Mailing List Archive

spamhaus.net. type=A class=IN) failed: a domain name contains a null label
The complete error looks like this:

spamd[435769]: dns: new_dns_packet
(domain=o279.send.iheartdogs.com..xxxxxxxxxxxxxxxxxxxxxxxxxx/dbl.dq.spa
mhaus.net. type=A class=IN) failed: a domain name contains a null label

This doesn't seem to happen each and every incoming message and I guess
it really doesn't hurt anything however I'm just curious as to what
might be causing it. It appears to have been going on all year so far
but as I said not with every incoming message just from certain domains
it seems.

Any ideas?

--
Chris
31.11972; -97.90167 (Elev. 1092 ft)
20:12:39 up 4:07, 1 user, load average: 1.47, 1.11, 0.88
Description: Ubuntu 20.04.1 LTS, kernel 5.4.0-48-generic
Re: spamhaus.net. type=A class=IN) failed: a domain name contains a null label [ In reply to ]
On Tue, 6 Oct 2020, Chris wrote:

> The complete error looks like this:
>
> spamd[435769]: dns: new_dns_packet
> (domain=o279.send.iheartdogs.com..xxxxxxxxxxxxxxxxxxxxxxxxxx/dbl.dq.spa
> mhaus.net. type=A class=IN) failed: a domain name contains a null label
>
> This doesn't seem to happen each and every incoming message and I guess
> it really doesn't hurt anything however I'm just curious as to what
> might be causing it. It appears to have been going on all year so far
> but as I said not with every incoming message just from certain domains
> it seems.
>
> Any ideas?

It's the dot-dot in that request.

(1) Do you happen to have a spample that does that? If so, could you
upload it to pastebin and post the URL for it here?

(2) What version of SpamAssassin are you running?

See:
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7156
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=6896

That was converted from a warning to an info, so it looks like your SA
version may be a bit stale.

I don't think we ever pulled the trigger on normalizing ".." ? "." for
URIBL lookups as a URL with a malformed FQDN like that doesn't work in a
browser.


--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
I'm seriously considering getting one of those bright-orange prison
overalls and stencilling PASSENGER on the back. Along with the paper
slippers, I ought to be able to walk right through security.
-- Brian Kantor in a.s.r
-----------------------------------------------------------------------
Tomorrow: the 449th anniversary of the muslim Ottoman defeat at Lepanto
Re: spamhaus.net. type=A class=IN) failed: a domain name contains a null label [ In reply to ]
On Tue, 2020-10-06 at 18:54 -0700, John Hardin wrote:
> On Tue, 6 Oct 2020, Chris wrote:
>
> > The complete error looks like this:
> >
> > spamd[435769]: dns: new_dns_packet
> > (domain=o279.send.iheartdogs.com..xxxxxxxxxxxxxxxxxxxxxxxxxx/dbl.dq
> > .spa
> > mhaus.net. type=A class=IN) failed: a domain name contains a null
> > label
> >
> > This doesn't seem to happen each and every incoming message and I
> > guess
> > it really doesn't hurt anything however I'm just curious as to what
> > might be causing it. It appears to have been going on all year so
> > far
> > but as I said not with every incoming message just from certain
> > domains
> > it seems.
> >
> > Any ideas?
>
> It's the dot-dot in that request.
>
> (1) Do you happen to have a spample that does that? If so, could you
> upload it to pastebin and post the URL for it here?
>
> (2) What version of SpamAssassin are you running?
>
> See:
> https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7156
> https://bz.apache.org/SpamAssassin/show_bug.cgi?id=6896
>
> That was converted from a warning to an info, so it looks like your
> SA
> version may be a bit stale.
>
> I don't think we ever pulled the trigger on normalizing ".." ? "."
> for
> URIBL lookups as a URL with a malformed FQDN like that doesn't work
> in a
> browser.
>
John, I'm running 3.4.4 - Installed: 3.4.4-1ubuntu1 here's the paste
https://pastebin.com/9CXBM4nG

