Interesting Spam Assassin Issue with URIRBL/SURBL
I get these errors on the URIRBL lookups and only the NJABL (or however it goes) RBL lookup comes back positive when at least 3 should.
debug: URIDNSBL: queries active: DNSBL=3 NS=3 at Mon Jul 4 02:14:10 2005
debug: URIDNSBL: queries completed: 0 started: 0
debug: URIDNSBL: queries active: DNSBL=3 NS=3 at Mon Jul 4 02:14:11 2005
debug: URIDNSBL: queries completed: 0 started: 0
debug: URIDNSBL: queries active: DNSBL=3 NS=3 at Mon Jul 4 02:14:12 2005
Output from my server:
------
Content analysis details: (12.3 points, 5.0 required)
Pts Rule Name Description
---- ---------------------- --------------------------------------------
1.7 SARE_BOUNDARY_13 Possible spam flag
0.1 FORGED_RCVD_HELO Received: contains a forged HELO
0.8 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
[SPF failed: Please see http://spf.pobox.com/why.html?]
0.6 REMOVE_PAGE URI: URL of page called "remove"
2.2 SARE_URI_MEDS URI: domain selling meds
0.1 HTML_40_50 BODY: Message is 40% to 50% HTML
1.5 RAZOR2_CF_RANGE_51_100 BODY: Razor2 gives confidence level above 50%
[cf: 100]
0.0 HTML_MESSAGE BODY: HTML included in message
0.1 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
1.7 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP
[211.99.202.80 listed in combined.njabl.org]
2.3 LONGWORDS Long string of long words
0.9 FM_NO_STYLE FM_NO_STYLE
-------
Output from working box:
-------
ontent analysis details: (20.6 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.1 FORGED_RCVD_HELO Received: contains a forged HELO
0.6 REMOVE_PAGE URI: URL of page called "remove"
0.1 HTML_40_50 BODY: Message is 40% to 50% HTML
0.0 HTML_MESSAGE BODY: HTML included in message
0.4 DNS_FROM_RFC_ABUSE RBL: Envelope sender in abuse.rfc-ignorant.org
0.1 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address
[211.99.202.80 listed in dnsbl.sorbs.net]
0.5 DNS_FROM_RFC_WHOIS RBL: Envelope sender in whois.rfc-ignorant.org
1.8 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see <http://www.spamcop.net/bl.shtml?210.235.242.248>]
2.5 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
[210.235.242.248 listed in sbl-xbl.spamhaus.org]
1.7 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP
[211.99.202.80 listed in combined.njabl.org]
0.6 URIBL_SBL Contains an URL listed in the SBL blocklist
[URIs: medsrealcheap.com]
2.0 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist
[URIs: medsrealcheap.com buychepmeds.com]
1.5 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
[URIs: medsrealcheap.com buychepmeds.com]
0.5 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
[URIs: medsrealcheap.com buychepmeds.com]
2.0 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist
[URIs: medsrealcheap.com buychepmeds.com]
3.9 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist
[URIs: surbl-org-permanent-test-point.com]
[medsrealcheap.com buychepmeds.com]
2.3 LONGWORDS Long string of long words
--------
As you can see there are quite a few tests that my box seems to be missing due to some unknown reason that Googling for several hours can't find.
If anyone has any ideas (make me look like an idiot even) I'll be more than happy to hear them.
