spamassassin-dev December 2011 archive
Main Archive Page > Month Archives  > spamassassin-dev archives
spamassassin-dev: [Bug 6724] DNS Blacklistsreturning purposefull

[Bug 6724] DNS Blacklistsreturning purposefully wrong answers as part of Anti-Abuse / Free for Some Policies

From: <bugzilla-daemon_at_nospam>
Date: Tue Dec 13 2011 - 15:35:55 GMT

--- Comment #4 from Matthias Leisi <> 2011-12-13 15:35:55 UTC ---
(In reply to comment #2)

> Matthias, are you able to block/return no answers or return a last octet of 255
> as a blocked answer. And NOT return purposefully wrong answers?

Technically, we can return whatever rbldnsd can return, ie any A value.

> ifplugin Mail::SpamAssassin::Plugin::DNSEval
> header RCVD_IN_DNSWL_BLOCKED eval:check_rbl_sub('dnswl-firsttrusted',
> '^127\.0\.\d+\.255$')

I would prefer an occasional lookup to "" (or even
"" returning a number of HTTP-like status codes), but I agree
with the comment made elsewhere that it takes non-trivial amount of code to
implement this.

As a second-best solution, the ..._BLOCKED is probably OK. Just the last octet
as 255 is possibly not very unique for other lists. Would stand
out more?

> tflags RCVD_IN_DNSWL_BLOCKED nice net

Possibly also avoid autolearning?

-- Configure bugmail: ------- You are receiving this mail because: ------- You are the assignee for the bug.