0

I am using SpamHaus BlockList Tester to test if my mailserver is blocking mails originating from known spamming / phishing mail server.

The latest run against the Public Mirror Test gave the following results:

Test Name            MX Probes
probe                Delivered

SMTP Test Emails


pbl-pub-ip           Rejected
sbl-pub-ip           Rejected
xbl-pub-ip           Rejected
dbl-pub-ehlo         Rejected
dbl-pub-from         Rejected


Content Test Emails


sbl-pub-body-ip      Delivered
dbl-pub-body-domain  Delivered

The sbl-pub-body-ip test is testing if there is a link in the body of the email that is linking to an ip address listed in SpamHaus IP Blocklist (SBL).

The link in question is: http://199.168.89.84.

Debugging the delivered mail by sending it to spamc -R gave the following result:

 pts rule name              description
---- ---------------------- --------------------------------------------------
-0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
 0.0 NORMAL_HTTP_TO_IP      URI: URI host has a public dotted-decimal IPv4
                             address
 0.0 NUMERIC_HTTP_ADDR      URI: Uses a numeric IP address in URL

The dbl-pub-body-domain test is testing if there is a link in the body of the email that is linking to a domain listed in SpamHaus Domain Blocklist (DBL).

The link in question is: http://dbltest-pub.com.

Debugging the delivered mail with spamc -R gave the following result:

Content analysis details:   (-0.0 points, 5.0 required)

pts rule name              description




-0.0 SPF_HELO_PASS          SPF: HELO matches SPF record

I was under the impression that SpamAssassin is running through all the rules mentioned in /usr/share/spamassassin by default with the relevant rules for these two mails being defined in either 20_dnsbl_test.cf or 25_uribl.cf.

So I am wondering both which rules was it supposed to match against and is there anything I have forgotten to enable, since the tests was not loaded?

The 20_dnsbl_test.cf is dependent on the perl module Mail::SpamAssassin::Plugin::DNSEval which is enabled in /etc/mail/spamassassin/v320.pre.

The 25_uribl.cf is dependent on the perl module Mail::SpamAssassin::Plugin::URIDNSBL which is enabled in /etc/mail/spamassassin/init.pre.

Is there anything else I need to enable in order to run the tests defined in 20_dnsbl_test.cf and 25_uribl.cf?

Lasse Michael Mølgaard
  • 1,293

0 Answers0