Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: SpamAssassin: users

RCVD_IN_DNSWL_BLOCKED

 

 

SpamAssassin users RSS feed   Index | Next | Previous | View Threaded


listuser at jpkvideo

Aug 13, 2012, 9:35 PM

Post #1 of 10 (1830 views)
Permalink
RCVD_IN_DNSWL_BLOCKED

How can I disable the DNSWL rule/plugin or whatever. Not just give it a low/zero score but disable it completely.
I am tired of seeing RCVD_IN_DNSWL_BLOCKED in my headers.


Bowie_Bailey at BUC

Aug 14, 2012, 6:33 AM

Post #2 of 10 (1787 views)
Permalink
Re: RCVD_IN_DNSWL_BLOCKED [In reply to]

On 8/14/2012 12:35 AM, JP Kelly wrote:
> How can I disable the DNSWL rule/plugin or whatever. Not just give it a low/zero score but disable it completely.
> I am tired of seeing RCVD_IN_DNSWL_BLOCKED in my headers.

If you set the score to zero, the rule will be disabled and you should
no longer see it show up in the score report.

If you want to disable the DNSWL lookup completely, you should zero out
the main rules and the sub-rule:

score RCVD_IN_DNSWL_BLOCKED 0
score RCVD_IN_DNSWL_HI 0
score RCVD_IN_DNSWL_LOW 0
score RCVD_IN_DNSWL_MED 0
score RCVD_IN_DNSWL_NONE 0
score __RCVD_IN_DNSWL 0

--
Bowie


ben at indietorrent

Aug 14, 2012, 7:30 AM

Post #3 of 10 (1787 views)
Permalink
Re: RCVD_IN_DNSWL_BLOCKED [In reply to]

On 8/14/2012 9:33 AM, Bowie Bailey wrote:
> On 8/14/2012 12:35 AM, JP Kelly wrote:
>> How can I disable the DNSWL rule/plugin or whatever. Not just give it
>> a low/zero score but disable it completely.
>> I am tired of seeing RCVD_IN_DNSWL_BLOCKED in my headers.
>
> If you set the score to zero, the rule will be disabled and you should
> no longer see it show up in the score report.
>
> If you want to disable the DNSWL lookup completely, you should zero out
> the main rules and the sub-rule:
>
> score RCVD_IN_DNSWL_BLOCKED 0
> score RCVD_IN_DNSWL_HI 0
> score RCVD_IN_DNSWL_LOW 0
> score RCVD_IN_DNSWL_MED 0
> score RCVD_IN_DNSWL_NONE 0
> score __RCVD_IN_DNSWL 0
>

Thanks, Bowie. I was wondering how to do this, too.

The majority of the spam that our users receive is a direct result of
this one rule; it seems that plenty of spammers are white-listed in this
database, and it is a weighty test (it reduces the score by as much as 2
or 3 points in some cases, often putting the message just below the
required-for-spam score). We have no use for it.

-Ben


matthias at leisi

Aug 14, 2012, 7:55 AM

Post #4 of 10 (1787 views)
Permalink
Re: RCVD_IN_DNSWL_BLOCKED [In reply to]

On Tue, Aug 14, 2012 at 4:30 PM, Ben Johnson <ben [at] indietorrent> wrote:

> The majority of the spam that our users receive is a direct result of
> this one rule; it seems that plenty of spammers are white-listed in this
> database, and it is a weighty test (it reduces the score by as much as 2
> or 3 points in some cases, often putting the message just below the
> required-for-spam score). We have no use for it.

The "plenty of spammers" is concerning me. We would be interested to
learn why this is hitting you badly.

Can you please provide me some samples (off-list OIK if req'd for
privacy reasons)?

-- Matthias, for the dnswl.org project


darxus at chaosreigns

Aug 14, 2012, 9:03 AM

Post #5 of 10 (1787 views)
Permalink
Re: RCVD_IN_DNSWL_BLOCKED [In reply to]

On 08/13, JP Kelly wrote:
> How can I disable the DNSWL rule/plugin or whatever. Not just give it a low/zero score but disable it completely.
> I am tired of seeing RCVD_IN_DNSWL_BLOCKED in my headers.

The description for RCVD_IN_DNSWL_BLOCKED
is "The query to DNSWL was blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more
information."

Have you looked at that link? Are you running a local non-forwarding,
caching DNS server?

Immediately below the question linked to on that page is how to disable
these rules, as you asked. However, unless you are, in fact, running a
site with quite a lot of email (over 100,000 queries per day), there is
probably a better solution.


I have some association with dnswl.org.


On 08/14, Bowie Bailey wrote:
> If you want to disable the DNSWL lookup completely, you should zero
> out the main rules and the sub-rule:
>
> score RCVD_IN_DNSWL_BLOCKED 0
> score RCVD_IN_DNSWL_HI 0
> score RCVD_IN_DNSWL_LOW 0
> score RCVD_IN_DNSWL_MED 0
> score RCVD_IN_DNSWL_NONE 0

I believe all of the above are unnecessary.

> score __RCVD_IN_DNSWL 0

And this alone is adequate.

I attempted to add it to
http://wiki.apache.org/spamassassin/DnsBlocklists but the site has become
unresponsive.