Chris

--
Chris
31.11972; -97.90167 (Elev. 1092 ft)
21:11:44 up 5:06, 1 user, load average: 0.95, 0.74, 0.86
Description: Ubuntu 20.04.1 LTS, kernel 5.4.0-48-generic
Re: spamhaus.net. type=A class=IN) failed: a domain name contains a null label [ In reply to ]
On Tue, 6 Oct 2020, Chris wrote:

> On Tue, 2020-10-06 at 18:54 -0700, John Hardin wrote:
>> On Tue, 6 Oct 2020, Chris wrote:
>>
>>> The complete error looks like this:
>>>
>>> spamd[435769]: dns: new_dns_packet
>>> (domain=o279.send.iheartdogs.com..xxxxxxxxxxxxxxxxxxxxxxxxxx/dbl.dq
>>> .spamhaus.net. type=A class=IN) failed: a domain name contains a null
>>> label

> John, I'm running 3.4.4 - Installed: 3.4.4-1ubuntu1

That should be an info-level message in 3.4.4 - where did you see it? Is
your logging turned up?

> here's the paste
> https://pastebin.com/9CXBM4nG

I don't see any body on that...

--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The question of whether people should be allowed to harm themselves
is simple. They *must*. -- Charles Murray
-----------------------------------------------------------------------
Tomorrow: the 449th anniversary of the muslim Ottoman defeat at Lepanto
Re: spamhaus.net. type=A class=IN) failed: a domain name contains a null label [ In reply to ]
On Tue, 2020-10-06 at 19:49 -0700, John Hardin wrote:
> On Tue, 6 Oct 2020, Chris wrote:
>
> > On Tue, 2020-10-06 at 18:54 -0700, John Hardin wrote:
> > > On Tue, 6 Oct 2020, Chris wrote:
> > >
> > > > The complete error looks like this:
> > > >
> > > > spamd[435769]: dns: new_dns_packet
> > > > (domain=o279.send.iheartdogs.com..xxxxxxxxxxxxxxxxxxxxxxxxxx/db
> > > > l.dq
> > > > .spamhaus.net. type=A class=IN) failed: a domain name contains
> > > > a null
> > > > label
> > John, I'm running 3.4.4 - Installed: 3.4.4-1ubuntu1
>
> That should be an info-level message in 3.4.4 - where did you see it?
> Is
> your logging turned up?
>
> > here's the paste
> > https://pastebin.com/9CXBM4nG
>
> I don't see any body on that...
>
Here's the message complete with body - https://pastebin.com/CW7Vj7Yh
This written to my syslog - https://pastebin.com/M12PS1fK


--
Chris
KeyID 0xE372A7DA98E6705C
31.11972; -97.90167 (Elev. 1092 ft)
22:19:13 up 6:13, 1 user, load average: 1.70, 1.17, 0.61
Description: Ubuntu 20.04.1 LTS, kernel 5.4.0-48-generic
Re: spamhaus.net. type=A class=IN) failed: a domain name contains a null label [ In reply to ]
On Tue, 2020-10-06 at 19:49 -0700, John Hardin wrote:
> On Tue, 6 Oct 2020, Chris wrote:
>
> > On Tue, 2020-10-06 at 18:54 -0700, John Hardin wrote:
> > > On Tue, 6 Oct 2020, Chris wrote:
> > >
> > > > The complete error looks like this:
> > > >
> > > > spamd[435769]: dns: new_dns_packet
> > > > (domain=o279.send.iheartdogs.com..xxxxxxxxxxxxxxxxxxxxxxxxxx/db
> > > > l.dq
> > > > .spamhaus.net. type=A class=IN) failed: a domain name contains
> > > > a null
> > > > label
> > John, I'm running 3.4.4 - Installed: 3.4.4-1ubuntu1
>
> That should be an info-level message in 3.4.4 - where did you see it?
> Is
> your logging turned up?
>
> > here's the paste
> > https://pastebin.com/9CXBM4nG
>
> I don't see any body on that...
>
Here's the message complete with body - https://pastebin.com/CW7Vj7Yh
This written to my syslog - https://pastebin.com/M12PS1fK


