Hi, Micah Anderson <micah@...> writes: > > I'm running the latest clamav-unofficial-sigs.sh script, and > periodically I am seeing this in my cron error output: > > 193.158.37.141 does not exist, try again [..] I'm experiencing this problem as well, it shows up as cron errors. I started looking more into the problem, and I'm not convinced that it has to do with a connection limit blocking problem, rather it has to do with the fact that 193.158.37.141 does not have a proper DNS reverse PTR record associated with it, which causes this error. The clamav-unofficial-sigs script seems to expect 'host' to return an actual hostname from the reverse lookup of the IP. If you look at line 900 and 987 (of the latest released script): line 900: ss_mirror_name=`host $ss_mirror_ip | awk '{print $NF}' | cut -d "(" -f2 | sed 's/\(.*\)./\1/'` line 987: msrbl_mirror_name=`host $msrbl_mirror_ip | awk '{print $NF}' | cut -d "(" -f2 | sed 's/\(.*\)./\1/'` using the ISC 'host' package, this ends up looking like this: $ host 193.158.37.141 | awk '{print $NF}' | cut -d "(" -f2 | sed 's/\(.*\)./\1/' 193.158.37.141 does not exist, try again $ Ok, so let us look a little further back. The host line is operating on $ss_mirror_ip, which comes from a few lines previous: ss_mirror_ips=`host -T $ss_url | awk '{print $NF}'` and $ss_url is defined as: ss_url="rsync.sanesecurity.net" So the $ss_mirror_ips gets the result of: 'host -T rsync.sanesecurity.net | awk '{print $NF}' which produces a set including '193.158.37.141 does not exist, try again' I believe the problem is that 193.158.37.141 does *not* have a reverse DNS setup, and the script does not handle that properly. Try any tool on the internet to do a reverse lookup: http://remote.12dt.com/lookup.php produces: Results (unable to resolve 193.158.37.141) http://www.kloth.net/services/nslookup.php produces: ** server can't find 141.37.158.193.in-addr.arpa: NXDOMAIN http://codeflux.com/exec/tools/?method=nslookup&query=193.158.37.141 provides: ** server can't find 141.37.158.193.in-addr.arpa: NXDOMAIN http://www.zonecut.net/dns/ provides: No nameservers found for 193.158.37.141 http://cgibin.erols.com/ziring/cgi-bin/nsgate/gate.pl?submit=Search+by+IP+Address&q=193.158.37.141&mode=2&qtype=PTR&persist=1&.cgifields=persist&.cgifields=log produces: Sorry, no results found for 193.158.37.141. You will see that 193.158.37.141 conclusively does not have a valid PTR record, and the the script is expecting one to formulate its queries. An interesting aside, unrelated to this problem, but perhaps something Bill should be aware of, is that the 'working' IPs in the round-robin produces different results from the different 'host' programs: 1. using the ISC 'host': $ host 69.63.144.20 | awk '{print $NF}' | cut -d "(" -f2 | sed 's/\(.*\)./\1/' update2.fslupdate.co 69.63.144.2 2. using the 'bind9-host': $ host 69.63.144.20 | awk '{print $NF}' | cut -d "(" -f2 | sed 's/\(.*\)./\1/' update2.fslupdate.com Notice that the ISC 'host' produces two lines, including the IP, and the bind9-host produces only one line. If I use the 'bind9-host' package, the ss_mirror_name query looks like this: $ host 193.158.37.141 | awk '{print $NF}' | cut -d "(" -f2 | sed 's/\(.*\)./\1/' NXDOMAIN If I perform a DNS lookup of the IP address in question on Debian, which is running bind9-host 1:9.6.1.dfsg-2, I get the following: $ host 193.158.37.141 Host 141.37.158.193.in-addr.arpa. not found: 3(NXDOMAIN) That is because there is no reverse PTR record. If you do this same lookup with the ISC 'host' package, you get the error we are talking about: 193.158.37.141 does not exist, try again When doing the ss_mirror_ips=`host -T $ss_url | awk '{print $NF}'` the results using bind9-host look like this: www01.masbytes.es odin.kozstyle.org spamcop03.sentechsa.net NXDOMAIN update1.fslupdate.com .... (notice the NXDOMAIN) When using the ISC 'host', they look like this: $ for ip in `host -T rsync.sanesecurity.net|awk '{print $NF}'`; do host $ip | awk '{print $NF}' | cut -d "(" -f2 | sed 's/\(.*\)./\1/'; done update1.fslupdate.co 69.63.144.1 update2.fslupdate.co 69.63.144.2 mail.us.tx1.zoidial.co 72.249.91.12 mx0.roessner-net.d 78.46.253.22 sanesecurity.retrosnub.co.u 78.129.234.1 193.158.37.141 does not exist, try again resolv3.vianetworks.d 194.77.111.2 www01.masbytes.e 213.194.159.3 ... Again, notice the '193.158.37.141 does not exist, try again'. Please also note that two attempts to post through gmane failed. Although I have been informed that I have successfully verified my sender address. Thanks, Al Sterman