[SOLVED] URIBL have stopped working (dns ok)

[dendi]

Dear Proxmox community,
I run a cluster of two subscribed PMG in HA.
A few days ago I started receiving spam mails that contained addresses reported in uribl
I noticed that it no longer appears in the headers URIBL_ABUSE_SURBL and URIBL_BLACK so I think it's a spamassassin related problem (on both nodes)
A few days before the problem I updated from PMG 7.1 to latest with spamassassin 4 but I'm sure it worked well for at least two days.
I have a similar situation to the user g00gle who wrote this thread:
https://forum.proxmox.com/threads/d...-uribl_dbl_spam-not-showing-in-headers.57579/
RBL checks are enabled and I run my (tested) dns resolver on both nodes
Can you help me to debug and find the problem as I'm not a spamassassin expert?
Thank you

 

[dcsapak]

can you post the eml file of such a message and the log when you got it?

 

[dendi]

Yes, I removed some personal data, thank you

Apr 20 21:47:18 avas postfix/smtpd[1212503]: connect from mx.falastions.radio.am[194.53.54.29]

Apr 20 21:47:19 avas postfix/smtpd[1212503]: 347DB44324: client=mx.falastions.radio.am[194.53.54.29]
Apr 20 21:47:19 avas postfix/cleanup[1212510]: 347DB44324: message-id=<3313447740204143432305602636113113237182@falastions.radio.am>
Apr 20 21:47:19 avas postfix/qmgr[1188003]: 347DB44324: from=<usmatkn@falastions.radio.am>, size=149633, nrcpt=1 (queue active)
Apr 20 21:47:19 avas postfix/smtpd[1212503]: disconnect from mx.falastions.radio.am[194.53.54.29] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Apr 20 21:47:19 avas pmg-smtp-filter[1211833]: 44325644196C79BDE2: new mail message-id=<3313447740204143432305602636113113237182@falastions.radio.am>#012
Apr 20 21:47:23 avas pmg-smtp-filter[1211833]: 44325644196C79BDE2: SA score=0/5 time=3.607 bayes=undefined autolearn=disabled hits=DMARC_PASS(-0.1),HTML_FONT_LOW_CONTRAST(0.001),HTML_IMAGE_ONLY_20(0.7),HTML_IMAGE_RATIO_02(0.001),HTML_MESSAGE(0.001),HTML_SHORT_LINK_IMG_3(0.328),KAM_DMARC_STATUS(0.01),SPF_HELO_NONE(0.001),SPF_PASS(-0.001),T_SCC_BODY_TEXT_LINE(-0.01),T_TVD_MIME_EPI(0.01)
Apr 20 21:47:23 avas postfix/smtpd[1212518]: connect from localhost.localdomain[127.0.0.1]
Apr 20 21:47:23 avas postfix/smtpd[1212518]: 724924432F: client=localhost.localdomain[127.0.0.1], orig_client=mx.falastions.radio.am[194.53.54.29]
Apr 20 21:47:23 avas postfix/cleanup[1212510]: 724924432F: message-id=<3313447740204143432305602636113113237182@falastions.radio.am>
Apr 20 21:47:23 avas postfix/qmgr[1188003]: 724924432F: from=<usmatkn@falastions.radio.am>, size=150582, nrcpt=1 (queue active)
Apr 20 21:47:23 avas pmg-smtp-filter[1211833]: 44325644196C79BDE2: accept mail to <my@address> (724924432F) (rule: default-accept)
Apr 20 21:47:23 avas postfix/smtpd[1212518]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5
Apr 20 21:47:23 avas pmg-smtp-filter[1211833]: 44325644196C79BDE2: processing time: 3.897 seconds (3.607, 0.12, 0)
Apr 20 21:47:23 avas postfix/lmtp[1212511]: 347DB44324: to=<my@address>, relay=127.0.0.1[127.0.0.1]:10024, delay=4.5, delays=0.52/0.03/0.05/3.9, dsn=2.5.0, status=sent (250 2.5.0 OK (44325644196C79BDE2))
Apr 20 21:47:23 avas postfix/qmgr[1188003]: 347DB44324: removed
Apr 20 21:47:23 avas postfix/smtp[1212519]: 724924432F: to=<my@address>, relay=my.mail.server[1.2.3.4]:25, delay=0.23, delays=0.07/0.03/0.06/0.06, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 4097E2804E6)
Apr 20 21:47:23 avas postfix/qmgr[1188003]: 724924432F: removed

 

[dcsapak]

i checked, and none of the urls in the email are listed on either uribl.com or surbl.org, so it's expected that spamassassin does not report it ?

 

[dendi]

you are right, now uribl are working and i receive only few spam mails.
Don't know how but it's solved now... I just rebooted both nodes :-D
Thank you