Return-Path: Received: from bulckens.com ([91.183.137.138] verified) by mail.tffenterprises.com (CommuniGate Pro SMTP 6.1.7) with ESMTPS id 19186061 for cgpsa-discuss@mail.tffenterprises.com; Tue, 28 Nov 2017 02:31:46 -0800 Received-SPF: none receiver=mail.tffenterprises.com; client-ip=91.183.137.138; envelope-from=patrick@bulckens.com Received: by bulckens.com (CommuniGate Pro PIPE 6.1.11) with PIPE id 1838625; Tue, 28 Nov 2017 11:31:33 +0100 X-ExtScanner: Niversoft's AddFooter filter Received: from [192.168.252.95] (account trikke@bulckens.com HELO [192.168.252.95]) by bulckens.com (CommuniGate Pro SMTP 6.1.11) with ESMTPSA id 1838619 for cgpsa-discuss@mail.tffenterprises.com; Tue, 28 Nov 2017 11:31:25 +0100 From: Patrick Sneyers Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Subject: Re: [CGPSA] Test Date: Tue, 28 Nov 2017 11:31:25 +0100 References: To: CGPSA Discussion List In-Reply-To: Message-Id: X-Mailer: Apple Mail (2.3273) > Yes, I would love to see a more recent SpamAssassin release. > Here, the network rules are on (URIBL, SBL, Razor2,...) are not = working > properly, and without these rules, bayes alone doesn't suffice. >=20 > Does anybody know about tips how to find out why the network based = rules > don=E2=80=99t work and how to make them work? You 'll need to set up your own caching DNS server, these blacklists are = free, but limit requests per server, and will refuse your's if you use a = public DNS (or any one from an ISP,...) Try this: $ dig test.uribl.com.multi.uribl.com txt +short "127.0.0.1 -> Query Refused. See http://uribl.com/refused.shtml for more = information [Your DNS IP: 74.125.73.85]" I use powerdns recursor. apt-get install pdns-recursor on OS X: brew install pdnsrec You can add it to local.cf, if your don't want the OS to use it. dns_server 127.0.0.1 https://wiki.apache.org/spamassassin/CachingNameserver As a sidenote: Caching servers are very useful in your network too.=20 My main DNS servers are Windows (AD, your know), but those are kind of = slow, and - important - they can't do real external DNS by themselves, = they need a forwarding server. If you set them up, as most do, with Google DNS of OpenDNS forwarders, = they become useless for SA network tests. So the set-up involves 2 DNS servers *=20 AD DNS server, with all my internal FQDN's for use in LAN, configured = with a forwarder: PDNS_REC server, configured to look back at the AD DNS to resolve = internal domains. Anything else, it gets directly form the interwebs. Kind of a Look-At-Aach-Other-DNS, works great. Bonus1 SA can use the PDNS_REC to do network tests Bonus2 Any other client in your LAN can use it too, to enjoy blazing fast DNS * (actually 4 DNS servers, 2 of each...) Patrick ------------------------------------------------------------------------=09= zwartopwit.be - Drukkerij Bulckens http://www.zwartopwit.be Beestig drukwerk van A tot XXL Industriezone Herentals Grensstraat 9, 2270 Herenthout +32 (0) 14 28 58 78 ------------------------------------------------------------------------