spamassassin-dev December 2011 archive
Main Archive Page > Month Archives  > spamassassin-dev archives
spamassassin-dev: [Bug 6724] DNSxL returning purposefully wrong

[Bug 6724] DNSxL returning purposefully wrong answers as part of Anti-Abuse / Free for Some Policies

From: <bugzilla-daemon_at_nospam>
Date: Mon Dec 19 2011 - 16:51:40 GMT
To: dev@spamassassin.apache.org

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6724

--- Comment #33 from Darxus <Darxus@ChaosReigns.com> 2011-12-19 16:51:40 UTC ---
(In reply to comment #31)
> If you can implement this with 127.0.0.255, then the blocked rule is already
> live and I can then turn back on the scoring for DNSWL.

Is there a reason not to re-enable DNSWL now? It's no-longer violating SA
requirements, right? I wonder if you're assuming DNSWL doesn't want to be
re-enabled in SA until blocking is handled, but I think Matthias wouldn't have
commented what he did if that were the case.

(In reply to comment #32)
> There will be some finetuning necessary, as I see some resolvers being unhappy
> about the .invalid nameserver (doing three retries; I'll try out some
> variations over the next couple of days to assess impact & avoid collateral
> damage).

I'm sure I'm not the only one interested in more information on that (and the
increase in load you mentioned when returning the DNS rcode REFUSED). Maybe on
the dev list?

Aprogas in #bind on irc.freenode.net was trying to find somewhere in the RFCs a
definition of how things are supposed to respond to various rejections
(REFUSED, NXDOMAIN), as far as re-querying, and I don't think he found so much
as a "SHOULD".

Although re-querying when you've been told to go to the "invalid" tld seems
more clearly broken.

-- Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.