Mailing List Archive: SpamAssassin: users

Spamhaus and others check at MTA level: how disable in Spamassassin?

Index | Next | Previous | View Threaded

alessio at skye

Aug 4, 2012, 2:16 AM

Post #1 of 15 (865 views)
Permalink

Spamhaus and others check at MTA level: how disable in Spamassassin?

Hi,

we are using zen.spamhaus.org and psbl.surriel.com DNSBL at MTA level
(qmail + rblsmtpd) so we would like to disable this check in
spamassassin. So we added this in local.cf:

# remove zen.spamhaus tests
score __RCVD_IN_ZEN 0
score RCVD_IN_SBL 0
score RCVD_IN_XBL 0
score RCVD_IN_PBL 0

# remove psbl.surriel.org
score RCVD_IN_PSBL 0

Is ok?

Moreover, we reject at MTA level, connection from IP without rDNS,
connection from domains without valid MX or A record, and HELO equals
to "localhost". We added in local.cf:

score RDNS_NONE 0
score NO_DNS_FOR_FROM 0
score RDNS_LOCALHOST 0

Is ok?

I dont want assign 0 points, I want disable at all these tests.

Thanks
--
Alessio Cecchi is:
@ ILS -> http://www.linux.it/~alessice/
on LinkedIn -> http://www.linkedin.com/in/alessice
Assistenza Sistemi GNU/Linux -> http://www.cecchi.biz/
@ PLUG -> ex-Presidente, adesso senatore a vita, http://www.prato.linux.it

axb.lists at gmail

Aug 4, 2012, 2:19 AM

Post #2 of 15 (840 views)
Permalink

Re: Spamhaus and others check at MTA level: how disable in Spamassassin? [In reply to]

On 08/04/2012 11:16 AM, Alessio Cecchi wrote:
> Hi,
>
> we are using zen.spamhaus.org and psbl.surriel.com DNSBL at MTA level
> (qmail + rblsmtpd) so we would like to disable this check in
> spamassassin. So we added this in local.cf:
>
> # remove zen.spamhaus tests
> score __RCVD_IN_ZEN 0
> score RCVD_IN_SBL 0
> score RCVD_IN_XBL 0
> score RCVD_IN_PBL 0
>
> # remove psbl.surriel.org
> score RCVD_IN_PSBL 0
>
> Is ok?
>
> Moreover, we reject at MTA level, connection from IP without rDNS,
> connection from domains without valid MX or A record, and HELO equals to
> "localhost". We added in local.cf:
>
> score RDNS_NONE 0
> score NO_DNS_FOR_FROM 0
> score RDNS_LOCALHOST 0
>
> Is ok?
>
> I dont want assign 0 points, I want disable at all these tests.

http://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Conf.html

"Setting a rule's score to 0 will disable that rule from running."

(Google is amazing .-)

me at junc

Aug 4, 2012, 3:02 AM

Post #3 of 15 (833 views)
Permalink

Re: Spamhaus and others check at MTA level: how disable in Spamassassin? [In reply to]

Den 2012-08-04 11:16, Alessio Cecchi skrev:

> I dont want assign 0 points, I want disable at all these tests.

why not just dissable DNSEval plugin ?

see *.pre files for more optimizing :)

alessio at skye

Aug 4, 2012, 5:47 AM

Post #4 of 15 (834 views)
Permalink

Re: Spamhaus and others check at MTA level: how disable in Spamassassin? [In reply to]

Benny Pedersen <me [at] junc> ha scritto:

> Den 2012-08-04 11:16, Alessio Cecchi skrev:
>
>> I dont want assign 0 points, I want disable at all these tests.
>
>
> why not just dissable DNSEval plugin ?

No because others DNS based tests are very usefull.