--
"Hermes will help you get your wagon unstuck, but only if you push on it."
- Greek Alphabet Oracle
http://www.ChaosReigns.com


Bowie_Bailey at BUC

Aug 14, 2012, 9:12 AM

Post #6 of 10 (1787 views)
Permalink
Re: RCVD_IN_DNSWL_BLOCKED [In reply to]

On 8/14/2012 12:03 PM, darxus [at] chaosreigns wrote:
> On 08/14, Bowie Bailey wrote:
>> If you want to disable the DNSWL lookup completely, you should zero
>> out the main rules and the sub-rule:
>>
>> score RCVD_IN_DNSWL_BLOCKED 0
>> score RCVD_IN_DNSWL_HI 0
>> score RCVD_IN_DNSWL_LOW 0
>> score RCVD_IN_DNSWL_MED 0
>> score RCVD_IN_DNSWL_NONE 0
> I believe all of the above are unnecessary.
>
>> score __RCVD_IN_DNSWL 0
> And this alone is adequate.

I believe you are right. I included all of the rules for transparency.
This way, when you look at the rule file, you can see exactly what is
being disabled.

--
Bowie


niamh at fullbore

Aug 14, 2012, 9:25 AM

Post #7 of 10 (1786 views)
Permalink
Re: RCVD_IN_DNSWL_BLOCKED [In reply to]

Hello Ben,

Tuesday, August 14, 2012, 3:30:18 PM, you wrote:

BJ> The majority of the spam that our users receive is a direct result of
BJ> this one rule; it seems that plenty of spammers are white-listed in this
BJ> database, and it is a weighty test (it reduces the score by as much as 2
BJ> or 3 points in some cases, often putting the message just below the
BJ> required-for-spam score). We have no use for it.

I must admit that I don't find that and they do seem reasonably
resposive in changing listing if you report spam to them.

--
Best regards,
Niamh mailto:niamh [at] fullbore


jp at jpkvideo

Aug 14, 2012, 9:34 AM

Post #8 of 10 (1785 views)
Permalink
Re: RCVD_IN_DNSWL_BLOCKED [In reply to]

On Aug 14, 2012, at 14 9:03 AM, darxus [at] chaosreigns wrote:

> Have you looked at that link?

yes

> Are you running a local non-forwarding,
> caching DNS server?

I have a Plesk installation and am using the DNS server as provided by Plesk. The nameservers are ns1.smallgod.net, ns2.smallgod.net

>
> Immediately below the question linked to on that page is how to disable
> these rules, as you asked. However, unless you are, in fact, running a
> site with quite a lot of email (over 100,000 queries per day), there is
> probably a better solution.

I am not sure if I have 100,000+ queries per day. I guess it is possible. The server has 270 domains and they all use the same name server.
Is there a way to check with dnswl.org the number of queries and where they are coming from?


Bowie_Bailey at BUC

Aug 14, 2012, 9:46 AM

Post #9 of 10 (1792 views)
Permalink
Re: RCVD_IN_DNSWL_BLOCKED [In reply to]

On 8/14/2012 12:34 PM, Jon-Paul Kelly wrote:
>
> On Aug 14, 2012, at 14 9:03 AM, darxus [at] chaosreigns
> <mailto:darxus [at] chaosreigns> wrote:
>
>> Have you looked at that link?
>
> yes
>
>> Are you running a local non-forwarding,
>> caching DNS server?
>
> I have a Plesk installation and am using the DNS server as provided by
> Plesk. The nameservers are ns1.smallgod.net <http://ns1.smallgod.net>,
> ns2.smallgod.net <http://ns2.smallgod.net>
>
>>
>> Immediately below the question linked to on that page is how to disable
>> these rules, as you asked. However, unless you are, in fact, running a
>> site with quite a lot of email (over 100,000 queries per day), there is
>> probably a better solution.
>
> I am not sure if I have 100,000+ queries per day. I guess it is
> possible. The server has 270 domains and they all use the same name
> server.
> Is there a way to check with dnswl.org <http://dnswl.org> the number
> of queries and where they are coming from?

If you are using the smallgod.net nameservers, then the query limit is
based on ALL queries coming from their servers. This is why it is
recommended to use a caching nameserver. This way, you have your own
DNS server and your own query limit instead of being lumped together
with all the other users of a shared server.

For info on how to set up a local caching DNS server look at this page:
http://wiki.apache.org/spamassassin/CachingNameserver

--
Bowie


darxus at chaosreigns

Aug 14, 2012, 9:57 AM

Post #10 of 10 (1794 views)
Permalink
Re: RCVD_IN_DNSWL_BLOCKED [In reply to]

On 08/14, Jon-Paul Kelly wrote:
> Are you running a local non-forwarding,
> caching DNS server?
>
> I have a Plesk installation and am using the DNS server as provided by
> Plesk. The nameservers are [2]ns1.smallgod.net, [3]ns2.smallgod.net

If the smallgod.net name servers are provided by plesk, and not your own,
then you are using forwarders, which would be a problem, as the number
of people querying DNSWL would be counted for everybody using those DNS
servers, not just your own.

As Bowie mentioned, this is explained here:
http://wiki.apache.org/spamassassin/CachingNameserver
Which is linked from
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
(the link the the RCVD_IN_DNSWL_BLOCKED description).

> I am not sure if I have 100,000+ queries per day. I guess it is possible.
> The server has 270 domains and they all use the same name server.
> Is there a way to check with [4]dnswl.org the number of queries and where
> they are coming from?

Google searching for: dnswl contact
has a useful first hit :)

But it sounds like your problem is using forwarders.

--
"We will be dead soon. Is this how we want to live?"
http://www.ChaosReigns.com

SpamAssassin users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.