Page 1 of 2 12 LastLast
Results 1 to 10 of 17
  1. #1
    Untanglit
    Join Date
    Feb 2016
    Posts
    17

    Default more spam getting through in v12

    This might be unrelated to the upgrade... and more to do with using our local ISP's DNS (Cox) 68.105.28.16 and 68.105.29.16
    Since the upgrade we noticed a ton more spam is coming through.

    spamassassin is firing the URIBL_BLOCKED rule - it's all over the logs. Spam that used to get flagged as spam now passes with a score of zero.

    Reading these notes:
    http://uribl.com/refused.shtml

    If you are low volume user, you have a few options. Possibly changing your nameservers from a public dns provider (ie opendns/google) to your local ISP may solve it. If your local ISP is also effected because they are very large (ie cox/att/comcast/etc), you may need to use your own recursive DNS solution. If your company has DNS servers, point to them for resolution. Alternatively, you could setup a caching nameserver on the loopback of the machine doing the spam checking, and point the DNS to localhost.

    We do have a DNS server internally within our network. Do I add the local IP address of our DNS server to Untangle's external interface primary DNS?

  2. #2
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    post a screenshot of the events. Show as much as you can of the "Detail" column as you can fit on the screen.

    URIBL_BLOCKED is common.
    It would be nice to find a way to get URIBL working, but URIBL is just a tiny piece of spamassassin's sigs and is likely not the issue if you have having all mail score as 0.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untanglit
    Join Date
    Feb 2016
    Posts
    17

    Default

    events.png
    only one of those messages was not spam (from hp support)

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,994

    Default

    URIBL.org and DNSQL.org queries will not work via COX provided DNS servers.
    spamhaus.org queries will intermittently not work.

    The only way I've found around this is to lease a VPS, get a DNS service running on it, and redirect those three domains to it. You can use this to test: http://wiki.untangle.com/index.php/S...k_DNSBL_Access

    You can also run a DNS server onsite, and pass things through that. However, while that seems to fix the first two, that last one simply times out on my Cox here. Hence, the VPS.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Untanglit
    Join Date
    Feb 2016
    Posts
    17

    Default

    I guess I'm unclear if untangle can point to a DNS server within the LAN, as opposed to something external. Our exchange box is also a DNS server, DC, etc. We have 10 users in our office...

  6. #6
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,994

    Default

    Untangle can point at whatever DNS server you want. But if you want it to filter spam well, you'd better crack open SSH and run that check from time to time. And if a test doesn't work, that's when you get creative.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  7. #7
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    I doubt thats related to DNS. It doesnt look like any rules are firing. I bet its a signature issue. It probably hasn't been able to download the new signatures for some reason. Assuming its connected to the internet I would contact support.

    If you ever tried to update the signatures manually as root then I would just reinstall. We've had a couple users call that tried to do this because they saw something on the forums. That does not work. It sets the permissions of the signature files incorrectly and prevent all future updates from working.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  8. #8
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,994

    Default

    Ouch... well, to be fair I've been on the receiving end of some really bad bayes databases because of goofy DNS over time.

    So OP, after you reinstall, check your DNS, you'll be glad you did!
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  9. #9
    Untanglit
    Join Date
    Feb 2016
    Posts
    17

    Default

    Quote Originally Posted by dmorris View Post
    I doubt thats related to DNS. It doesnt look like any rules are firing. I bet its a signature issue. It probably hasn't been able to download the new signatures for some reason. Assuming its connected to the internet I would contact support.

    If you ever tried to update the signatures manually as root then I would just reinstall. We've had a couple users call that tried to do this because they saw something on the forums. That does not work. It sets the permissions of the signature files incorrectly and prevent all future updates from working.
    I guess my post was a bit misleading. I had sorted the events to show all events with a score of zero. The filter is working somewhat, just less effective than it was at v11.2

    events.png
    spam ratio.png

    The spam ratio used to be closer to 90% in v 11.2
    I did not attempt to update anything manually.

    I will try the DNS change and see if it helps any. Thanks for the feedback so far.

  10. #10
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,994

    Default

    That doesn't look right to me either, I would open a ticket and let support dig in. That module more so than most of the others is difficult to support remotely, and requires a pretty specific skill-set to dig into and fix.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2