[prev in list] [next in list] [prev in thread] [next in thread] 

List:       spamassassin-devel
Subject:    [Bug 6075] dnsbl checks time out
From:       bugzilla-daemon () issues ! apache ! org
Date:       2009-02-28 10:44:07
Message-ID: 20090228104407.901F1234C4A8 () brutus ! apache ! org
[Download RAW message or body]

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6075





--- Comment #7 from Elsa Andrés <e.andres@ist-sci.com>  2009-02-28 02:44:06 PST ---
(In reply to comment #6)

> I had a raw (binary) packet capture in mind. The textual summary
> can cover interesting details, which might be important.
> But it will do for now. It seems the queries are sent, but replies
> are not coming back (assuming you left the capture running
> sufficiently long time after running spamassassin, say a minute).

Yes, no reply.

Strange thing is that making single queries, I get a reply from dns server:

***
host 213.21.195.128.zen.spamhaus.org
Host 213.21.195.128.zen.spamhaus.org not found: 3(NXDOMAIN)
***

and tcpdump...

***
11:27:00.621787 IP 10.0.0.11.32781 >
33.Red-80-58-0.staticIP.rima-tde.net.domain: 3709+ A?
213.21.195.128.zen.spamhaus.org. (49)
11:27:00.798656 IP 33.Red-80-58-0.staticIP.rima-tde.net.domain >
10.0.0.11.32781: 3709 NXDomain 0/1/0 (113)
11:27:00.798916 IP 10.0.0.11.32781 >
33.Red-80-58-0.staticIP.rima-tde.net.domain: 8369+ A?
213.21.195.128.zen.spamhaus.org. (49)
11:27:00.838842 IP 33.Red-80-58-0.staticIP.rima-tde.net.domain >
10.0.0.11.32781: 8369 NXDomain 0/1/0 (113)
11:27:05.621448 IP 10.0.0.11.32781 >
33.Red-80-58-0.staticIP.rima-tde.net.domain: 17060+ PTR? 1.0.0.10.in-addr.arpa.
(39)
11:27:05.661448 IP 33.Red-80-58-0.staticIP.rima-tde.net.domain >
10.0.0.11.32781: 17060 NXDomain 0/1/0 (116)
11:29:06.996959 IP 10.0.0.11.32781 >
33.Red-80-58-0.staticIP.rima-tde.net.domain: 40187+ PTR? 1.0.0.10.in-addr.arpa.
(39)
11:29:07.036717 IP 33.Red-80-58-0.staticIP.rima-tde.net.domain >
10.0.0.11.32781: 40187 NXDomain 0/1/0 (116)
***

So maybe there is something in the way SA makes dnsbl queries what it is
causing this.

Is there any way I could tell SA to query just "one" dnsbl list? This way I
could reproduce a single "host" query, which outside SA, works o.k.

> Looks like you need to do some network troubleshooting, like
> looking at a DNS server's log file, trying the same capture
> on the DNS host, checking firewall, network, ...

Well, I am trying all the tests I can perfom at my side (disabling firewalls
-computer and router ones- disabling any filters that could be blocking packets
and so on).

Once the packets leave my router I don't have any control. I am using my ISP
dns servers.


-- 
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[prev in list] [next in list] [prev in thread] [next in thread]