Results 1 to 3 of 3
  1. #1
    Newbie
    Join Date
    May 2018
    Posts
    2

    Default Exceed time limit, skipping furher tests

    Hi,

    I currently evaluating Untangle and I have a strange problem which I cannot track down.
    I've enabled Spam Blocker to scan inbound traffic to the internal SMTP server. Every check logs error:

    May 5 13:06:48 utf spamd[31113]: check: exceeded time limit in Mail::SpamAssassin::Plugin::Check::_eval_tests_type13_pri0_set1, skipping further tests
    May 5 13:06:48 utf spamd[31113]: spamd: clean message (2.9/5.0) for spamd:10000 in 35.3 seconds, 69794 bytes.
    May 5 13:06:48 utf spamd[31113]: spamd: result: . 2 - HEADER_FROM_DIFFERENT_DOMAINS,HTML_IMAGE_RATIO_02,HTML_MESSAGE,MIME_HTML_ONLY,MPART_ALT_DIFF,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_PASS,TIME_LIMIT_EXCEEDED scantime=35.3,size=69794,user=spamd,uid=10000,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=5138,mid=<0.0.1B.FE7.1D3E4609C34A0EC.0@pmta43054.emarsys.net>,autolearn=unavailable

    I've changed DNS servers, verified DNS via check_spam_health.sh script (it is all ok, no errors). How I can debug or find place, where _eval_tests_type13_pri0_set1 is defined?

    Best regards,
    Maciek

  2. #2
    Newbie
    Join Date
    May 2018
    Posts
    2

    Default

    Ok, this is definitely an upstream DNS issue in DNSBL checks. After enabling debug with SpamAssassin, I've found that several first DNS checks runs very quick, but rest of them got very long response time:

    May 5 17:23:15 utf spamd[108046]: async: timing: 0.016 . dns:MX:gmail.com
    May 5 17:23:15 utf spamd[108046]: async: timing: 0.016 . dns:A:gmail.com
    May 5 17:23:15 utf spamd[108046]: async: timing: 0.047 . dns:A:174.128.85.209.list.dnswl.org
    May 5 17:23:15 utf spamd[108046]: async: timing: 0.068 . dns:A:174.128.85.209.zen.spamhaus.org
    May 5 17:23:15 utf spamd[108046]: async: timing: 0.083 . dns:A:174.128.85.209.wl.mailspike.net
    May 5 17:23:15 utf spamd[108046]: async: timing: 0.084 . dns:A:174.128.85.209.bl.mailspike.net
    May 5 17:23:15 utf spamd[108046]: async: timing: 0.124 . dns:TXT:174.128.85.209.bl.spamcop.net
    May 5 17:23:15 utf spamd[108046]: async: timing: 35.972 . dns:TXT:174.128.85.209.sa-accredit.habeas.com
    May 5 17:23:15 utf spamd[108046]: async: timing: 35.974 . dns:A:174.128.85.209.iadb.isipp.com
    May 5 17:23:15 utf spamd[108046]: async: timing: 35.976 . dns:A:174.128.85.209.psbl.surriel.com
    May 5 17:23:15 utf spamd[108046]: async: timing: 35.979 . dns:TXT:174.128.85.209.sa-trusted.bondedsender.org
    May 5 17:23:15 utf spamd[108046]: async: timing: 35.982 . dns:A:174.128.85.209.bl.score.senderscore.com
    May 5 17:23:15 utf spamd[108046]: async: timing: 35.985 . dns:A:174.128.85.209.dnsbl.sorbs.net

    I've changed upstream DNS to another provider, and now the issue is gone:

