You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by martin f krafft <ma...@madduck.net> on 2007/08/16 13:08:35 UTC

Re: Should I disable URIDNSBL plugin if I'm already rejecting based on BL with MTA

also sprach Jeff Chan <je...@surbl.org> [2007.08.16.1125 +0200]:
> The two do very different things.  MTA blacklists are direct
> rejection of incoming smtp connections by the MTA (in this case
> postfix).  URIDNSBL is a SpamAssassin check of web sites in
> message bodies.  Specifically it checks message body URIs against
> sbl.spamhaus.org, SURBL.org, etc.  Best practices is probably to
> use both.  Disabling either one will let a lot more spam through.

I disagree. You can disable those RBLs in SA which are already in
use at the postfix perimeter. Postfix will have rejected all
matching mail, so SpamAssassin would never find a match.

-- 
martin;              (greetings from the heart of the sun.)
  \____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@madduck
 
"i am a deeply superficial person."
                                                      -- andy warhol
 
spamtraps: madduck.bogus@madduck.net

Re: Should I disable URIDNSBL plugin if I'm already rejecting based on BL with MTA

Posted by Duane Hill <d....@yournetplus.com>.

On Thu, 16 Aug 2007 at 13:08 +0200, madduck@madduck.net confabulated:

> also sprach Jeff Chan <je...@surbl.org> [2007.08.16.1125 +0200]:
>> The two do very different things.  MTA blacklists are direct
>> rejection of incoming smtp connections by the MTA (in this case
>> postfix).  URIDNSBL is a SpamAssassin check of web sites in
>> message bodies.  Specifically it checks message body URIs against
>> sbl.spamhaus.org, SURBL.org, etc.  Best practices is probably to
>> use both.  Disabling either one will let a lot more spam through.
>
> I disagree. You can disable those RBLs in SA which are already in
> use at the postfix perimeter. Postfix will have rejected all
> matching mail, so SpamAssassin would never find a match.

A match could possibly be found for received headers not in the trusted 
path. I believe Postfix only checks the server IP that handed the message 
off.

-------
   _|_
  (_| |

Re: Should I disable URIDNSBL plugin if I'm already rejecting based on BL with MTA

Posted by martin f krafft <ma...@madduck.net>.

also sprach Kai Schaetzl <ma...@conactive.com> [2007.08.16.2031 +0200]:
> It will not have rejected them as it doesn't analyze URI's in bodies. That 
> talk was about URIDNSBL, not about RBL checks in general.

aye. Then please pretend I never opened my mouth. In that case I'd
have to agree that if you can afford to run both, run both.

-- 
martin;              (greetings from the heart of the sun.)
  \____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@madduck
 
man muss noch chaos in sich haben
um einen tanzenden stern zu gebähren.
                                                -- friedrich nietzsche
 
spamtraps: madduck.bogus@madduck.net

Re: Should I disable URIDNSBL plugin if I'm already rejecting based on BL with MTA

Posted by Kai Schaetzl <ma...@conactive.com>.

Martin f krafft wrote on Thu, 16 Aug 2007 13:08:35 +0200:

> I disagree. You can disable those RBLs in SA which are already in
> use at the postfix perimeter. Postfix will have rejected all
> matching mail, so SpamAssassin would never find a match.

It will not have rejected them as it doesn't analyze URI's in bodies. That 
talk was about URIDNSBL, not about RBL checks in general.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

Re: Should I disable URIDNSBL plugin if I'm already rejecting based on BL with MTA

Posted by Jeff Chan <je...@surbl.org>.

Quoting martin f krafft <ma...@madduck.net>:

> also sprach Jeff Chan <je...@surbl.org> [2007.08.16.1125 +0200]:
> > The two do very different things.  MTA blacklists are direct
> > rejection of incoming smtp connections by the MTA (in this case
> > postfix).  URIDNSBL is a SpamAssassin check of web sites in
> > message bodies.  Specifically it checks message body URIs against
> > sbl.spamhaus.org, SURBL.org, etc.  Best practices is probably to
> > use both.  Disabling either one will let a lot more spam through.
>
> I disagree. You can disable those RBLs in SA which are already in
> use at the postfix perimeter. Postfix will have rejected all
> matching mail, so SpamAssassin would never find a match.

What I was referring to, in context, was not disabling either:

1.  MTA blacklists
2.  SpamAssassin URIDNSBL

The context of the original message does not mention MTA blacklists used in
SpamAssassin, though your comment about using them there may be mostly correct.
 (SA may use the MTA-type blacklists in ways not purely MTA-like, so the overlap
that you're thinking of may not be 100%.)

Jeff C.

Re: Should I disable URIDNSBL plugin if I'm already rejecting based on BL with MTA

Posted by SM <sm...@resistor.net>.

At 04:08 16-08-2007, martin f krafft wrote:
>I disagree. You can disable those RBLs in SA which are already in
>use at the postfix perimeter. Postfix will have rejected all
>matching mail, so SpamAssassin would never find a match.

Isn't the RBL checks in Postfix done on the IP address of the remote 
client connecting to it?

Jeff is talking about checking the URI in the message body against 
RBL/URBL lists.  SpamAssassin can find a match as some of these 
messages are not sent from hosts in RBLs.

Regards,
-sm