You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Leon Kolchinsky <lk...@univ.haifa.ac.il> on 2007/08/16 11:18:20 UTC
Should I disable URIDNSBL plugin if I'm already rejecting based on BL with MTA
Hello All,
I'm using BL in my main.cf config like this:
smtpd_recipient_restrictions =
.
.
reject_rbl_client zen.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client safe.dnsbl.sorbs.net,
reject_rbl_client list.dsbl.org,
.
.
So actually BL check already performed on the MTA level.
Is it advisable to comment this line in the init.pre in my case (or there are another considerations I'm not aware of)?:
loadplugin Mail::SpamAssassin::Plugin::URIDNSBL
Best Regards,
Leon Kolchinsky
Re: Should I disable URIDNSBL plugin if I'm already rejecting based
on BL with MTA
Posted by Duane Hill <d....@yournetplus.com>.
On Thu, 16 Aug 2007 at 13:08 +0200, madduck@madduck.net confabulated:
> also sprach Jeff Chan <je...@surbl.org> [2007.08.16.1125 +0200]:
>> The two do very different things. MTA blacklists are direct
>> rejection of incoming smtp connections by the MTA (in this case
>> postfix). URIDNSBL is a SpamAssassin check of web sites in
>> message bodies. Specifically it checks message body URIs against
>> sbl.spamhaus.org, SURBL.org, etc. Best practices is probably to
>> use both. Disabling either one will let a lot more spam through.
>
> I disagree. You can disable those RBLs in SA which are already in
> use at the postfix perimeter. Postfix will have rejected all
> matching mail, so SpamAssassin would never find a match.
A match could possibly be found for received headers not in the trusted
path. I believe Postfix only checks the server IP that handed the message
off.
-------
_|_
(_| |
Re: Should I disable URIDNSBL plugin if I'm already rejecting
based on BL with MTA
Posted by martin f krafft <ma...@madduck.net>.
also sprach Kai Schaetzl <ma...@conactive.com> [2007.08.16.2031 +0200]:
> It will not have rejected them as it doesn't analyze URI's in bodies. That
> talk was about URIDNSBL, not about RBL checks in general.
aye. Then please pretend I never opened my mouth. In that case I'd
have to agree that if you can afford to run both, run both.
--
martin; (greetings from the heart of the sun.)
\____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@madduck
man muss noch chaos in sich haben
um einen tanzenden stern zu gebähren.
-- friedrich nietzsche
spamtraps: madduck.bogus@madduck.net
Re: Should I disable URIDNSBL plugin if I'm already rejecting based on BL with MTA
Posted by Kai Schaetzl <ma...@conactive.com>.
Martin f krafft wrote on Thu, 16 Aug 2007 13:08:35 +0200:
> I disagree. You can disable those RBLs in SA which are already in
> use at the postfix perimeter. Postfix will have rejected all
> matching mail, so SpamAssassin would never find a match.
It will not have rejected them as it doesn't analyze URI's in bodies. That
talk was about URIDNSBL, not about RBL checks in general.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
Re: Should I disable URIDNSBL plugin if I'm already rejecting based on BL with MTA
Posted by Jeff Chan <je...@surbl.org>.
Quoting martin f krafft <ma...@madduck.net>:
> also sprach Jeff Chan <je...@surbl.org> [2007.08.16.1125 +0200]:
> > The two do very different things. MTA blacklists are direct
> > rejection of incoming smtp connections by the MTA (in this case
> > postfix). URIDNSBL is a SpamAssassin check of web sites in
> > message bodies. Specifically it checks message body URIs against
> > sbl.spamhaus.org, SURBL.org, etc. Best practices is probably to
> > use both. Disabling either one will let a lot more spam through.
>
> I disagree. You can disable those RBLs in SA which are already in
> use at the postfix perimeter. Postfix will have rejected all
> matching mail, so SpamAssassin would never find a match.
What I was referring to, in context, was not disabling either:
1. MTA blacklists
2. SpamAssassin URIDNSBL
The context of the original message does not mention MTA blacklists used in
SpamAssassin, though your comment about using them there may be mostly correct.
(SA may use the MTA-type blacklists in ways not purely MTA-like, so the overlap
that you're thinking of may not be 100%.)
Jeff C.
Re: Should I disable URIDNSBL plugin if I'm already rejecting
based on BL with MTA
Posted by SM <sm...@resistor.net>.
