spamassassin-users December 2011 archive
Main Archive Page > Month Archives  > spamassassin-users archives
spamassassin-users: Re: DNSWL will be disabled by default as of

Re: DNSWL will be disabled by default as of tomorrow

From: Ted Mittelstaedt <tedm_at_nospam>
Date: Mon Dec 12 2011 - 21:01:43 GMT

On 12/12/2011 12:24 PM, Karsten Bräckelmann wrote:
> On Mon, 2011-12-12 at 11:50 -0800, Ted Mittelstaedt wrote:
>> I concur 100%. Daniel is wrong. The problem isn't
>> the problem is the person who made the decision in
>> SpamAssassin to have the default for the dnswl plugin ENABLED
> Please don't forget that this became an issue only after DNSWL policy
> change. At the time the DNSWL rules have been enabled by default in SA,
> there where no deliberately false listing responses.

Not to belabor the point but according to the Internet Archive this
DNSWL policy change happened in October 2010, that is when the
website was changed.

SA 3.3.2 shipped June 2011 so it seems that there should have been
sufficient time to change the default.

>> by default. That decision has been recognized to have been a
>> mistake which is why SA is making an update that will
>> turn it off by default.
> Not a mistake -- but a dangerous rule to ship in the face of the DNSWL
> policy change.

SA users have been burned several times in the past by blacklist
providers who decided for whatever reason they were going to stop
offering service, and started handing out positive entries for
every query. "on" defaults for any outside providers simply
aren't appropriate, and the SA developers should have known
this by now as a result of that happening.

Normally I would be the last person to defend DNSWL as I deplore
the FUD reasoning that they use - the claim that the existence of
IPv6 will make blacklists obsolete is a flat out lie, all that is
needed to be done is for a BL query plugin to parse the incoming
IP address and see if it's in the /64 or /56, rather than do an exact
match. I also deplore this "offer it free until people are dependent on
it then charge the crap out of the commercial providers who you
have snared" business model. And I detest this "guilty until your
prove yourself innocent by seeking our blessing" rubbish.

So I had to really stretch to write what I wrote, as I would
love to blame DNSWL for it but in this case, they really are blameless.

>> This is not a "blame the user for stupid configuration mistakes"
>> problem this is a "blame the software developer for a stupid
>> configuration mistake" And the software developer has
>> acknowledged it was a mistake. So why people are calling
>> SA users "abusive" is beyond me.
> See above, not a mistake.
> And I don't see anyone calling the users abusive. But the DNS servers.
> Which is causing collateral damage to some users.

This is a mailing list mainly for SA administrators, users of SA in
this context are the administrators that install it, not the end users
using SA-enabled mailservers. And DNS servers don't just query for
no reason.