You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Justin Mason <jm...@jmason.org> on 2006/11/15 19:09:24 UTC
Re: check_rbl and DNSBL lookups
Richard Frovarp writes:
> I am trying to go through and remove some of the DNSBL lookups that are
> being performed. I have found previous posts that state just set the
> meta rule to a score of 0 to disable. I have also found previous posts
> that state only these evals are performing lookups: check_rbl,
> check_rbl_txt and check_rbl_envfrom. And that check_rbl_sub do not
> perform a lookup, but use previous rules. What about check_rbl_accreditor?
>
> Furthermore, looking in 20_dnsbl_tests.cf I see this:
>
> header __RCVD_IN_NJABL eval:check_rbl('njabl',
> 'combined.njabl.org.')
> header RCVD_IN_NJABL_DUL eval:check_rbl('njabl-lastexternal',
> 'combined.njabl.org.', '127.0.0.3')
> header __RCVD_IN_SORBS eval:check_rbl('sorbs',
> 'dnsbl.sorbs.net.')
> header RCVD_IN_SORBS_DUL eval:check_rbl('sorbs-lastexternal',
> 'dnsbl.sorbs.net.', '127.0.0.10')
> header __RCVD_IN_SBL_XBL eval:check_rbl('sblxbl',
> 'sbl-xbl.spamhaus.org.')
> header RCVD_IN_XBL eval:check_rbl('sblxbl-lastexternal',
> 'sbl-xbl.spamhaus.org.', '127.0.0.[456]')
>
> Am I missing something? It seems to me that all of the -lastexternal
> lines will perform duplicate DNS lookups from the previous line, perhaps
> just a little bit later. I of course run a caching name server, but it
> does seem to be an extra query and those lines could be changed into
> check_rbl_sub.
if I recall correctly, or at least this is the case in 3.2.0, the shared
lookups will be performed once and the result shared between *both*
RCVD_IN_XBL and __RCVD_IN_SBL_XBL.
--j.
Re: check_rbl and DNSBL lookups
Posted by Richard Frovarp <Ri...@sendit.nodak.edu>.
Justin Mason wrote:
> Richard Frovarp writes:
>
>> I am trying to go through and remove some of the DNSBL lookups that are
>> being performed. I have found previous posts that state just set the
>> meta rule to a score of 0 to disable. I have also found previous posts
>> that state only these evals are performing lookups: check_rbl,
>> check_rbl_txt and check_rbl_envfrom. And that check_rbl_sub do not
>> perform a lookup, but use previous rules. What about check_rbl_accreditor?
>>
>> Furthermore, looking in 20_dnsbl_tests.cf I see this:
>>
>> header __RCVD_IN_NJABL eval:check_rbl('njabl',
>> 'combined.njabl.org.')
>> header RCVD_IN_NJABL_DUL eval:check_rbl('njabl-lastexternal',
>> 'combined.njabl.org.', '127.0.0.3')
>> header __RCVD_IN_SORBS eval:check_rbl('sorbs',
>> 'dnsbl.sorbs.net.')
>> header RCVD_IN_SORBS_DUL eval:check_rbl('sorbs-lastexternal',
>> 'dnsbl.sorbs.net.', '127.0.0.10')
>> header __RCVD_IN_SBL_XBL eval:check_rbl('sblxbl',
>> 'sbl-xbl.spamhaus.org.')
>> header RCVD_IN_XBL eval:check_rbl('sblxbl-lastexternal',
>> 'sbl-xbl.spamhaus.org.', '127.0.0.[456]')
>>
>> Am I missing something? It seems to me that all of the -lastexternal
>> lines will perform duplicate DNS lookups from the previous line, perhaps
>> just a little bit later. I of course run a caching name server, but it
>> does seem to be an extra query and those lines could be changed into
>> check_rbl_sub.
>>
>
> if I recall correctly, or at least this is the case in 3.2.0, the shared
> lookups will be performed once and the result shared between *both*
> RCVD_IN_XBL and __RCVD_IN_SBL_XBL.
>
> --j.
>
>
As far as my testing with version 3.1.4 has shown, they perform two
different lookups.
Linting with nothing disabled:
[2919] dbg: uridnsbl: domains to query:
[2919] dbg: dns: checking RBL sbl-xbl.spamhaus.org., set sblxbl
[2919] dbg: dns: checking RBL sa-other.bondedsender.org., set bsp-untrusted
[2919] dbg: dns: checking RBL combined.njabl.org., set njabl-lastexternal
[2919] dbg: dns: checking RBL combined.njabl.org., set njabl
[2919] dbg: dns: checking RBL bl.spamcop.net., set spamcop
[2919] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs-lastexternal
[2919] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs
[2919] dbg: dns: checking RBL sbl-xbl.spamhaus.org., set sblxbl-lastexternal
[2919] dbg: dns: checking RBL sa-accredit.habeas.com., set
habeas-firsttrusted
[2919] dbg: dns: checking RBL
combined-HIB.dnsiplists.completewhois.com., set whois
[2919] dbg: dns: checking RBL list.dsbl.org., set dsbl-lastexternal
[2919] dbg: dns: checking RBL sa-trusted.bondedsender.org., set
bsp-firsttrusted
[2919] dbg: dns: checking RBL
combined-HIB.dnsiplists.completewhois.com., set whois-lastexternal
[2919] dbg: dns: checking RBL iadb.isipp.com., set iadb-firsttrusted
If I disable __RCVD_IN_SBL_XBL and lint again, I get:
[4089] dbg: uridnsbl: domains to query:
[4089] dbg: dns: checking RBL sa-other.bondedsender.org., set bsp-untrusted
[4089] dbg: dns: checking RBL combined.njabl.org., set njabl-lastexternal
[4089] dbg: dns: checking RBL combined.njabl.org., set njabl
[4089] dbg: dns: checking RBL bl.spamcop.net., set spamcop
[4089] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs-lastexternal
[4089] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs
[4089] dbg: dns: checking RBL sbl-xbl.spamhaus.org., set sblxbl-lastexternal
[4089] dbg: dns: checking RBL sa-accredit.habeas.com., set
habeas-firsttrusted
[4089] dbg: dns: checking RBL
combined-HIB.dnsiplists.completewhois.com., set whois
[4089] dbg: dns: checking RBL list.dsbl.org., set dsbl-lastexternal
[4089] dbg: dns: checking RBL sa-trusted.bondedsender.org., set
bsp-firsttrusted
[4089] dbg: dns: checking RBL
combined-HIB.dnsiplists.completewhois.com., set whois-lastexternal
[4089] dbg: dns: checking RBL iadb.isipp.com., set iadb-firsttrusted
From this it would appear that all of the -lastexternal lines are a
second lookup. The second lint still indicates a lookup to
sbl-xbl.spamhaus.org, which is an extra lookup. Same with the other
lists. So it would appear that those rules could be changed to use only
one lookup per list. Is there any documentation for check_rbl?
Richard