spamassassin-users December 2011 archive
Main Archive Page > Month Archives  > spamassassin-users archives
spamassassin-users: Re: DNSWL will be disabled by default as of

Re: DNSWL will be disabled by default as of tomorrow

From: Dave Warren <lists_at_nospam>
Date: Tue Dec 13 2011 - 17:45:23 GMT
To: "Kevin A. McGrail" <KMcGrail@PCCC.com>

On 12/13/2011 10:37 AM, Kevin A. McGrail wrote:
>
>> This system would result in one query per BL per SA restart, or per
>> ruleset reload or per hour or whatever, rather than one or more
>> queries per processed message. That's a step forward to DNSBL
>> operators, but more importantly, it would avoid the situation where
>> users are negatively impacted by BL failures.
> Definitely on the same page. My thoughts are to build on the block
> notification rules to implement code that blocks the DNSBL queries for
> 1 hour. However, that's kind of a phase II. And since I doubt there
> will be consensus from DNSBL operators, it'll really be a one off
> thing per DNSBL to implement unless some alignment of planets occurs
> that I doubt is even in motion ;-)
>
> https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6724

I don't think there really needs to be consensus. I've yet to see one
that blocks 127.0.0.1, and they all have some sort of test address
(usually 127.0.0.x)

Given that the worst that happens if this system fails is that SA stops
using the list until sa-update updates the check rule, as long as the
test IPs can be configured on a per-DNSBL basis, there shouldn't really
be a problem.

* DNSBL includes DNSWLs, domain based lists, etc... All we need is a
"this entry should cause a result" and "this entry should not", whether
it's positive or negative, an IP or domain, etc, shouldn't matter.

-- Dave Warren, CEO Hire A Hit Consulting Services http://ca.linkedin.com/in/davejwarren