    May 5 17:33:20 utf spamd[108046]: async: timing: 0.015 . dns:A:gmail.com
    May 5 17:33:20 utf spamd[108046]: async: timing: 0.028 . DNSBL:113.195.251.205:sbl.spamhaus.org
    May 5 17:33:20 utf spamd[108046]: async: timing: 0.029 . DNSBL:74.197.251.205:zen.spamhaus.org
    May 5 17:33:20 utf spamd[108046]: async: timing: 0.029 . A:d01-01.ns.twtrdns.net
    May 5 17:33:20 utf spamd[108046]: async: timing: 0.029 . A:d01-02.ns.twtrdns.net
    May 5 17:33:20 utf spamd[108046]: async: timing: 0.030 . A:ns4.p34.dynect.net
    May 5 17:33:20 utf spamd[108046]: async: timing: 0.031 . DNSBL:twimg.com:dob.sibl.support-intelligence.net
    May 5 17:33:20 utf spamd[108046]: async: timing: 0.035 . A:a.r06.twtrdns.net
    May 5 17:33:20 utf spamd[108046]: async: timing: 0.036 . A:ns2.p34.dynect.net
    May 5 17:33:20 utf spamd[108046]: async: timing: 0.036 . A:r01-02.ns.twtrdns.net
    May 5 17:33:20 utf spamd[108046]: async: timing: 0.037 . A:r01-01.ns.twtrdns.net
    May 5 17:33:20 utf spamd[108046]: async: timing: 0.039 . A:ns3.p34.dynect.net
    May 5 17:33:20 utf spamd[108046]: async: timing: 0.040 . DNSBL:7.46.244.104:zen.spamhaus.org
    May 5 17:33:20 utf spamd[108046]: async: timing: 0.044 . A:ns1.p34.dynect.net
    May 5 17:33:20 utf spamd[108046]: async: timing: 0.047 . DNSBL:34.251.13.204:zen.spamhaus.org
    May 5 17:33:20 utf spamd[108046]: async: timing: 0.052 . DNSBL:70.220.184.93:zen.spamhaus.org
    May 5 17:33:20 utf spamd[108046]: async: timing: 0.052 . DNSBL:34.70.78.208:sbl.spamhaus.org
    May 5 17:33:20 utf spamd[108046]: async: timing: 0.053 . DNSBL:179.192.251.205:sbl.spamhaus.org
    May 5 17:33:20 utf spamd[108046]: async: timing: 0.055 . DNSBL:34.71.78.208:zen.spamhaus.org
    May 5 17:33:20 utf spamd[108046]: async: timing: 0.057 . DNSBL:34.71.78.208:sbl.spamhaus.org
    May 5 17:33:20 utf spamd[108046]: async: timing: 0.060 . NS:twimg.com
    May 5 17:33:20 utf spamd[108046]: async: timing: 0.061 . DNSBL:70.220.184.93:sbl.spamhaus.org
    May 5 17:33:20 utf spamd[108046]: async: timing: 0.061 . DNSBL:179.192.251.205:zen.spamhaus.org
    May 5 17:33:20 utf spamd[108046]: async: timing: 0.063 . dns:A:178.128.85.209.list.dnswl.org
    May 5 17:33:20 utf spamd[108046]: async: timing: 0.064 . DNSBL:231.46.244.104:zen.spamhaus.org
    May 5 17:33:20 utf spamd[108046]: async: timing: 0.068 . DNSBL:7.46.244.104:sbl.spamhaus.org
    May 5 17:33:20 utf spamd[108046]: async: timing: 0.068 . dns:MX:gmail.com
    May 5 17:33:20 utf spamd[108046]: async: timing: 0.069 . dns:A:178.128.85.209.zen.spamhaus.org
    May 5 17:33:20 utf spamd[108046]: async: timing: 0.070 . Abs.twimg.com
    May 5 17:33:20 utf spamd[108046]: async: timing: 0.070 . A:ea.twimg.com
    May 5 17:33:20 utf spamd[108046]: async: timing: 0.071 . dns:A:178.128.85.209.psbl.surriel.com
    May 5 17:33:20 utf spamd[108046]: async: timing: 0.075 . dns:TXT:178.128.85.209.sa-trusted.bondedsender.org
    May 5 17:33:20 utf spamd[108046]: async: timing: 0.076 . dns:A:178.128.85.209.bl.score.senderscore.com
    May 5 17:33:20 utf spamd[108046]: async: timing: 0.077 . dns:TXT:178.128.85.209.bl.spamcop.net