--
Chris
31.11972; -97.90167 (Elev. 1092 ft)
22:25:28 up 6:19, 1 user, load average: 1.66, 1.31, 0.81
Description: Ubuntu 20.04.1 LTS, kernel 5.4.0-48-generic
Re: spamhaus.net. type=A class=IN) failed: a domain name contains a null label [ In reply to ]
Hi Chris,


>>>>> spamd[435769]: dns: new_dns_packet
>>>>> (domain=o279.send.iheartdogs.com..xxxxxxxxxxxxxxxxxxxxxxxxxx/db
>>>>> l.dq
>>>>> .spamhaus.net. type=A class=IN) failed: a domain name contains
>>>>> a null
>>>>> label
>>>
Can you check how the DQS lookups are defined in the .cf files?

The correct sytax would be, ie:

urirhssub URIBL_DBL_SPAM <your-key>.dbl.dq.spamhaus.net. A 127.0.1.2

From what appears in the logs it may be that you have an extra dot
somewhere, possibly before the DQS key

--
Best regards,
Riccardo Alfieri

Spamhaus Technology
https://www.spamhaustech.com/
Re: spamhaus.net. type=A class=IN) failed: a domain name contains a null label [ In reply to ]
On Wed, 7 Oct 2020, Riccardo Alfieri wrote:

> Hi Chris,
>
>
>>>>>> spamd[435769]: dns: new_dns_packet
>>>>>> (domain=o279.send.iheartdogs.com..xxxxxxxxxxxxxxxxxxxxxxxxxx/db
>>>>>> l.dq
>>>>>> .spamhaus.net. type=A class=IN) failed: a domain name contains
>>>>>> a null
>>>>>> label
>>>>
> Can you check how the DQS lookups are defined in the .cf files?
>
> The correct sytax would be, ie:
>
> urirhssub URIBL_DBL_SPAM <your-key>.dbl.dq.spamhaus.net. A 127.0.1.2
>
> From what appears in the logs it may be that you have an extra dot somewhere,
> possibly before the DQS key

That's *very* plausible if the "xxxxxxxxx" stuff in what you've been
providing is your obfuscated key.

Please note when you do things like that - not all of us have experience
with paid feeds, and wouldn't be able to detect the obfuscation... (like
me, for instance. I got to the same place but it wasn't as direct for me
as it was for Riccardo.)

If that is indeed the cause, then it might be worthwhile to open a bug to
strip leading dot(s) from urirhssub config lines to avoid this, or at
least generate a lint warning if they are present.


--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Ignorance is no excuse for a law.
-----------------------------------------------------------------------
Tomorrow: the 449th anniversary of the muslim Ottoman defeat at Lepanto
Re: spamhaus.net. type=A class=IN) failed: a domain name contains a null label [ In reply to ]
On Wed, 2020-10-07 at 03:40 +0000, Riccardo Alfieri wrote:
> Hi Chris,
>
>
> > > > > > spamd[435769]: dns: new_dns_packet
> > > > > > (domain=o279.send.iheartdogs.com..xxxxxxxxxxxxxxxxxxxxxxxxx
> > > > > > x/db
> > > > > > l.dq
> > > > > > .spamhaus.net. type=A class=IN) failed: a domain name
> > > > > > contains
> > > > > > a null
> > > > > > label
> > > >
>
> Can you check how the DQS lookups are defined in the .cf files?
>
> The correct sytax would be, ie:
>
> urirhssub URIBL_DBL_SPAM <your-key>.dbl.dq.spamhaus.net. A
> 127.0.1.2
>
> From what appears in the logs it may be that you have an extra dot
> somewhere, possibly before the DQS key

