You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by DAve <da...@pixelhammer.com> on 2010/01/07 17:25:51 UTC
Spamhaus and paid subscription
Good morning all,
I recently got my employer to pay for spamhaus queries, finally. I need
to use a key to access spamhaus now. Not an issue for for me MTA but SA
is another problem. When I change the rules to use our key, the key is
displayed in the spam report.
When I add this to override the URL SA uses,
header RCVD_IN_PBL eval:check_rbl('pbl-lastexternal',
'<subscriber_key>.zen.dq.spamhaus.net.' , '127.0.0.1[01]')
I get this is my spam reporting,
0.9 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
[4.23.231.50 listed in <subscriber_key>.zen.dq.spamhaus.net]
I can't be printing our key in the emails, what is a sysadmin to do?
DAve
--
"Posterity, you will know how much it cost the present generation to
preserve your freedom. I hope you will make good use of it. If you
do not, I shall repent in heaven that ever I took half the pains to
preserve it." John Adams
http://appleseedinfo.org
Re: Spamhaus and paid subscription
Posted by Greg Troxel <gd...@ir.bbn.com>.
I get this is my spam reporting,
0.9 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
[4.23.231.50 listed in <subscriber_key>.zen.dq.spamhaus.net]
I can't be printing our key in the emails, what is a sysadmin to do?
Some rules don't print out the 'listed in' detail (although they really
should). So I suspect that there is some per-rule perl code that does
this, and you could probably tweak it to take a zone and key and then
only print the zone.
Re: Spamhaus and paid subscription
Posted by Kris Deugau <kd...@vianet.ca>.
d.hill@yournetplus.com wrote:
> Can't you do zone transfers? Then you can do away with the
> subscriber_key thing and have DNS resolve locally for spamhaus.org and
> not have to query their DNS servers.
That's what I do here, but between their recommendations ("use a local
zone to prevent accidentally querying the public servers if something
breaks") and ToS ("don't allow access to the zone by third parties")
it's necessary to run the data under a different zone.
However, I'd still like the SA report to reflect the public zone instead
of the local one - I started looking at a patch to allow this in the
config, but it seems to be a lot more invasive than I thought at first.
-kgd
Re: Spamhaus and paid subscription
Posted by d....@yournetplus.com.
Quoting Raymond Dijkxhoorn <ra...@prolocation.net>:
> Hi!
>
>>> Can't you do zone transfers? Then you can do away with the
>>> subscriber_key thing and have DNS resolve locally for spamhaus.org and
>>> not have to query their DNS servers.
>
>> They sell datafeed and they sell queries, we bought queries. I do not
>> believe they would think kindly on my trying a zone transfer. I'm just
>> happy we got a paid subscription. It's the best support I can provide
>> Spamhaus to keep them in business.
>
> I wish you good luck doing a zone transfer on a rbldnsd server, its
> not implemented so its not an available option.
Correct. Rsync is used to transfer the actual rbldnsd zones.
Re: Spamhaus and paid subscription
Posted by jp <jp...@saucer.midcoast.com>.
The way it works is you rsync the zone on a scheule, and rbldnsd serves
it. We subscribed to it for a while and liked it, just wished they had
some different pricing tiers. We setup a virtual machine to do the
rsyncing/rbldnsd and had our main dns servers (as used by the
resolv.conf on the spamd servers) direct queries for the appropriate
zones to the virtual doing the spamhaus zones.
On Fri, Jan 08, 2010 at 03:01:57AM +0100, Raymond Dijkxhoorn wrote:
> Hi!
>
>>> Can't you do zone transfers? Then you can do away with the
>>> subscriber_key thing and have DNS resolve locally for spamhaus.org and
>>> not have to query their DNS servers.
>
>> They sell datafeed and they sell queries, we bought queries. I do not
>> believe they would think kindly on my trying a zone transfer. I'm just
>> happy we got a paid subscription. It's the best support I can provide
>> Spamhaus to keep them in business.