--
Alessio Cecchi is:
@ ILS -> http://www.linux.it/~alessice/
on LinkedIn -> http://www.linkedin.com/in/alessice
Assistenza Sistemi GNU/Linux -> http://www.cecchi.biz/
@ PLUG -> ex-Presidente, adesso senatore a vita, http://www.prato.linux.it

alessio at skye

Aug 4, 2012, 5:48 AM

Post #5 of 15 (834 views)
Permalink

Re: Spamhaus and others check at MTA level: how disable in Spamassassin? [In reply to]

Axb <axb.lists [at] gmail> ha scritto:

> On 08/04/2012 11:16 AM, Alessio Cecchi wrote:
>> Hi,
>>
>> we are using zen.spamhaus.org and psbl.surriel.com DNSBL at MTA level
>> (qmail + rblsmtpd) so we would like to disable this check in
>> spamassassin. So we added this in local.cf:
>>
>> # remove zen.spamhaus tests
>> score __RCVD_IN_ZEN 0
>> score RCVD_IN_SBL 0
>> score RCVD_IN_XBL 0
>> score RCVD_IN_PBL 0
>>
>> # remove psbl.surriel.org
>> score RCVD_IN_PSBL 0
>>
>> Is ok?
>>
>> Moreover, we reject at MTA level, connection from IP without rDNS,
>> connection from domains without valid MX or A record, and HELO equals to
>> "localhost". We added in local.cf:
>>
>> score RDNS_NONE 0
>> score NO_DNS_FOR_FROM 0
>> score RDNS_LOCALHOST 0
>>
>> Is ok?
>>
>> I dont want assign 0 points, I want disable at all these tests.
>
> http://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Conf.html
>
> "Setting a rule's score to 0 will disable that rule from running."
>
> (Google is amazing .-)

Thanks, and the rules disabled are the right?
--
Alessio Cecchi is:
@ ILS -> http://www.linux.it/~alessice/
on LinkedIn -> http://www.linkedin.com/in/alessice
Assistenza Sistemi GNU/Linux -> http://www.cecchi.biz/
@ PLUG -> ex-Presidente, adesso senatore a vita, http://www.prato.linux.it

axb.lists at gmail

Aug 4, 2012, 5:53 AM

Post #6 of 15 (833 views)
Permalink

Re: Spamhaus and others check at MTA level: how disable in Spamassassin? [In reply to]

On 08/04/2012 02:48 PM, Alessio Cecchi wrote:
>
> Axb <axb.lists [at] gmail> ha scritto:
>
>> On 08/04/2012 11:16 AM, Alessio Cecchi wrote:
>>> Hi,
>>>
>>> we are using zen.spamhaus.org and psbl.surriel.com DNSBL at MTA level
>>> (qmail + rblsmtpd) so we would like to disable this check in
>>> spamassassin. So we added this in local.cf:
>>>
>>> # remove zen.spamhaus tests
>>> score __RCVD_IN_ZEN 0
>>> score RCVD_IN_SBL 0
>>> score RCVD_IN_XBL 0
>>> score RCVD_IN_PBL 0
>>>
>>> # remove psbl.surriel.org
>>> score RCVD_IN_PSBL 0
>>>
>>> Is ok?
>>>
>>> Moreover, we reject at MTA level, connection from IP without rDNS,
>>> connection from domains without valid MX or A record, and HELO equals to
>>> "localhost". We added in local.cf:
>>>
>>> score RDNS_NONE 0
>>> score NO_DNS_FOR_FROM 0
>>> score RDNS_LOCALHOST 0
>>>
>>> Is ok?
>>>
>>> I dont want assign 0 points, I want disable at all these tests.
>>
>> http://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Conf.html
>>
>> "Setting a rule's score to 0 will disable that rule from running."
>>
>> (Google is amazing .-)
>
> Thanks, and the rules disabled are the right?

