Re: spam.el blackhole check

Re: spam.el blackhole check

[Ted Zlatanov]

On Tue, 22 Jul 2003, lanz@fowi.ethz.ch wrote:
> I think spam-use-blackholes is not working correctly on my office
> desktop (under Solaris). It seems that I never find a spam message
> through the spam-check-blackholes function. But there must be many,
> as I get a lot of them (for the same mail boxes) when calling the
> function at home under Linux.
> 
> I tried both spam-use-dig variants (dns.el and dig.el), and a
> typical log output in the *Messages* buffer looks like:
> 
> spam-split: calling the spam-check-blacklist function
> spam-split: calling the spam-check-whitelist function
> spam-split: calling the spam-check-BBDB function
> spam-split: calling the spam-check-blackholes function
> Checking headers for relay addresses
> spam-split: calling the spam-check-bogofilter function

Increase the gnus-verbose to 10 and see if any IP addresses are
getting detected.

> At work I am behind a firewall (I think). How can I test the
> spam-check-blackholes functionality? Do I need a special
> configuration behind a firewall?

You may.  It really depends on your particular setup.  Look up the
query-dig function; try for instance

M-: (query-dig "D.C.B.A.blackhole.server.com")

where A.B.C.D is the IP address you want to check, and
blackhole.server.com is the particular blackhole server you like, for
instance "bl.spamcop.net".

> Under Solaris I find a dig executable but not a dns or lookup
> executable.

First of all, the DNS check is done through the query-dns function,
which uses internal Emacs lookups, or through query-dig, which uses
the "dig" utility.  If you want a external utility for DNS lookups,
it's called "nslookup" in older systems, and "host" in newer ones.
It's not used by query-dns though.

Ted

Re: spam.el blackhole check

[Adrian Lanz]

On 22 Jul 2003, tzz@lifelogs.com wrote:

> On Tue, 22 Jul 2003, lanz@fowi.ethz.ch wrote:
>> I think spam-use-blackholes is not working correctly on my office
>> desktop (under Solaris). It seems that I never find a spam message
>> through the spam-check-blackholes function. But there must be many,
>> as I get a lot of them (for the same mail boxes) when calling the
>> function at home under Linux.
>>
>> I tried both spam-use-dig variants (dns.el and dig.el), and a
>> typical log output in the *Messages* buffer looks like:
>>
>> spam-split: calling the spam-check-blacklist function
>> spam-split: calling the spam-check-whitelist function
>> spam-split: calling the spam-check-BBDB function
>> spam-split: calling the spam-check-blackholes function
>> Checking headers for relay addresses
>> spam-split: calling the spam-check-bogofilter function
>
> Increase the gnus-verbose to 10 and see if any IP addresses are
> getting detected.

Ok, now I get

spam-split: widening the buffer (spam-use-bogofilter requires it)
spam-split: calling the spam-check-blacklist function
spam-split: calling the spam-check-whitelist function
spam-split: calling the spam-check-BBDB function
spam-split: calling the spam-check-blackholes function
Checking headers for relay addresses
Blackhole search found host IP 192.168.36.12.
Blackhole search found host IP 200.86.162.104.
spam-split: calling the spam-check-bogofilter function
(New file)
Wrote /home/lanz/mail/gnus/mail/blogy@mailpride.com

I immediately visited spamcop.net and found that IP 200.86.162.104 is
blacklisted in bl.spamcop.net.

If dig.el or dns.el are working I would expect spam.el to step out
mail splitting after spam-check-blackholes and write the mail into my
spam group "spam.mail". Instead it continues with
spam-check-bogofilter which renders a low spamicity score [that's ok
for this particular spam message] and finally executes my personal
splitting function which writes the mail messages in a group named as
the sender of the mail [that's ok as well].

> >
>> At work I am behind a firewall (I think). How can I test the
>> spam-check-blackholes functionality? Do I need a special
>> configuration behind a firewall?
>
> You may.  It really depends on your particular setup.  Look up the
> query-dig function; try for instance
>
> M-: (query-dig "D.C.B.A.blackhole.server.com")
>
> where A.B.C.D is the IP address you want to check, and
> blackhole.server.com is the particular blackhole server you like,
> for instance "bl.spamcop.net".

This (always) returns nil, as query-dns does. I tested (query-dig
"104.162.86.200.bl.spamcop.net") and (query-dns
"104.162.86.200.bl.spamcop.net").

> >
>> Under Solaris I find a dig executable but not a dns or lookup
>> executable.
>
> First of all, the DNS check is done through the query-dns function,
> which uses internal Emacs lookups, or through query-dig, which uses
> the "dig" utility.  If you want a external utility for DNS lookups,
> it's called "nslookup" in older systems, and "host" in newer ones.
> It's not used by query-dns though.

I found nslookup and dig. In a terminal window I tried:

$ nslookup 104.162.86.200.bl.spamcop.net
Server:  hallo.vswsl.ch
Address:  10.30.1.3

*** hallo.vswsl.ch can't find 104.162.86.200.bl.spamcop.net: Non-existent host/domain


$ dig 104.162.86.200.bl.spamcop.net

; <<>> DiG 8.3 <<>> 104.162.86.200.bl.spamcop.net 
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 4
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;;      104.162.86.200.bl.spamcop.net, type = A, class = IN

;; Total query time: 1 msec
;; FROM: myrelas to SERVER: default -- 10.30.1.3
;; WHEN: Wed Jul 23 00:25:12 2003
;; MSG SIZE  sent: 47  rcvd: 47


Thanks, Adrian