From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.user/2758 Path: news.gmane.org!not-for-mail From: Adrian Lanz Newsgroups: gmane.emacs.gnus.user Subject: Re: spam.el blackhole check Date: Wed, 23 Jul 2003 00:37:12 +0200 Message-ID: References: <4n65lutrpu.fsf@lockgroove.bwh.harvard.edu> NNTP-Posting-Host: main.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: sea.gmane.org 1138669074 16230 80.91.229.2 (31 Jan 2006 00:57:54 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Tue, 31 Jan 2006 00:57:54 +0000 (UTC) Original-X-From: nobody Tue Jan 17 17:31:11 2006 Original-Path: quimby.gnus.org!not-for-mail Original-Newsgroups: gnu.emacs.gnus Original-NNTP-Posting-Host: 193.134.205.252 Original-X-Trace: quimby.gnus.org 1058914436 25396 193.134.205.252 (22 Jul 2003 22:53:56 GMT) Original-X-Complaints-To: usenet@quimby.gnus.org Original-NNTP-Posting-Date: 22 Jul 2003 22:53:56 GMT User-Agent: Gnus/5.1003 (Gnus v5.10.3) Emacs/21.3 (usg-unix-v) Cancel-Lock: sha1:T0ohGPe+jrPbe8yJS1D19csGcNI= Original-Xref: bridgekeeper.physik.uni-ulm.de gnus-emacs-gnus:2898 Original-Lines: 101 X-Gnus-Article-Number: 2898 Tue Jan 17 17:31:11 2006 Xref: news.gmane.org gmane.emacs.gnus.user:2758 Archived-At: On 22 Jul 2003, tzz@lifelogs.com wrote: > On Tue, 22 Jul 2003, lanz@fowi.ethz.ch wrote: >> I think spam-use-blackholes is not working correctly on my office >> desktop (under Solaris). It seems that I never find a spam message >> through the spam-check-blackholes function. But there must be many, >> as I get a lot of them (for the same mail boxes) when calling the >> function at home under Linux. >> >> I tried both spam-use-dig variants (dns.el and dig.el), and a >> typical log output in the *Messages* buffer looks like: >> >> spam-split: calling the spam-check-blacklist function >> spam-split: calling the spam-check-whitelist function >> spam-split: calling the spam-check-BBDB function >> spam-split: calling the spam-check-blackholes function >> Checking headers for relay addresses >> spam-split: calling the spam-check-bogofilter function > > Increase the gnus-verbose to 10 and see if any IP addresses are > getting detected. Ok, now I get spam-split: widening the buffer (spam-use-bogofilter requires it) spam-split: calling the spam-check-blacklist function spam-split: calling the spam-check-whitelist function spam-split: calling the spam-check-BBDB function spam-split: calling the spam-check-blackholes function Checking headers for relay addresses Blackhole search found host IP 192.168.36.12. Blackhole search found host IP 200.86.162.104. spam-split: calling the spam-check-bogofilter function (New file) Wrote /home/lanz/mail/gnus/mail/blogy@mailpride.com I immediately visited spamcop.net and found that IP 200.86.162.104 is blacklisted in bl.spamcop.net. If dig.el or dns.el are working I would expect spam.el to step out mail splitting after spam-check-blackholes and write the mail into my spam group "spam.mail". Instead it continues with spam-check-bogofilter which renders a low spamicity score [that's ok for this particular spam message] and finally executes my personal splitting function which writes the mail messages in a group named as the sender of the mail [that's ok as well]. > > >> At work I am behind a firewall (I think). How can I test the >> spam-check-blackholes functionality? Do I need a special >> configuration behind a firewall? > > You may. It really depends on your particular setup. Look up the > query-dig function; try for instance > > M-: (query-dig "D.C.B.A.blackhole.server.com") > > where A.B.C.D is the IP address you want to check, and > blackhole.server.com is the particular blackhole server you like, > for instance "bl.spamcop.net". This (always) returns nil, as query-dns does. I tested (query-dig "104.162.86.200.bl.spamcop.net") and (query-dns "104.162.86.200.bl.spamcop.net"). > > >> Under Solaris I find a dig executable but not a dns or lookup >> executable. > > First of all, the DNS check is done through the query-dns function, > which uses internal Emacs lookups, or through query-dig, which uses > the "dig" utility. If you want a external utility for DNS lookups, > it's called "nslookup" in older systems, and "host" in newer ones. > It's not used by query-dns though. I found nslookup and dig. In a terminal window I tried: $ nslookup 104.162.86.200.bl.spamcop.net Server: hallo.vswsl.ch Address: 10.30.1.3 *** hallo.vswsl.ch can't find 104.162.86.200.bl.spamcop.net: Non-existent host/domain $ dig 104.162.86.200.bl.spamcop.net ; <<>> DiG 8.3 <<>> 104.162.86.200.bl.spamcop.net ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 4 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUERY SECTION: ;; 104.162.86.200.bl.spamcop.net, type = A, class = IN ;; Total query time: 1 msec ;; FROM: myrelas to SERVER: default -- 10.30.1.3 ;; WHEN: Wed Jul 23 00:25:12 2003 ;; MSG SIZE sent: 47 rcvd: 47 Thanks, Adrian