I wouldn't disable the RDNS rules.
They could show up in metas.
Maybe score them 0.001 so they don't break dependencies

michael.scheidell at secnap

Aug 4, 2012, 6:23 AM

Post #7 of 15 (839 views)
Permalink

Re: Spamhaus and others check at MTA level: how disable in Spamassassin? [In reply to]

On 8/4/12 8:53 AM, Axb wrote:
>
>> On 08/04/2012 11:16 AM, Alessio Cecchi wrote:
>>> Hi,
>>>
>>> we are using zen.spamhaus.org and psbl.surriel.com DNSBL at MTA level
>>> (qmail + rblsmtpd) so we would like to disable this check in
>>> spamassassin. So we added this in local.cf:
and, since DNS is cached anyway, why bother disabling them?
(oh, and I have seen similar rules show up in SA scores even through we
blocked using other dns bls'. why they didn't get blocked in mta is
sometimes a mystery.. or has to do with slow dns servers, finally answering)

and, as Axb said, you could mess up meta rules.

--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation

* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Product
* Hot Company Finalist 2011
* Best Email Security Product
* Certified SNORT Integrator

______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.spammertrap.com/
______________________________________________________________________

matt.mailinglists at gmail

Aug 4, 2012, 11:23 AM

Post #8 of 15 (831 views)
Permalink

Re: Spamhaus and others check at MTA level: how disable in Spamassassin? [In reply to]

>>>> we are using zen.spamhaus.org and psbl.surriel.com DNSBL at MTA level
>>>> (qmail + rblsmtpd) so we would like to disable this check in
>>>> spamassassin. So we added this in local.cf:
>
> and, since DNS is cached anyway, why bother disabling them?

+1

Doubt it costs anything to run both places.

dbfunk at engineering

Aug 4, 2012, 10:51 PM

Post #9 of 15 (834 views)
Permalink

Re: Spamhaus and others check at MTA level: how disable in Spamassassin? [In reply to]

On Sat, 4 Aug 2012, Michael Scheidell wrote:

> On 8/4/12 8:53 AM, Axb wrote:
>>
>>> On 08/04/2012 11:16 AM, Alessio Cecchi wrote:
>>>> Hi,
>>>>
>>>> we are using zen.spamhaus.org and psbl.surriel.com DNSBL at MTA level
>>>> (qmail + rblsmtpd) so we would like to disable this check in
>>>> spamassassin. So we added this in local.cf:
> and, since DNS is cached anyway, why bother disabling them?
> (oh, and I have seen similar rules show up in SA scores even through we
> blocked using other dns bls'. why they didn't get blocked in mta is sometimes
> a mystery.. or has to do with slow dns servers, finally answering)
>
> and, as Axb said, you could mess up meta rules.

Another reason for not disabling "redundant" DNSBL checks in SA is if
your mail system structure is such that you sometimes have MX servers
ahead of your normal incoming gateway then SA can "look thru" those MX
servers and apply the DNSBL checks eventho the bad-boy servers aren't
directly handing your server messages. (this depends upon having
"trusted_networks" configured correctly).

--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{

me at junc

Aug 5, 2012, 12:12 AM

Post #10 of 15 (833 views)
Permalink

Re: Spamhaus and others check at MTA level: how disable in Spamassassin? [In reply to]

Den 2012-08-04 20:23, Matt skrev:

> Doubt it costs anything to run both places.

true if one adds all rbl testing into mta stage from spamassassin
dnsbl, other dnsbl is not cached in dns cache if not tested, and that
fact that ttl is so low on dnsbl there is still dns querys if ttl is
expired

maybe i just starting create a plugin that makes persistense rbldnsd
zone here so i can force 43200 ttl records from last sent spam hit pr ip
!

