You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Mark Martinec <Ma...@ijs.si> on 2010/12/07 15:26:54 UTC

Re: use askdns.pm for sa 3.3? - Spamhaus DWL whitelisting

Michael,

> can we use the askdns.pm for SA 3.3 or do we have some missing dependencies?
> (I noticed some rules in latest couple of saupdates:
> 
> 20_dnsbl_tests.cf:askdns   DKIMDOMAIN_IN_DWL  
> _DKIMDOMAIN_._vouch.dwl.spamhaus.org TXT /^([a-z]+ 
> )*(transaction|list|all)( [a-z]+)*$/
> 20_dnsbl_tests.cf:tflags   DKIMDOMAIN_IN_DWL  net nice
> 20_dnsbl_tests.cf:describe DKIMDOMAIN_IN_DWL  Signing domain listed in 
> Spamhaus DWL
> 20_dnsbl_tests.cf:askdns   __DKIMDOMAIN_IN_DWL_ANY  
> _DKIMDOMAIN_._vouch.dwl.spamhaus.org TXT
> 20_dnsbl_tests.cf:tflags   __DKIMDOMAIN_IN_DWL_ANY  net nice
> 20_dnsbl_tests.cf:describe __DKIMDOMAIN_IN_DWL_ANY  Any TXT response 
> received from a Spamhaus DWL
> 20_dnsbl_tests.cf:meta DKIMDOMAIN_IN_DWL_UNKNOWN    
> __DKIMDOMAIN_IN_DWL_ANY && !DKIMDOMAIN_IN_DWL
> 20_dnsbl_tests.cf:tflags   DKIMDOMAIN_IN_DWL_UNKNOWN  net nice
> 20_dnsbl_tests.cf:describe DKIMDOMAIN_IN_DWL_UNKNOWN  Unrecognized 
> response from Spamhaus DWL
> 50_scores.cf:score DKIMDOMAIN_IN_DWL 0 -3.5 0 -3.5
> 50_scores.cf:score DKIMDOMAIN_IN_DWL_UNKNOWN  0 -0.01 0 -0.01
> 
> looks like it combines an rbl check with a check for a valid dkim signature.

See:
  https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6518
  https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6499

> > can we use the askdns.pm for SA 3.3 or do we have some missing 
> > dependencies? 
> Dec  6 16:20:21.941 [44960] warn: plugin: eval failed: Can't call method 
> "is_dns_available" on unblessed reference at 
> /usr/local/etc/mail/spamassassin/AskDNS.pm line 300.
> how to I bless it?

You can't use AskDNS plugin with SA 3.3, it needs some new infrastructure
that is only available with 3.4 (i.e. SVN trunk).

The Spamhaus DWL lookups rule DKIMDOMAIN_IN_DWL cannot be implemented
with what is available in 3.3 (unless you backport it all, effectively
making it a 3.4 :)

> Ok then next question.  How safe is 3.4 ?

It is running at several sites (mid to large sized) in production.
I have more faith in 3.4 (trunk) than in 3.3.1 (or 3.3(.2) SVN):
fixes bugs quicker than get approved for 3.3, and it is the version
constantly under observation, at least by me.

> Plus I would need to add the signing header to outgoing to have
> if accepted anyway.

Yes, to benefit from Spamhaus DWL as a sender, you need to have
outgoing mail signed with DKIM (and apply for Spamhaus DWL whitelisting).

The VBR-Info header field (RFC - Vouch By Reference) is optional though,
usage policy of Spamhaus DWL does not require it.

  Mark