>
> I wish you good luck doing a zone transfer on a rbldnsd server, its not
> implemented so its not an available option.
>
> Bye,
> raymond.
--
/*
Jason Philbrook | Midcoast Internet Solutions - Wireless and DSL
KB1IOJ | Broadband Internet Access, Dialup, and Hosting
http://f64.nu/ | for Midcoast Maine http://www.midcoast.com/
*/
Re: Spamhaus and paid subscription
Posted by Raymond Dijkxhoorn <ra...@prolocation.net>.
Hi!
>> Can't you do zone transfers? Then you can do away with the
>> subscriber_key thing and have DNS resolve locally for spamhaus.org and
>> not have to query their DNS servers.
> They sell datafeed and they sell queries, we bought queries. I do not
> believe they would think kindly on my trying a zone transfer. I'm just
> happy we got a paid subscription. It's the best support I can provide
> Spamhaus to keep them in business.
I wish you good luck doing a zone transfer on a rbldnsd server, its not
implemented so its not an available option.
Bye,
raymond.
Re: Spamhaus and paid subscription
Posted by DAve <da...@pixelhammer.com>.
d.hill@yournetplus.com wrote:
> Quoting DAve <da...@pixelhammer.com>:
>
>> Good morning all,
>>
>> I recently got my employer to pay for spamhaus queries, finally. I need
>> to use a key to access spamhaus now. Not an issue for for me MTA but SA
>> is another problem. When I change the rules to use our key, the key is
>> displayed in the spam report.
>>
>> When I add this to override the URL SA uses,
>> header RCVD_IN_PBL eval:check_rbl('pbl-lastexternal',
>> '<subscriber_key>.zen.dq.spamhaus.net.' , '127.0.0.1[01]')
>>
>> I get this is my spam reporting,
>> 0.9 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
>> [4.23.231.50 listed in <subscriber_key>.zen.dq.spamhaus.net]
>>
>> I can't be printing our key in the emails, what is a sysadmin to do?
>
> Can't you do zone transfers? Then you can do away with the
> subscriber_key thing and have DNS resolve locally for spamhaus.org and
> not have to query their DNS servers.
They sell datafeed and they sell queries, we bought queries. I do not
believe they would think kindly on my trying a zone transfer. I'm just
happy we got a paid subscription. It's the best support I can provide
Spamhaus to keep them in business.
I suspect a meta rule in my local.cf will be the least obtrusive and
lowest maint solution. i prefer to not modify SA or how I access Spamhaus.
Hopefully if business grows, I will increase my account numbers and get
a datafeed for my rbldnsd to go alongside Invaluement.
DAve
--
"Posterity, you will know how much it cost the present generation to
preserve your freedom. I hope you will make good use of it. If you
do not, I shall repent in heaven that ever I took half the pains to
preserve it." John Adams
http://appleseedinfo.org
Re: Spamhaus and paid subscription
Posted by d....@yournetplus.com.
Quoting DAve <da...@pixelhammer.com>:
> Good morning all,
>
> I recently got my employer to pay for spamhaus queries, finally. I need
> to use a key to access spamhaus now. Not an issue for for me MTA but SA
> is another problem. When I change the rules to use our key, the key is
> displayed in the spam report.
>
> When I add this to override the URL SA uses,
> header RCVD_IN_PBL eval:check_rbl('pbl-lastexternal',
> '<subscriber_key>.zen.dq.spamhaus.net.' , '127.0.0.1[01]')
>
> I get this is my spam reporting,
> 0.9 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
> [4.23.231.50 listed in <subscriber_key>.zen.dq.spamhaus.net]
>
> I can't be printing our key in the emails, what is a sysadmin to do?
Can't you do zone transfers? Then you can do away with the
subscriber_key thing and have DNS resolve locally for spamhaus.org and
not have to query their DNS servers.
Re: Spamhaus and paid subscription
Posted by Christian Brel <br...@copperproductions.co.uk>.
