spamassassin-users December 2011 archive
Main Archive Page > Month Archives  > spamassassin-users archives
spamassassin-users: Re: DNS{B,W}Ls and blocking (was Re: DNSWL w

Re: DNS{B,W}Ls and blocking (was Re: DNSWL will be disabled by default as of tomorrow)

From: Kevin A. McGrail <KMcGrail_at_nospam>
Date: Tue Dec 13 2011 - 15:18:19 GMT
To: "David F. Skoll" <dfs@roaringpenguin.com>

On 12/13/2011 9:21 AM, David F. Skoll wrote:
> I think we need an informational RFC that specifies best-practices for
> a DNS{B,W}L to inform clients that they have been blocked.
>
> For example, a testpoint like:
>
> blocked.dnsbl.example.org
>
> could return an A record for name servers that are blocked and NXDOMAIN
> for others. This might even work out-of-the-box for some existing lists
> that return an A record for any query (or it may not, if they expect
> a reverse-dotted-quad.)
>
> It could even return a TXT record giving the reason for the block.
>
> Anyway, assuming this idea is widely-accepted (hahaha!), it would be pretty
> easy to make something that periodically tests your list of DNSBLs and
> disables those that are blocking your query.
This was mentioned as a possibility and it's a good idea.

But from SA's perspective, though, it means that it requires code. And
the big issue is NOT the delays. The big issue is the purposefully wrong
answers.

The code-requirement for a fix means that this new policy is delayed at
least 6 months after a major release for SA based on
http://wiki.apache.org/spamassassin/ReleaseGoals. So if we miss this
code getting into 3.4.0, that means it waits until 3.5.0 (or 4.0.0) + 6
months. If someone wants to submit code to actually do it, that'd be
great. But it's a got a delay before it matters either way.

I've opened a ticket
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6724 towards an
immediate solution.

regards,
KAM