At 04:08 16-08-2007, martin f krafft wrote:
>I disagree. You can disable those RBLs in SA which are already in
>use at the postfix perimeter. Postfix will have rejected all
>matching mail, so SpamAssassin would never find a match.
Isn't the RBL checks in Postfix done on the IP address of the remote
client connecting to it?
Jeff is talking about checking the URI in the message body against
RBL/URBL lists. SpamAssassin can find a match as some of these
messages are not sent from hosts in RBLs.
Regards,
-sm
Re: Should I disable URIDNSBL plugin if I'm already rejecting
based on BL with MTA
Posted by martin f krafft <ma...@madduck.net>.
also sprach Jeff Chan <je...@surbl.org> [2007.08.16.1125 +0200]:
> The two do very different things. MTA blacklists are direct
> rejection of incoming smtp connections by the MTA (in this case
> postfix). URIDNSBL is a SpamAssassin check of web sites in
> message bodies. Specifically it checks message body URIs against
> sbl.spamhaus.org, SURBL.org, etc. Best practices is probably to
> use both. Disabling either one will let a lot more spam through.
I disagree. You can disable those RBLs in SA which are already in
use at the postfix perimeter. Postfix will have rejected all
matching mail, so SpamAssassin would never find a match.
--
martin; (greetings from the heart of the sun.)
\____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@madduck
"i am a deeply superficial person."
-- andy warhol
spamtraps: madduck.bogus@madduck.net
RE: Should I disable URIDNSBL plugin if I'm already rejecting based on BL with MTA
Posted by Leon Kolchinsky <lk...@univ.haifa.ac.il>.
> > Hello All,
> >
> > I'm using BL in my main.cf config like this:
> > smtpd_recipient_restrictions =
> > .
> > .
> > reject_rbl_client zen.spamhaus.org,
> > reject_rbl_client cbl.abuseat.org,
> > reject_rbl_client safe.dnsbl.sorbs.net,
> > reject_rbl_client list.dsbl.org,
> > .
> > .
> >
> > So actually BL check already performed on the MTA level.
> >
> > Is it advisable to comment this line in the init.pre in my case (or
> there are
> > another considerations I'm not aware of)?:
> >
> > loadplugin Mail::SpamAssassin::Plugin::URIDNSBL
>
>
> The two do very different things. MTA blacklists are direct rejection of
> incoming smtp connections by the MTA (in this case postfix). URIDNSBL is
> a
> SpamAssassin check of web sites in message bodies. Specifically it checks
> message body URIs against sbl.spamhaus.org, SURBL.org, etc. Best
> practices is
> probably to use both. Disabling either one will let a lot more spam
> through.
>
> BTW, please don't use cbl.abuseat.org; it is already included in
> zen.spamhaus.org, so using it creates double the DNS traffic unnecessarily
> and with little or no gain.
>
> Jeff C.
>
Thanks for the explanation :)
Regards,
Leon Kolchinsky
Re: Should I disable URIDNSBL plugin if I'm already rejecting based on BL with MTA
Posted by Jeff Chan <je...@surbl.org>.
Quoting Leon Kolchinsky <lk...@univ.haifa.ac.il>:
> Hello All,
>
> I'm using BL in my main.cf config like this:
> smtpd_recipient_restrictions =
> .
> .
> reject_rbl_client zen.spamhaus.org,
> reject_rbl_client cbl.abuseat.org,
> reject_rbl_client safe.dnsbl.sorbs.net,
> reject_rbl_client list.dsbl.org,
> .
> .
>
> So actually BL check already performed on the MTA level.
>
> Is it advisable to comment this line in the init.pre in my case (or there are
> another considerations I'm not aware of)?:
>
> loadplugin Mail::SpamAssassin::Plugin::URIDNSBL
The two do very different things. MTA blacklists are direct rejection of
incoming smtp connections by the MTA (in this case postfix). URIDNSBL is a
SpamAssassin check of web sites in message bodies. Specifically it checks
message body URIs against sbl.spamhaus.org, SURBL.org, etc. Best practices is
probably to use both. Disabling either one will let a lot more spam through.
BTW, please don't use cbl.abuseat.org; it is already included in
zen.spamhaus.org, so using it creates double the DNS traffic unnecessarily
and with little or no gain.
Jeff C.