I checked my sh.cf in /etc/mail/spamassassin Riccardo and see no extra
'.' anywhere.
--
Chris
31.11972; -97.90167 (Elev. 1092 ft)
22:46:46 up 6:41, 1 user, load average: 0.22, 0.35, 0.49
Description: Ubuntu 20.04.1 LTS, kernel 5.4.0-48-generic
Re: spamhaus.net. type=A class=IN) failed: a domain name contains a null label [ In reply to ]
On Tue, 2020-10-06 at 20:52 -0700, John Hardin wrote:
> On Wed, 7 Oct 2020, Riccardo Alfieri wrote:
>
> > Hi Chris,
> >
> >
> > > > > > > spamd[435769]: dns: new_dns_packet
> > > > > > > (domain=o279.send.iheartdogs.com..xxxxxxxxxxxxxxxxxxxxxxx
> > > > > > > xxx/db
> > > > > > > l.dq
> > > > > > > .spamhaus.net. type=A class=IN) failed: a domain name
> > > > > > > contains
> > > > > > > a null
> > > > > > > label
> > Can you check how the DQS lookups are defined in the .cf files?
> >
> > The correct sytax would be, ie:
> >
> > urirhssub URIBL_DBL_SPAM <your-key>.dbl.dq.spamhaus.net. A
> > 127.0.1.2
> >
> > From what appears in the logs it may be that you have an extra dot
> > somewhere,
> > possibly before the DQS key
>
> That's *very* plausible if the "xxxxxxxxx" stuff in what you've been
> providing is your obfuscated key.
Yes it is.
>
> Please note when you do things like that - not all of us have
> experience
> with paid feeds, and wouldn't be able to detect the obfuscation...
> (like
> me, for instance. I got to the same place but it wasn't as direct for
> me
> as it was for Riccardo.)
>
> If that is indeed the cause, then it might be worthwhile to open a
> bug to
> strip leading dot(s) from urirhssub config lines to avoid this, or
> at
> least generate a lint warning if they are present.
>
>
As I just told Riccardo I've inspected my sh.cf file and I see no extra
'.' anywhere. If either of you wish I can send you my sh.cf file for
you to look at however I've pulled it up with a txt editor and searched
for either '..' or even a . before the beginning of my key.
--
Chris
31.11972; -97.90167 (Elev. 1092 ft)
22:57:24 up 6:51, 1 user, load average: 2.04, 0.73, 0.52
Description: Ubuntu 20.04.1 LTS, kernel 5.4.0-48-generic
Re: spamhaus.net. type=A class=IN) failed: a domain name contains a null label [ In reply to ]
On 07/10/20 05:55, Chris wrote:

> I checked my sh.cf in /etc/mail/spamassassin Riccardo and see no extra
> '.' anywhere.

I tested your email in my 3.4.4 installation with DQS and I don't see
issues.

So, if you want, send me your .cf files and I'll have a look at them,
but before that be absolutely sure that you are running the latest rules
from:

https://github.com/spamhaus/spamassassin-dqs

We only support the latest version

--
Best regards,
Riccardo Alfieri

Spamhaus Technology
https://www.spamhaustech.com/
Re: spamhaus.net. type=A class=IN) failed: a domain name contains a null label [ In reply to ]
On Tue, 6 Oct 2020, Chris wrote:

> On Wed, 2020-10-07 at 03:40 +0000, Riccardo Alfieri wrote:
>> Hi Chris,
>>
>>
>>>>>>> spamd[435769]: dns: new_dns_packet
>>>>>>> (domain=o279.send.iheartdogs.com..xxxxxxxxxxxxxxxxxxxxxxxxx
>>>>>>> x/db
>>>>>>> l.dq
>>>>>>> .spamhaus.net. type=A class=IN) failed: a domain name
>>>>>>> contains
>>>>>>> a null
>>>>>>> label
>>>>>
>>
>> Can you check how the DQS lookups are defined in the .cf files?
>>
>> The correct sytax would be, ie:
>>
>> urirhssub URIBL_DBL_SPAM <your-key>.dbl.dq.spamhaus.net. A
>> 127.0.1.2
>>
>> From what appears in the logs it may be that you have an extra dot
>> somewhere, possibly before the DQS key
>
> I checked my sh.cf in /etc/mail/spamassassin Riccardo and see no extra
> '.' anywhere.

