Mailing List Archive

DNSWL was re-enabled
The dnswl.org rules were re-enabled on 2011-12-19, and probably distributed
via sa-update on 2011-12-20 (Tuesday). Because dnswl.org stopped causing
false negatives in response to extreme abuse.

A new rule was added to catch return values indicating you've been blocked
for abuse: RCVD_IN_DNSWL_BLOCKED

To disable dnswl, you should use:

score RCVD_IN_DNSWL_NONE 0
score RCVD_IN_DNSWL_LOW 0
score RCVD_IN_DNSWL_MED 0
score RCVD_IN_DNSWL_HI 0
score RCVD_IN_DNSWL_BLOCKED 0
score __RCVD_IN_DNSWL 0

That last one is really important, because without it, you'll still stop
getting hits on the dnswl rules, but you'll still be sending queries to
dnswl. I'm hoping that'll get fixed.


DNSWL was disabled here:
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6668

Re-enabled here:
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6724

And more discussion of the subject is here:
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6728

--
"For every complex problem, there is a solution that is simple, neat,
and wrong." - H. L. Mencken
http://www.ChaosReigns.com
Re: DNSWL was re-enabled [ In reply to ]
> score __RCVD_IN_DNSWL 0

It is a non-scoring "double underscore" sub-rule. It does not have a
score. It cannot have a score. Setting its score to zero does nothing,
and certainly not prevent the DNS query.

Instead, you need to meta out the rule, overwriting the rule definition.

And frankly, disabling a rule by logically making it never hit is the
better approach anyway. Just re-define rules to disable them:

meta FOO 0

> That last one is really important, because without it, you'll still stop
> getting hits on the dnswl rules, but you'll still be sending queries to
> dnswl. I'm hoping that'll get fixed.

There is nothing to be fixed. There is no problem.


--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: DNSWL was re-enabled [ In reply to ]
On Mon, Dec 26, 2011 at 12:39:45PM +0100, Karsten Br├Ąckelmann wrote:
> > score __RCVD_IN_DNSWL 0
>
> It is a non-scoring "double underscore" sub-rule. It does not have a
> score. It cannot have a score. Setting its score to zero does nothing,
> and certainly not prevent the DNS query.

Surprise, it does prevent the query. Atleast on trunk.
Re: DNSWL was re-enabled [ In reply to ]
On 12/26, Karsten Br├Ąckelmann wrote:
> > score __RCVD_IN_DNSWL 0
>
> It is a non-scoring "double underscore" sub-rule. It does not have a
> score. It cannot have a score. Setting its score to zero does nothing,
> and certainly not prevent the DNS query.
>
> Instead, you need to meta out the rule, overwriting the rule definition.
>
> And frankly, disabling a rule by logically making it never hit is the
> better approach anyway. Just re-define rules to disable them:
>
> meta FOO 0

I asked about this on the dev list a week ago. I guess I should've
cc'd you. http://wiki.apache.org/spamassassin/DnsBlocklists says to
use the "score" method. I went with that.

> > That last one is really important, because without it, you'll still stop
> > getting hits on the dnswl rules, but you'll still be sending queries to
> > dnswl. I'm hoping that'll get fixed.
>
> There is nothing to be fixed. There is no problem.

The problem is the potential for large sites to disable the rules but not
disable the queries, continuing to send millions of unused queries per day.

--
"Life is either a daring adventure or it is nothing at all."
- Helen Keller
http://www.ChaosReigns.com