RBL check timeout bug?

[marcele]

On one of our servers when running csf --rbl <myemail> when I get the email it says:

RBL Check on web0.example.com: [860] failures

Everyone of the IPs has all the RBLs listed in red with no other text. I've manually gone to each of the RBLs and checked the IP addresses and none of them are listed.

I'm thinking that the RBL check times out after a while and silently fails, then sends out the email with the wrong results?

[marcele]

Also note that this server has about 20 different IP addresses assigned to it.

[ForumAdmin]

That would suggest problems with the output from the HOST command on the server.

You need to reverse the IP address being test and then append the RBL being used and test as follows (e.g. 1.2.3.4 on zen.spamhaus.org would look like):

Code: Select all

# host -t A 4.3.2.1.zen.spamhaus.org
Host 4.3.2.1.zen.spamhaus.org not found: 3(NXDOMAIN)

If you are seeing anything else then there's a problem and you need to quote the output. A positive hit would look like (e.g. 2.2.2.2 on zen.spamhaus.org would look like):

Code: Select all

# host -t A 2.2.2.2.zen.spamhaus.org
2.2.2.2.zen.spamhaus.org has address 127.0.0.11

If you're seeing a hit, then the text from the RBL (if available, not all provide it):

Code: Select all

# host -t TXT 2.2.2.2.zen.spamhaus.org
2.2.2.2.zen.spamhaus.org descriptive text "https://www.spamhaus.org/query/ip/2.2.2.2"

[marcele]

You were right. There was a wildcard DNS entry on the search domain that was causing this issue. Setting "search ." in /etc/resolv.conf fixed the issue.

Great catch!