Strange DNS notices in maillog

Richard G

Verified User
Joined
Jul 6, 2008
Messages
4,384
Location
Maastricht
Since some time I get these DNS notices from Spamd in /var/log/maillog:
Code:
Jan  7 17:22:41 server18 spamd[1513]: dns: a likely matching query: 51/IN/A/preqin.com.multi.uribl.com
Jan  7 17:22:41 server18 spamd[1513]: dns: a likely matching query: 4607/IN/A/preqin.com.multi.surbl.org
Jan  7 17:22:41 server18 spamd[1513]: dns: a likely matching query: 45062/IN/A/preqin.com.dob.sibl.support-intelligence.net
Jan  7 17:22:41 server18 spamd[1513]: dns: a likely matching query: 25490/IN/A/preqin.com.dbl.spamhaus.org
Jan  7 17:22:41 server18 spamd[1513]: dns: a likely matching query: 31120/IN/NS/preqin.com
Jan  7 17:22:41 server18 spamd[1513]: dns: a likely matching query: 10632/IN/A/preqin.com
Jan  7 17:22:41 server18 spamd[1513]: dns: a likely matching query: 42434/IN/A/lnk.ie.multi.uribl.com
Jan  7 17:22:41 server18 spamd[1513]: dns: a likely matching query: 21485/IN/A/lnk.ie.multi.surbl.org
Jan  7 17:22:41 server18 spamd[1513]: dns: a likely matching query: 16058/IN/A/lnk.ie.dob.sibl.support-intelligence.net
Jan  7 17:22:41 server18 spamd[1513]: dns: a likely matching query: 18464/IN/A/lnk.ie.dbl.spamhaus.org
Jan  7 17:22:41 server18 spamd[1513]: dns: a likely matching query: 45711/IN/NS/lnk.ie
Jan  7 17:22:41 server18 spamd[1513]: dns: a likely matching query: 2413/IN/A/lnk.ie
Jan  7 17:22:41 server18 spamd[1513]: dns: a likely matching query: 7341/IN/A/www.preqin.com
Jan  7 17:22:41 server18 spamd[1513]: dns: a likely matching query: 2105/IN/A/customerdomain.com.multi.uribl.com
Jan  7 17:22:41 server18 spamd[1513]: dns: a likely matching query: 17165/IN/A/customerdomain.multi.surbl.org
Jan  7 17:22:41 server18 spamd[1513]: dns: a likely matching query: 2301/IN/A/customerdomain.dob.sibl.support-intelligence.net
Jan  7 17:22:41 server18 spamd[1513]: dns: a likely matching query: 36819/IN/A/customerdomain.com.dbl.spamhaus.org
Jan  7 17:22:41 server18 spamd[1513]: dns: a likely matching query: 22383/IN/NS/customerdomain.com
And a lot more of these.

I don't have any DNS issues, and I don't understand what I found on Google about this.

Does anyone know what is causing this? And is this normal or can this be fixed some how?
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
14,094
Location
GMT +7.00
Hello Richard,

Though I've never seen them before in logs on my end, they look normal unless you've got too many emails rejected. It might be related to DNS Blocklists of Spamassassin. Pay attention to the hosts which are requested, they are based on uribl.com, surbl.org, spamhaus.org, etc.

https://wiki.apache.org/spamassassin/DnsBlocklists
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
4,384
Location
Maastricht
It seems some bug which might have to do with Net::DNS. I started to get all kinds of problems when I updated complete cpan. Then Net::DNS was also updated from 0.97 to 1.01 which had issues, then a fix 1.02 which also had issues with SPF and they brought out 1.03 and 1.04 which is the latest one.
Seems the SPF issues are fix bot those net DNS issues aren't.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7033

Maybe this gives a better explanation:
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7223

As I understand it, you are likely to get the same problem after updating Net::DNS to a version higher then 0.83 and it's still not fixed in 1.04.

The specific line is in DNSResolver.pm
Code:
        if ($cb) {
          $cb->($packet, $id, $now);
          $cnt++;
        } else {  # no match, report the problem
          info("dns: no callback for id %s, ignored; packet: %s",
               $id,  $packet ? $packet->string : "undef" );
          # report a likely matching query for diagnostic purposes
          local $1;
          if ($id =~ m{^(\d+)/}) {
            my $dnsid = $1;  # the raw DNS packet id
            my @matches =
              grep(m{^\Q$dnsid\E/}, keys %{$self->{id_to_callback}});
            if (!@matches) {
              info("dns: no likely matching queries for id %s", $dnsid);
            } else {
              info("dns: a likely matching query: %s", join(', ', @matches));
As stated here:
https://apache.googlesource.com/spamassassin/+/72c4eacc2db3c9da56f214eaa9c6f0ceb86c9e59/lib/Mail/SpamAssassin/DnsResolver.pm

But I don't know code so I don't know what it exactly does or when it states this notice.

Everything seems to work fine though. At least I hope so, hope it still checks the rbl's like it should.
 

huan

Verified User
Joined
Mar 7, 2005
Messages
30
Location
Poland
I am also getting these kind of errors and RBL checks are not working in Spamassassin. Probably because of it.
 
Top