spamassassin-users December 2011 archive
Main Archive Page > Month Archives  > spamassassin-users archives
spamassassin-users: Re: DNSWL will be disabled by default as of

Re: DNSWL will be disabled by default as of tomorrow

From: Jeremy McSpadden <jeremy_at_nospam>
Date: Mon Dec 12 2011 - 18:03:41 GMT
To: "<darxus@chaosreigns.com> " <darxus@chaosreigns.com>

Thank you! I raised this question a few months ago and was in awe that it was enabled by default. It has caused quite a few issues that i've seen around the ML. They should return a different value than a negative score. Very bad design.

-- Jeremy McSpadden Flux Labs, Inc http://www.fluxlabs.net<http://www.fluxlabs.net/> Endless Solutions Office : 850-588-4626 Cell : 850-890-2543 Fax : 850-254-2955 On Dec 12, 2011, at 11:58 AM, <darxus@chaosreigns.com<mailto:darxus@chaosreigns.com>> wrote: Tomorrow's sa-update will include disabling of the DNSWL rules. If you wish to locally enable them with the same scores which had previously been default, use this: score RCVD_IN_DNSWL_NONE -0.0001 score RCVD_IN_DNSWL_LOW -0.7 score RCVD_IN_DNSWL_MED -2.3 score RCVD_IN_DNSWL_HI -5 It was disabled because it is returning a value triggering RCVD_IN_DNSWL_HI for all queries from DNS servers deemed abusive, causing false negatives in SpamAssassin. It was the only network test, enabled in SpamAssassin by default, intentionally returning known incorrect values under any circumstances. It is recommended that you use a local, caching, non-forwarding DNS server with SpamAssassin: http://wiki.apache.org/spamassassin/CachingNameserver This should prevent you from being considered abusive by DNSWL unless you are actually doing multi-million queries per day, based on the list DNSWL provided yesterday of who is currently categorized as abusive: * Google Public DNS servers (multi-million queries per 24 hours, no response from Google contacts) * Some big hosting provider resolvers: softlayer.com<http://softlayer.com>, dimenoc.com<http://dimenoc.com>, theplanet.com<http://theplanet.com>, bluehost.com<http://bluehost.com>, dyndns.com<http://dyndns.com>, netline.net.uk<http://netline.net.uk> (multi-million queries per 24 hours, no response/action from abuse@ and similar contacts) * Five single hosts with multi-million queries per 24 hours with no response/action from multiple contacts. Problems have only been occurring when people use the above DNS Servers. Relevant bug (and source of above list): https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6668 -- "Begin at the beginning and go on till you come to the end; then stop." - Lewis Carrol, Alice in Wonderland http://www.ChaosReigns.com