AWL data when tracking with /32 is very usefull, its simple to query
ips that is not dkim signed

Bowie_Bailey at BUC

Aug 6, 2012, 8:01 AM

Post #11 of 15 (835 views)
Permalink

Re: Spamhaus and others check at MTA level: how disable in Spamassassin? [In reply to]

On 8/4/2012 5:19 AM, Axb wrote:
> On 08/04/2012 11:16 AM, Alessio Cecchi wrote:
>> Hi,
>>
>> we are using zen.spamhaus.org and psbl.surriel.com DNSBL at MTA level
>> (qmail + rblsmtpd) so we would like to disable this check in
>> spamassassin. So we added this in local.cf:
>>
>> # remove zen.spamhaus tests
>> score __RCVD_IN_ZEN 0
>> score RCVD_IN_SBL 0
>> score RCVD_IN_XBL 0
>> score RCVD_IN_PBL 0
>>
>> # remove psbl.surriel.org
>> score RCVD_IN_PSBL 0
>>
>> Is ok?
>>
>> Moreover, we reject at MTA level, connection from IP without rDNS,
>> connection from domains without valid MX or A record, and HELO equals to
>> "localhost". We added in local.cf:
>>
>> score RDNS_NONE 0
>> score NO_DNS_FOR_FROM 0
>> score RDNS_LOCALHOST 0
>>
>> Is ok?
>>
>> I dont want assign 0 points, I want disable at all these tests.
> http://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Conf.html
>
> "Setting a rule's score to 0 will disable that rule from running."
>
> (Google is amazing .-)

Actually, since these are more complex rules, just setting the score to
0 will not stop the DNS check. This is what I have in my config:

# Blocking Zen with MTA...don't need these
meta RCVD_IN_SBL (0)
meta RCVD_IN_XBL (0)
meta RCVD_IN_PBL (0)
score __RCVD_IN_ZEN 0

--
Bowie

antispam at khopis

Aug 7, 2012, 8:54 AM

Post #12 of 15 (825 views)
Permalink

Re: Spamhaus and others check at MTA level: how disable in Spamassassin? [In reply to]

On 08/06/2012 08:01 AM, Bowie Bailey wrote:
> Actually, since these are more complex rules, just setting the score to
> 0 will not stop the DNS check. This is what I have in my config:
>
> # Blocking Zen with MTA...don't need these
> meta RCVD_IN_SBL (0)
> meta RCVD_IN_XBL (0)
> meta RCVD_IN_PBL (0)
> score __RCVD_IN_ZEN 0

You have it backwards.

I'm pretty sure scoring a rule at zero will disable it, even the DNS
lookup, UNLESS it is an underscore-prefix rule (which is not scored).
Note that zeroing a meta rule that depends on a lookup does not disable
the dependent rule. Lookups in underscored rules can only be disabled
by redefining the rule.

Parentheses in metas are just like in math, so the above quoted
definitions surrounding a statement in them is redundant (unlike for
scores, which makes them relative). You'd likely do better with:

meta RCVD_IN_SBL 0
meta RCVD_IN_XBL 0
meta RCVD_IN_PBL 0
meta __RCVD_IN_ZEN 0

or

score RCVD_IN_SBL 0
score RCVD_IN_XBL 0
score RCVD_IN_PBL 0
meta __RCVD_IN_ZEN 0

Attachments:

signature.asc (0.26 KB)

Bowie_Bailey at BUC

Aug 7, 2012, 9:19 AM

Post #13 of 15 (825 views)
Permalink

Re: Spamhaus and others check at MTA level: how disable in Spamassassin? [In reply to]

On 8/7/2012 11:54 AM, Adam Katz wrote:
> On 08/06/2012 08:01 AM, Bowie Bailey wrote:
>> Actually, since these are more complex rules, just setting the score to
>> 0 will not stop the DNS check. This is what I have in my config:
>>
>> # Blocking Zen with MTA...don't need these
>> meta RCVD_IN_SBL (0)
>> meta RCVD_IN_XBL (0)
>> meta RCVD_IN_PBL (0)
>> score __RCVD_IN_ZEN 0
> You have it backwards.
>
> I'm pretty sure scoring a rule at zero will disable it, even the DNS
> lookup, UNLESS it is an underscore-prefix rule (which is not scored).
> Note that zeroing a meta rule that depends on a lookup does not disable
> the dependent rule. Lookups in underscored rules can only be disabled
> by redefining the rule.
>
> Parentheses in metas are just like in math, so the above quoted
> definitions surrounding a statement in them is redundant (unlike for
> scores, which makes them relative). You'd likely do better with:
>
> meta RCVD_IN_SBL 0
> meta RCVD_IN_XBL 0
> meta RCVD_IN_PBL 0
> meta __RCVD_IN_ZEN 0
>
> or
>
> score RCVD_IN_SBL 0
> score RCVD_IN_XBL 0
> score RCVD_IN_PBL 0
> meta __RCVD_IN_ZEN 0