    May 5 17:33:20 utf spamd[108046]: async: timing: 0.078 . dns:TXT:157.156.16.199.bl.spamcop.net
    May 5 17:33:20 utf spamd[108046]: async: timing: 0.079 . dns:TXT:178.128.85.209.sa-accredit.habeas.com
    May 5 17:33:20 utf spamd[108046]: async: timing: 0.080 . dns:A:178.128.85.209.wl.mailspike.net
    May 5 17:33:20 utf spamd[108046]: async: timing: 0.081 . dns:A:178.128.85.209.bl.mailspike.net
    May 5 17:33:20 utf spamd[108046]: async: timing: 0.084 . DNSBL:231.46.244.104:sbl.spamhaus.org
    May 5 17:33:20 utf spamd[108046]: async: timing: 0.085 . DNSBL:twimg.com:dbl.spamhaus.org
    May 5 17:33:20 utf spamd[108046]: async: timing: 0.093 . DNSBL:twimg.com:multi.surbl.org
    May 5 17:33:20 utf spamd[108046]: async: timing: 0.127 . dns:A:178.128.85.209.iadb.isipp.com
    May 5 17:33:20 utf spamd[108046]: async: timing: 0.160 . DNSBL:34.250.13.204:zen.spamhaus.org
    May 5 17:33:20 utf spamd[108046]: async: timing: 0.162 . DNSBL:34.250.13.204:sbl.spamhaus.org
    May 5 17:33:20 utf spamd[108046]: async: timing: 0.168 . DNSBL:twimg.com:multi.uribl.com
    May 5 17:33:20 utf spamd[108046]: async: timing: 0.172 . dns:A:157.156.16.199.zen.spamhaus.org
    May 5 17:33:20 utf spamd[108046]: async: timing: 2.742 . DNSBL:113.195.251.205:zen.spamhaus.org
    May 5 17:33:20 utf spamd[108046]: async: timing: 2.745 . DNSBL:74.197.251.205:sbl.spamhaus.org
    May 5 17:33:20 utf spamd[108046]: async: timing: 2.752 . DNSBL:34.251.13.204:sbl.spamhaus.org
    May 5 17:33:20 utf spamd[108046]: async: timing: 2.755 . DNSBL:34.70.78.208:zen.spamhaus.org
    May 5 17:33:20 utf spamd[108046]: async: timing: 2.835 . dns:A:157.156.16.199.dnsbl.sorbs.net
    May 5 17:33:20 utf spamd[108046]: async: timing: 2.843 . dns:A:178.128.85.209.dnsbl.sorbs.net

    I don't know why previous DNS servers behave so weird, I've used them for some time now (Cloudflare's 1.1.1.1 and 1.0.0.1) and I didn't have any problems with them with anything but DNSBL checks on Untangle.

    Best regards,
    Maciek

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,288

    Default

    If you want to use either Spam Blocker, you CANNOT use ANY public DNS service.

    The Spam Blocker is dependent on several free DNS lists, all of them cut out after so many free lookups from that DNS server's IP address. So if you use any public DNS anywhere, you'll eventually have problems. And a good portion of the time, those problems are intermittent.

    The good news is you don't have to find a single DNS source that works for all of the lookups. The DNS tab gives you a servers feature, you can use that to push specific domains to specific DNS servers. What I ended up doing was setting up a system of my own in the cloud to do DNS for me, while it was slow it always worked. I could forward spamhaus.org, uribl.com, and dnswl.org requests to it, while the rest went for whatever DNS was fast for that location.

    It really is a giant pain, but you have to get DNS nailed down for the Spam Blockers.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2