* Re: spam.el blackhole check
[not found] <yovahe5enb7z.fsf@relaskop.wsl.ch>
@ 2003-07-22 17:07 ` Ted Zlatanov
2003-07-22 22:37 ` Adrian Lanz
0 siblings, 1 reply; 2+ messages in thread
From: Ted Zlatanov @ 2003-07-22 17:07 UTC (permalink / raw)
On Tue, 22 Jul 2003, lanz@fowi.ethz.ch wrote:
> I think spam-use-blackholes is not working correctly on my office
> desktop (under Solaris). It seems that I never find a spam message
> through the spam-check-blackholes function. But there must be many,
> as I get a lot of them (for the same mail boxes) when calling the
> function at home under Linux.
>
> I tried both spam-use-dig variants (dns.el and dig.el), and a
> typical log output in the *Messages* buffer looks like:
>
> spam-split: calling the spam-check-blacklist function
> spam-split: calling the spam-check-whitelist function
> spam-split: calling the spam-check-BBDB function
> spam-split: calling the spam-check-blackholes function
> Checking headers for relay addresses
> spam-split: calling the spam-check-bogofilter function
Increase the gnus-verbose to 10 and see if any IP addresses are
getting detected.
> At work I am behind a firewall (I think). How can I test the
> spam-check-blackholes functionality? Do I need a special
> configuration behind a firewall?
You may. It really depends on your particular setup. Look up the
query-dig function; try for instance
M-: (query-dig "D.C.B.A.blackhole.server.com")
where A.B.C.D is the IP address you want to check, and
blackhole.server.com is the particular blackhole server you like, for
instance "bl.spamcop.net".
> Under Solaris I find a dig executable but not a dns or lookup
> executable.
First of all, the DNS check is done through the query-dns function,
which uses internal Emacs lookups, or through query-dig, which uses
the "dig" utility. If you want a external utility for DNS lookups,
it's called "nslookup" in older systems, and "host" in newer ones.
It's not used by query-dns though.
Ted
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: spam.el blackhole check
2003-07-22 17:07 ` spam.el blackhole check Ted Zlatanov
@ 2003-07-22 22:37 ` Adrian Lanz
0 siblings, 0 replies; 2+ messages in thread
From: Adrian Lanz @ 2003-07-22 22:37 UTC (permalink / raw)
On 22 Jul 2003, tzz@lifelogs.com wrote:
> On Tue, 22 Jul 2003, lanz@fowi.ethz.ch wrote:
>> I think spam-use-blackholes is not working correctly on my office
>> desktop (under Solaris). It seems that I never find a spam message
>> through the spam-check-blackholes function. But there must be many,
>> as I get a lot of them (for the same mail boxes) when calling the
>> function at home under Linux.
>>
>> I tried both spam-use-dig variants (dns.el and dig.el), and a
>> typical log output in the *Messages* buffer looks like:
>>
>> spam-split: calling the spam-check-blacklist function
>> spam-split: calling the spam-check-whitelist function
>> spam-split: calling the spam-check-BBDB function
>> spam-split: calling the spam-check-blackholes function
>> Checking headers for relay addresses
>> spam-split: calling the spam-check-bogofilter function
>
> Increase the gnus-verbose to 10 and see if any IP addresses are
> getting detected.
Ok, now I get
spam-split: widening the buffer (spam-use-bogofilter requires it)
spam-split: calling the spam-check-blacklist function
spam-split: calling the spam-check-whitelist function
spam-split: calling the spam-check-BBDB function
spam-split: calling the spam-check-blackholes function
Checking headers for relay addresses
Blackhole search found host IP 192.168.36.12.
Blackhole search found host IP 200.86.162.104.
spam-split: calling the spam-check-bogofilter function
(New file)
Wrote /home/lanz/mail/gnus/mail/blogy@mailpride.com
I immediately visited spamcop.net and found that IP 200.86.162.104 is
blacklisted in bl.spamcop.net.
If dig.el or dns.el are working I would expect spam.el to step out
mail splitting after spam-check-blackholes and write the mail into my
spam group "spam.mail". Instead it continues with
spam-check-bogofilter which renders a low spamicity score [that's ok
for this particular spam message] and finally executes my personal
splitting function which writes the mail messages in a group named as
the sender of the mail [that's ok as well].
> >
>> At work I am behind a firewall (I think). How can I test the
>> spam-check-blackholes functionality? Do I need a special
>> configuration behind a firewall?
>
> You may. It really depends on your particular setup. Look up the
> query-dig function; try for instance
>
> M-: (query-dig "D.C.B.A.blackhole.server.com")
>
> where A.B.C.D is the IP address you want to check, and
> blackhole.server.com is the particular blackhole server you like,
> for instance "bl.spamcop.net".
This (always) returns nil, as query-dns does. I tested (query-dig
"104.162.86.200.bl.spamcop.net") and (query-dns
"104.162.86.200.bl.spamcop.net").
> >
>> Under Solaris I find a dig executable but not a dns or lookup
>> executable.
>
> First of all, the DNS check is done through the query-dns function,
> which uses internal Emacs lookups, or through query-dig, which uses
> the "dig" utility. If you want a external utility for DNS lookups,
> it's called "nslookup" in older systems, and "host" in newer ones.
> It's not used by query-dns though.
I found nslookup and dig. In a terminal window I tried:
$ nslookup 104.162.86.200.bl.spamcop.net
Server: hallo.vswsl.ch
Address: 10.30.1.3
*** hallo.vswsl.ch can't find 104.162.86.200.bl.spamcop.net: Non-existent host/domain
$ dig 104.162.86.200.bl.spamcop.net
; <<>> DiG 8.3 <<>> 104.162.86.200.bl.spamcop.net
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 4
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;; 104.162.86.200.bl.spamcop.net, type = A, class = IN
;; Total query time: 1 msec
;; FROM: myrelas to SERVER: default -- 10.30.1.3
;; WHEN: Wed Jul 23 00:25:12 2003
;; MSG SIZE sent: 47 rcvd: 47
Thanks, Adrian
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2003-07-22 22:37 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <yovahe5enb7z.fsf@relaskop.wsl.ch>
2003-07-22 17:07 ` spam.el blackhole check Ted Zlatanov
2003-07-22 22:37 ` Adrian Lanz
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).