On Thu, 07 Jan 2010 12:27:44 -0500
DAve <da...@pixelhammer.com> wrote:
> Michael Scheidell wrote:
> > On 1/7/10 11:25 AM, DAve wrote:
> >> Good morning all,
> >>
> >> I can't be printing our key in the emails, what is a sysadmin to
> >> do?
> >>
> >>
> > you could (maybe) use meta rules?
> > zero out (disable) originals, use meta rules, keep meta names to
> > match original rule names in case of other meta rules that depend
> > on it.
> >
> > then (I suspect) only the meta rule will show up.
>
> I think you are right, I will give it a try later today.
>
> DAve
>
>
Given your status as a paid Spamhaus subscriber, it may be worth asking
their 'support' team the best way to apply it to popular applications
if it gives you trouble.
Re: Spamhaus and paid subscription
Posted by DAve <da...@pixelhammer.com>.
Michael Scheidell wrote:
> On 1/7/10 11:25 AM, DAve wrote:
>> Good morning all,
>>
>> I can't be printing our key in the emails, what is a sysadmin to do?
>>
>>
> you could (maybe) use meta rules?
> zero out (disable) originals, use meta rules, keep meta names to match
> original rule names in case of other meta rules that depend on it.
>
> then (I suspect) only the meta rule will show up.
I think you are right, I will give it a try later today.
DAve
--
"Posterity, you will know how much it cost the present generation to
preserve your freedom. I hope you will make good use of it. If you
do not, I shall repent in heaven that ever I took half the pains to
preserve it." John Adams
http://appleseedinfo.org
Re: Spamhaus and paid subscription
Posted by Michael Scheidell <sc...@secnap.net>.
On 1/7/10 11:25 AM, DAve wrote:
> Good morning all,
>
> I can't be printing our key in the emails, what is a sysadmin to do?
>
>
you could (maybe) use meta rules?
zero out (disable) originals, use meta rules, keep meta names to match
original rule names in case of other meta rules that depend on it.
then (I suspect) only the meta rule will show up.
> DAve
>
>
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* Best Anti-Spam Product 2008, Network Products Guide
* King of Spam Filters, SC Magazine 2008
______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
______________________________________________________________________
Re: Spamhaus and paid subscription
Posted by DAve <da...@pixelhammer.com>.
Raymond Dijkxhoorn wrote:
> Hi!
>
>> When I add this to override the URL SA uses,
>> header RCVD_IN_PBL eval:check_rbl('pbl-lastexternal',
>> '<subscriber_key>.zen.dq.spamhaus.net.' , '127.0.0.1[01]')
>>
>> I get this is my spam reporting,
>> 0.9 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
>> [4.23.231.50 listed in <subscriber_key>.zen.dq.spamhaus.net]
>>
>> I can't be printing our key in the emails, what is a sysadmin to do?
>
> Whats your complete rule looking like, also the subscribe lines please.
The rule I added to my local.cf is as shown above. I do not know what a
subscribe line is.
DAve
--
"Posterity, you will know how much it cost the present generation to
preserve your freedom. I hope you will make good use of it. If you
do not, I shall repent in heaven that ever I took half the pains to
preserve it." John Adams
http://appleseedinfo.org
Re: Spamhaus and paid subscription
Posted by Raymond Dijkxhoorn <ra...@prolocation.net>.
Hi!
> When I add this to override the URL SA uses,
> header RCVD_IN_PBL eval:check_rbl('pbl-lastexternal',
> '<subscriber_key>.zen.dq.spamhaus.net.' , '127.0.0.1[01]')
>
> I get this is my spam reporting,
> 0.9 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
> [4.23.231.50 listed in <subscriber_key>.zen.dq.spamhaus.net]
>
> I can't be printing our key in the emails, what is a sysadmin to do?
Whats your complete rule looking like, also the subscribe lines please.
Bye,
Raymond.