Do you find a urirhssub line for {anything}dbl.dq.spamhaus.net there?

Did you check *all* of the local .cf files?


--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Ignorance is no excuse for a law.
-----------------------------------------------------------------------
Tomorrow: the 449th anniversary of the muslim Ottoman defeat at Lepanto
Re: spamhaus.net. type=A class=IN) failed: a domain name contains a null label [ In reply to ]
What version of spamassassin-dqs do you run?

Make sure it is at least v1.0.2, i.e. has the rdns chop [1] in the module.

> Here's the message complete with body - https://pastebin.com/CW7Vj7Yh
> This written to my syslog - https://pastebin.com/M12PS1fK

[1] https://github.com/spamhaus/spamassassin-dqs/blob/master/SH.pm#L666
Re: spamhaus.net. type=A class=IN) failed: a domain name contains a null label [ In reply to ]
On Wed, 2020-10-07 at 08:52 +0200, Damian wrote:
> What version of spamassassin-dqs do you run?
It's old, 20190704. I got the newest last night and after entering my
key I'll see if it makes a difference. I'd like to note that this is my
home desktop.

>
> Make sure it is at least v1.0.2, i.e. has the rdns chop [1] in the
> module.
>
> > Here's the message complete with body -
> > https://pastebin.com/CW7Vj7Yh
> > This written to my syslog - https://pastebin.com/M12PS1fK
>
> [1]
> https://github.com/spamhaus/spamassassin-dqs/blob/master/SH.pm#L666

--
Chris
31.11972; -97.90167 (Elev. 1092 ft)
07:30:17 up 15:24, 1 user, load average: 1.51, 1.22, 0.62
Description: Ubuntu 20.04.1 LTS, kernel 5.4.0-48-generic
Re: spamhaus.net. type=A class=IN) failed: a domain name contains a null label [ In reply to ]
That is indeed v1.0.1

> It's old, 20190704
Re: spamhaus.net. type=A class=IN) failed: a domain name contains a null label [ In reply to ]
Please use only the latest github package before submitting bugs.

We are really community focused, but, as already said, we can support
only the latests release

On 07/10/20 15:04, Damian wrote:
> That is indeed v1.0.1
>
>> It's old, 20190704

--
Best regards,
Riccardo Alfieri

Spamhaus Technology
https://www.spamhaustech.com/
Re: spamhaus.net. type=A class=IN) failed: a domain name contains a null label [ In reply to ]
On Wed, 2020-10-07 at 13:58 +0000, Riccardo Alfieri wrote:
> Please use only the latest github package before submitting bugs.
>
> We are really community focused, but, as already said, we can support
> only the latests release
>
> On 07/10/20 15:04, Damian wrote:
> > That is indeed v1.0.1
> >
> > > It's old, 20190704
I picked up 20200825 last night, just waiting for my new key.

--
Chris
31.11972; -97.90167 (Elev. 1092 ft)
09:37:02 up 17:31, 1 user, load average: 0.53, 0.39, 0.47
Description: Ubuntu 20.04.1 LTS, kernel 5.4.0-48-generic
Re: spamhaus.net. type=A class=IN) failed: a domain name contains a null label [ In reply to ]
On Wed, 2020-10-07 at 13:58 +0000, Riccardo Alfieri wrote:
> Please use only the latest github package before submitting bugs.
>
> We are really community focused, but, as already said, we can support
> only the latests release
>
> On 07/10/20 15:04, Damian wrote:
> > That is indeed v1.0.1
> >
> > > It's old, 20190704
Riccardo, after updating the issue has been resolved.

Thank you
Chris

--
Chris
31.11972; -97.90167 (Elev. 1092 ft)
19:43:53 up 1 day, 3:38, 1 user, load average: 1.10, 0.74, 0.71
Description: Ubuntu 20.04.1 LTS, kernel 5.4.0-48-generic