I don't know where I found those settings. I did some testing and
verified that all three methods listed above will prevent the DNS query
from running.

I distinctly remember reading a while back that just setting the scores
to 0 on the DNS blacklist rules would disable the scoring rules, but
would not prevent the queries from running. I even had the score lines
you suggested in my local.cf file, but they were commented out and
replaced by the lines I posted. Maybe something has changed since then.

--
Bowie

antispam at khopis

Aug 7, 2012, 10:55 AM

Post #14 of 15 (826 views)
Permalink

Re: Spamhaus and others check at MTA level: how disable in Spamassassin? [In reply to]

On 08/07/2012 09:19 AM, Bowie Bailey wrote:
> I don't know where I found those settings. I did some testing and
> verified that all three methods listed above will prevent the DNS
> query from running.
>
> I distinctly remember reading a while back that just setting the
> scores to 0 on the DNS blacklist rules would disable the scoring
> rules, but would not prevent the queries from running. I even had
> the score lines you suggested in my local.cf file, but they were
> commented out and replaced by the lines I posted. Maybe something
> has changed since then.

That would be a comment from Karsten Br�ckelmann last October, archived
at
http://spamassassin.1065346.n5.nabble.com/Disable-a-Rule-td51492i20.html#d1320031215000-865
(I can't find the original, this is merely a reference to it). The
relevant bit:

On 10/30/2011 08:20 PM, Karsten Br�ckelmann wrote:
>> Ned, you forgot to meta out __RCVD_IN_DNSWL to actually prevent the
>> DNS query at all.

The "meta out" phrasing refers to the need to redefine the predicate
rule since you can't disable it with a score.

Attachments:

signature.asc (0.26 KB)

Bowie_Bailey at BUC

Aug 7, 2012, 11:25 AM

Post #15 of 15 (824 views)
Permalink

Re: Spamhaus and others check at MTA level: how disable in Spamassassin? [In reply to]

On 8/7/2012 1:55 PM, Adam Katz wrote:
> On 08/07/2012 09:19 AM, Bowie Bailey wrote:
>> I don't know where I found those settings. I did some testing and
>> verified that all three methods listed above will prevent the DNS
>> query from running.
>>
>> I distinctly remember reading a while back that just setting the
>> scores to 0 on the DNS blacklist rules would disable the scoring
>> rules, but would not prevent the queries from running. I even had
>> the score lines you suggested in my local.cf file, but they were
>> commented out and replaced by the lines I posted. Maybe something
>> has changed since then.
> That would be a comment from Karsten Br�ckelmann last October, archived
> at
> http://spamassassin.1065346.n5.nabble.com/Disable-a-Rule-td51492i20.html#d1320031215000-865
> (I can't find the original, this is merely a reference to it). The
> relevant bit:
>
> On 10/30/2011 08:20 PM, Karsten Br�ckelmann wrote:
>>> Ned, you forgot to meta out __RCVD_IN_DNSWL to actually prevent the
>>> DNS query at all.
> The "meta out" phrasing refers to the need to redefine the predicate
> rule since you can't disable it with a score.

Actually, you can. The line I have in my local.cf is:

score __RCVD_IN_ZEN 0

While it should, theoretically, have no effect on a non-scored sub-rule,
it does stop the query from running (as long as you also disable the
other rules that rely on it).

--
Bowie

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads