2024-01-12T16:10:52.207130-08:00 pmg postfix/qmgr[2695950]: 248793FEDA: from=<noreply@github.com>, size=4932, nrcpt=1 (queue active)
2024-01-12T16:10:52.207294-08:00 pmg postfix/smtpd[2729506]: disconnect from out-21.smtp.github.com[192.30.252.204] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
2024-01-12T16:10:52.208270-08:00 pmg pmg-smtp-filter[2729299]: 2024/01/12-16:10:52 CONNECT TCP Peer: "[127.0.0.1]:56356" Local: "[127.0.0.1]:10024"
2024-01-12T16:10:52.264931-08:00 pmg pmg-smtp-filter[2729299]: 402F765A1D50C3E8CC: new mail message-id=<apache/beam/pull/29954/c1890166478@github.com>#012
2024-01-12T16:10:52.324177-08:00 pmg pmgpolicy[1197389]: starting policy database maintenance (greylist, rbl)
2024-01-12T16:10:52.385854-08:00 pmg pmg-smtp-filter[2729299]: WARNING: Use of uninitialized value $rbl_server in substitution (s///) at /usr/share/perl5/Mail/SpamAssassin/Plugin/DNSEval.pm line 320, <GEN7473> line 87.
2024-01-12T16:10:52.385982-08:00 pmg pmg-smtp-filter[2729299]: WARNING: Use of uninitialized value $rbl_server in concatenation (.) or string at /usr/share/perl5/Mail/SpamAssassin/Plugin/DNSEval.pm line 321, <GEN7473> line 87.
2024-01-12T16:10:52.386069-08:00 pmg pmg-smtp-filter[2729299]: WARNING: Use of uninitialized value $rbl_server in concatenation (.) or string at /usr/share/perl5/Mail/SpamAssassin/Plugin/DNSEval.pm line 402, <GEN7473> line 87.
2024-01-12T16:10:52.425692-08:00 pmg pmgpolicy[1197389]: end policy database maintenance (92 ms, 2 ms)

My DNS check:
Code: 
root@pmg:/etc/mail/spamassassin# dig github.com


; <<>> DiG 9.18.19-1~deb12u1-Debian <<>> github.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23510

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1


;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;github.com.                    IN      A


;; ANSWER SECTION:

github.com.             60      IN      A       20.29.134.23


;; Query time: 8 msec

;; SERVER: 192.168.1.1#53(192.168.1.1) (UDP)

;; WHEN: Tue Jan 23 06:23:14 PST 2024

;; MSG SIZE  rcvd: 55

custom.cf:
Code: 
uridnsbl_skip_domain googleapis.com goo.gl googlegroups.com docs.google.com
uridnsbl_skip_domain youtu.be linkedin.com fbcdn.net licdn.com twimg.com redbox.com
uridnsbl_skip_domain amazon.ca amazonses.com amazonaws.com ssl-images-amazon.com images-amazon.com media-amazon.com
uridnsbl_skip_domain instagram.com pinterest.com pinimg.com facebookmail.com yahoodns.net tumblr.com
uridnsbl_skip_domain groupon.com grouponcdn.com office365.com booking.com
uridnsbl_skip_domain github.com
uridnsbl_skip_domain onmicrosoft.com microsoft.com outlook.com hotmail.com

dns_query_restriction deny multi.uribl.com
 
rexxer777 said:
uridnsbl_skip_domain googleapis.com goo.gl googlegroups.com docs.google.com uridnsbl_skip_domain youtu.be linkedin.com fbcdn.net licdn.com twimg.com redbox.com uridnsbl_skip_domain amazon.ca amazonses.com amazonaws.com ssl-images-amazon.com images-amazon.com media-amazon.com uridnsbl_skip_domain instagram.com pinterest.com pinimg.com facebookmail.com yahoodns.net tumblr.com uridnsbl_skip_domain groupon.com grouponcdn.com office365.com booking.com uridnsbl_skip_domain github.com uridnsbl_skip_domain onmicrosoft.com microsoft.com outlook.com hotmail.com dns_query_restriction deny multi.uribl.com
Click to expand...
do you have any other modifications to the spamassassin configuration (custom plugins etc)?
 
rexxer777 said:
o. The situation is the same as for the reporting user: everything is clear from the box.
Click to expand...
The issue is a different one though - and I tried reproducing it, by copying your custom.cf contents and sending a mail containing a github.com link and the issue did not occur...
 
