Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: SpamAssassin: users

DNSWL was re-enabled

 

 

SpamAssassin users RSS feed   Index | Next | Previous | View Threaded


darxus at chaosreigns

Dec 25, 2011, 6:47 AM

Post #1 of 4 (466 views)
Permalink
DNSWL was re-enabled

The dnswl.org rules were re-enabled on 2011-12-19, and probably distributed
via sa-update on 2011-12-20 (Tuesday). Because dnswl.org stopped causing
false negatives in response to extreme abuse.

A new rule was added to catch return values indicating you've been blocked
for abuse: RCVD_IN_DNSWL_BLOCKED

To disable dnswl, you should use:

score RCVD_IN_DNSWL_NONE 0
score RCVD_IN_DNSWL_LOW 0
score RCVD_IN_DNSWL_MED 0
score RCVD_IN_DNSWL_HI 0
score RCVD_IN_DNSWL_BLOCKED 0
score __RCVD_IN_DNSWL 0

That last one is really important, because without it, you'll still stop
getting hits on the dnswl rules, but you'll still be sending queries to
dnswl. I'm hoping that'll get fixed.


DNSWL was disabled here:
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6668

Re-enabled here:
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6724

And more discussion of the subject is here:
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6728

--
"For every complex problem, there is a solution that is simple, neat,
and wrong." - H. L. Mencken
http://www.ChaosReigns.com


guenther at rudersport

Dec 26, 2011, 3:39 AM

Post #2 of 4 (428 views)
Permalink
Re: DNSWL was re-enabled [In reply to]

> score __RCVD_IN_DNSWL 0

It is a non-scoring "double underscore" sub-rule. It does not have a
score. It cannot have a score. Setting its score to zero does nothing,
and certainly not prevent the DNS query.

Instead, you need to meta out the rule, overwriting the rule definition.

And frankly, disabling a rule by logically making it never hit is the
better approach anyway. Just re-define rules to disable them:

meta FOO 0

> That last one is really important, because without it, you'll still stop
> getting hits on the dnswl rules, but you'll still be sending queries to
> dnswl. I'm hoping that'll get fixed.

There is nothing to be fixed. There is no problem.


--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}


hege at hege

Dec 26, 2011, 6:57 AM

Post #3 of 4 (428 views)
Permalink
Re: DNSWL was re-enabled [In reply to]

On Mon, Dec 26, 2011 at 12:39:45PM +0100, Karsten Bräckelmann wrote:
> > score __RCVD_IN_DNSWL 0
>
> It is a non-scoring "double underscore" sub-rule. It does not have a
> score. It cannot have a score. Setting its score to zero does nothing,
> and certainly not prevent the DNS query.

Surprise, it does prevent the query. Atleast on trunk.


darxus at chaosreigns

Dec 26, 2011, 7:49 AM

Post #4 of 4 (427 views)
Permalink
Re: DNSWL was re-enabled [In reply to]

On 12/26, Karsten Bräckelmann wrote:
> > score __RCVD_IN_DNSWL 0
>
> It is a non-scoring "double underscore" sub-rule. It does not have a
> score. It cannot have a score. Setting its score to zero does nothing,
> and certainly not prevent the DNS query.
>
> Instead, you need to meta out the rule, overwriting the rule definition.
>
> And frankly, disabling a rule by logically making it never hit is the
> better approach anyway. Just re-define rules to disable them:
>
> meta FOO 0

I asked about this on the dev list a week ago. I guess I should've
cc'd you. http://wiki.apache.org/spamassassin/DnsBlocklists says to
use the "score" method. I went with that.

> > That last one is really important, because without it, you'll still stop
> > getting hits on the dnswl rules, but you'll still be sending queries to
> > dnswl. I'm hoping that'll get fixed.
>
> There is nothing to be fixed. There is no problem.

The problem is the potential for large sites to disable the rules but not
disable the queries, continuing to send millions of unused queries per day.

--
"Life is either a daring adventure or it is nothing at all."
- Helen Keller
http://www.ChaosReigns.com

SpamAssassin users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.