You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Mark Martinec <Ma...@ijs.si> on 2010/12/07 15:26:54 UTC
Re: use askdns.pm for sa 3.3? - Spamhaus DWL whitelisting
Michael,
> can we use the askdns.pm for SA 3.3 or do we have some missing dependencies?
> (I noticed some rules in latest couple of saupdates:
>
> 20_dnsbl_tests.cf:askdns DKIMDOMAIN_IN_DWL
> _DKIMDOMAIN_._vouch.dwl.spamhaus.org TXT /^([a-z]+
> )*(transaction|list|all)( [a-z]+)*$/
> 20_dnsbl_tests.cf:tflags DKIMDOMAIN_IN_DWL net nice
> 20_dnsbl_tests.cf:describe DKIMDOMAIN_IN_DWL Signing domain listed in
> Spamhaus DWL
> 20_dnsbl_tests.cf:askdns __DKIMDOMAIN_IN_DWL_ANY
> _DKIMDOMAIN_._vouch.dwl.spamhaus.org TXT
> 20_dnsbl_tests.cf:tflags __DKIMDOMAIN_IN_DWL_ANY net nice
> 20_dnsbl_tests.cf:describe __DKIMDOMAIN_IN_DWL_ANY Any TXT response
> received from a Spamhaus DWL
> 20_dnsbl_tests.cf:meta DKIMDOMAIN_IN_DWL_UNKNOWN
> __DKIMDOMAIN_IN_DWL_ANY && !DKIMDOMAIN_IN_DWL
> 20_dnsbl_tests.cf:tflags DKIMDOMAIN_IN_DWL_UNKNOWN net nice
> 20_dnsbl_tests.cf:describe DKIMDOMAIN_IN_DWL_UNKNOWN Unrecognized
> response from Spamhaus DWL
> 50_scores.cf:score DKIMDOMAIN_IN_DWL 0 -3.5 0 -3.5
> 50_scores.cf:score DKIMDOMAIN_IN_DWL_UNKNOWN 0 -0.01 0 -0.01
>
> looks like it combines an rbl check with a check for a valid dkim signature.
See:
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6518
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6499
> > can we use the askdns.pm for SA 3.3 or do we have some missing
> > dependencies?
> Dec 6 16:20:21.941 [44960] warn: plugin: eval failed: Can't call method
> "is_dns_available" on unblessed reference at
> /usr/local/etc/mail/spamassassin/AskDNS.pm line 300.
> how to I bless it?
You can't use AskDNS plugin with SA 3.3, it needs some new infrastructure
that is only available with 3.4 (i.e. SVN trunk).
The Spamhaus DWL lookups rule DKIMDOMAIN_IN_DWL cannot be implemented
with what is available in 3.3 (unless you backport it all, effectively
making it a 3.4 :)
> Ok then next question. How safe is 3.4 ?
It is running at several sites (mid to large sized) in production.
I have more faith in 3.4 (trunk) than in 3.3.1 (or 3.3(.2) SVN):
fixes bugs quicker than get approved for 3.3, and it is the version
constantly under observation, at least by me.
> Plus I would need to add the signing header to outgoing to have
> if accepted anyway.
Yes, to benefit from Spamhaus DWL as a sender, you need to have
outgoing mail signed with DKIM (and apply for Spamhaus DWL whitelisting).
The VBR-Info header field (RFC - Vouch By Reference) is optional though,
usage policy of Spamhaus DWL does not require it.
Mark