I found the cause.
These records in local.cf, after disabling the messages have gone away.
I must play with RBLs in spamassassing config to make it works:
Code: 
# DNSBLs Check
#header        CUSTOM_LOOKUP_1    eval:check_rbl_txt('dnsrbl','dnsrbl.org.')
#describe      CUSTOM_LOOKUP_1    Entries listed in dnsrbl.org RBL
#score         CUSTOM_LOOKUP_1    3.0

#header        CUSTOM_LOOKUP_1    eval:check_rbl_txt('b.barracudacentral.org.')
#describe      CUSTOM_LOOKUP_1    Entries listed in b.barracudacentral.org RBL
#score         CUSTOM_LOOKUP_1    3.0

#header        CUSTOM_LOOKUP_1    eval:check_rbl_txt('zen.spamhaus.org.')
#describe      CUSTOM_LOOKUP_1    Entries listed in zen.spamhaus.org RBL
#score         CUSTOM_LOOKUP_1    3.0

#header        CUSTOM_LOOKUP_1    eval:check_rbl_txt('bl.spamcop.net.')
#describe      CUSTOM_LOOKUP_1    Entries listed in bl.spamcop.net RBL
#score         CUSTOM_LOOKUP_1    3.0

#header        CUSTOM_LOOKUP_1    eval:check_rbl_txt('psbl.surriel.com.')
#describe      CUSTOM_LOOKUP_1    Entries listed in psbl.surriel.com RBL
#score         CUSTOM_LOOKUP_1    3.0

#header        CUSTOM_LOOKUP_1    eval:check_rbl_txt('spamrbl.imp.ch.')
#describe      CUSTOM_LOOKUP_1    Entries listed in spamrbl.imp.ch RBL
#score         CUSTOM_LOOKUP_1    3.0

#header        CUSTOM_LOOKUP_1    eval:check_rbl_txt('noptr.spamrats.com.')
#describe      CUSTOM_LOOKUP_1    Entries listed in noptr.spamrats.com RBL
#score         CUSTOM_LOOKUP_1    3.0

#header        CUSTOM_LOOKUP_1    eval:check_rbl_txt('escalations.dnsbl.sorbs.net.')
#describe      CUSTOM_LOOKUP_1    Entries listed in escalations.dnsbl.sorbs.net RBL
#score         CUSTOM_LOOKUP_1    3.0

#header        CUSTOM_LOOKUP_1    eval:check_rbl_txt('bl.spameatingmonkey.net.')
#describe      CUSTOM_LOOKUP_1    Entries listed in bl.spameatingmonkey.net RBL
#score         CUSTOM_LOOKUP_1    3.0

#header        CUSTOM_LOOKUP_1    eval:check_rbl_txt('ix.dnsbl.manitu.net.')
#describe      CUSTOM_LOOKUP_1    Entries listed in ix.dnsbl.manitu.net RBL
#score         CUSTOM_LOOKUP_1    3.0

#header        CUSTOM_LOOKUP_1    eval:check_rbl_txt('truncate.gbudb.net.')
#describe      CUSTOM_LOOKUP_1    Entries listed in truncate.gbudb.net RBL
#score         CUSTOM_LOOKUP_1    3.0

#header        CUSTOM_LOOKUP_1    eval:check_rbl_txt('bl.blocklist.de.')
#describe      CUSTOM_LOOKUP_1    Entries listed in bl.blocklist.de RBL
#score         CUSTOM_LOOKUP_1    3.0
 
rexxer777 said:
These records in local.cf, after disabling the messages have gone away.
Click to expand...
my guess is that you need to provide 2 arguments to check_rbl_txt :
rexxer777 said:
#header CUSTOM_LOOKUP_1 eval:check_rbl_txt('dnsrbl','dnsrbl.org.')
Click to expand...
like you do here

instead of:
rexxer777 said:
header CUSTOM_LOOKUP_1 eval:check_rbl_txt('truncate.gbudb.net.')
Click to expand...
this here (only one argument)...

see: https://spamassassin.apache.org/full/4.0.x/doc/Mail_SpamAssassin_Conf.html
 
You must log in or register to reply here.
Top Bottom